-4

I've been coding in PHP and connecting it up to MySql. I keep on getting an error

Warning: mysqli_stmt_close() expects parameter 1 to be mysqli_stmt, boolean given in C:\xampp\htdocs\xxxx on line 175

Is there anything wrong with this block of code?

 if(empty(trim($_POST['dept'])) && empty(trim($_POST['fname'])) && empty(trim($_POST['lname'])) && empty(trim($_POST['email'])) && empty(trim($_POST['cnum'])) && empty(trim($_POST['dob'])) && empty(trim($_POST['gender'])) && empty(trim($_POST['minitial'])) && strlen(trim($_POST['minitial'])) > 1   ){
            $regerr = "Please complete your information";
        }else{
            $fname = trim($_POST['fname']);
            $lname = trim($_POST['lname']);
            $email = trim($_POST['email']);
            $cnum = trim($_POST['cnum']);
            $dob = trim($_POST['dob']);
            $gender = trim($_POST['gender']);
            $dept = trim($_POST['dept']);
            $minitial = trim($_POST['minitial']);
        }

        // Check input errors before inserting in database
        if(empty($usernameerr) && empty($passworderr) && empty($confirmpassworderr) && empty($regerr) ){

            // Prepare an insert statement
            $sql = "INSERT INTO login_info (username, password) VALUES (?, ?);
                    INSERT INTO user_info (fname, sname, minitial, contact_num, gender, dob, department) VALUES (?,?,?,?,?,CAST (? AS DATE),?);";

            if($stmt = mysqli_prepare($link, $sql)){
                // Bind variables to the prepared statement as parameters
                mysqli_stmt_bind_param($stmt, "sssssssss", $param_username, $param_password, $param_fname, $param_sname, $param_minitial, $param_cnum, $param_gender, $param_dob, $param_department);

                // Set parameters
                $param_username = $username;
                $param_password = password_hash($password, PASSWORD_DEFAULT); // Creates a password hash
                $param_fname = $fname;
                $param_sname = $lname;
                $param_minitial =$minitial;
                $param_cnum = $cnum;
                $param_gender = $gender;
                $param_dob = $dob;
                $param_department = $dept;

                // Attempt to execute the prepared statement
                if(mysqli_stmt_execute($stmt)){

                    session_start();
                    $_SESSION['username'] = $username;
                    $_SESSION['usernumber'] = $mysqli_insert_id($link);
                    header("location: home-trabawho.php");
                } else{
                    echo "Something went wrong. Please try again later.";
                }
            }

            // Close statement
            mysqli_stmt_close($stmt);
        }
Dharman
  • 30,962
  • 25
  • 85
  • 135
Wednesdaymahduds
  • 1
  • 1
  • 1
  • http://php.net/manual/en/mysqli-stmt.close.php – TarangP Mar 03 '18 at 09:02
  • 3
    Your `prepare` will fail as it doesn't work with multiple SQL statements (https://stackoverflow.com/questions/11632902/mysqli-can-it-prepare-multiple-queries-in-one-statement), your close should be within the `if` statement of the `prepare` working. – Nigel Ren Mar 03 '18 at 09:07
  • Put the `mysqli_stmt_close($stmt);` inside the `if($stmt = mysqli_prepare($link, $sql)){` block. – Markus Zeller Mar 03 '18 at 12:47
  • Or check if the statement is not false/empty with `if($stmt) mysqli_stmt_close($stmt);`. – Markus Zeller Mar 03 '18 at 12:48

1 Answers1

1

The problem is here:

        // Prepare an insert statement
        $sql = "INSERT INTO login_info (username, password) VALUES (?, ?);
                INSERT INTO user_info (fname, sname, minitial, contact_num, gender, dob, department) VALUES (?,?,?,?,?,CAST (? AS DATE),?);";

        if($stmt = mysqli_prepare($link, $sql)){

There is not one insert statement, as the comment pretends, there are two statements.

The documentation of mysqli_prepare() clearly explains:

 mysqli_stmt mysqli_prepare ( mysqli $link , string $query )

Prepares the SQL query, and returns a statement handle to be used for further operations on the statement. The query must consist of a single SQL statement.

Accordingly, $stmt is false, the if branch is not executed and

        mysqli_stmt_close($stmt);

correctly fails.

You should put the call to mysqli_stmt_close($stmt) inside the if block, in the first place. And you should check the value returned by mysqli_prepare() and handle the errors accordingly.

In this specific situation you should use two pairs of mysqli_prepare()/mysqli_stmt_execute() statements to run the two INSERT queries. In the user_info table you probably also need to insert the ID generated by the first INSERT query, to link the two records inserted by these queries.

axiac
  • 68,258
  • 9
  • 99
  • 134