Insert into table using PHP and prepared statement getting response code 500

Question

I'm trying to insert a row into a table using the following PHP code:

$sql = "INSERT INTO `user_sessions`(`email`, `ip_address`, `location`, `lat`, `lng`, `device_type`, `device_imei`, `login_date`, `login_time`, `active`) VALUES (?,?,?,?,?,?,?,?,?,?);";

                $stmt2 = mysqli_stmt_init($con);

                if(!mysqli_stmt_prepare($stmt2, $sql)){
                    $data['result'] = "SQL error";
                    echo json_encode($data);
                    exit();
                } else {

                    mysqli_stmt_bind_param($stmt2, "sssddsssss", $email, $ip, $city, $lat, $lng, $user_device, $user_device_imei, $user_date, $user_time, "1");

                    mysqli_stmt_execute($stmt2);


                    $data['result'] = "login success";
                    $data['user_id'] = $row['user_id'];
                    echo json_encode($data);
                    exit();
                }

I keep getting response code 500 which is a server internal error based on my research

I'm using a remote server.
This is a small part of my login.php script which works just fine when this section is commented out.
$lat and $lng are floats and have a type of float(23,19) in my database.

Any suggestions?

Note: The object-oriented interface to `mysqli` is significantly less verbose, making code easier to read and audit, and is not easily confused with the obsolete `mysql_query` interface. Before you get too invested in the procedural style it’s worth switching over. Example: `$db = new mysqli(…)` and `$db->prepare("…”)` The procedural interface is an artifact from the PHP 4 era when `mysqli` API was introduced and should not be used in new code. — tadman, Oct 06 '17 at 02:37
A lot of problems can be detected and resolved by [enabling exceptions in `mysqli`](https://stackoverflow.com/questions/14578243/turning-query-errors-to-exceptions-in-mysqli) so mistakes aren't easily ignored. — tadman, Oct 06 '17 at 02:37
You've also got some unintentional double-negation here. The `else` only triggers if your `prepare` call did not *not* fail. — tadman, Oct 06 '17 at 02:38
I'm planning on switching to object-oriented php soon and properly switching to using a php framework, but for the time being, I just started learning php so I'm using procedural php — Odai Mohammed, Oct 06 '17 at 02:48
There's no reason to use the procedural style. It's not simpler and there's the constant risk of forgetting an `i` and ending up with the wrong MySQL interface by accident. A framework will help you learn PHP from the top down instead of the bottom up, an approach that can help you stay productive while not stopping you from digging deeper in your understanding of the language. — tadman, Oct 06 '17 at 02:51
You never define `$row`. Check your error logs, a 500 could be tons of things. — chris85, Oct 06 '17 at 03:52
$row is defined elsewhere in the code, this is only the part that's causing the problem — Odai Mohammed, Oct 06 '17 at 03:54

score 0 · Accepted Answer · answered Nov 01 '17 at 07:28

The problem is in line 11:

mysqli_stmt_bind_param($stmt2, "sssddsssss", $email, $ip, $city, $lat, $lng, $user_device, $user_device_imei, $user_date, $user_time, "1");

The last parameter is "1", but mysqli_stmt_bimd_param() only accepts variables as parameters.

Insert into table using PHP and prepared statement getting response code 500

1 Answers1