PHP inserting with bind_param

Question

I am currently working trying to use the statements mysqli_prepare and bind_param in order to pass arguements more safely into my query. I was doing mysqli_query to execute them before which worked fine. My professor is requiring us to use prepare though. I currently am getting the proper values from my form but the data isn't being entered into customer table. Also, I have mysqli_error() on my execute() commands but I am not getting any errors at all which is making debugging difficult. Here is the php part located in register.php

<?php
    require 'connection.php';

    $result = "";

    if(isset($_POST['register'])) {


        #Fetch the data from the fields
        $username = $_POST['username'];
        $password = $_POST['password'];
        $name = $_POST['name'];
        $total = 0.0;

        #echo $username . " " . $password . " " . $name . " " . $total;

        #Prepare sql query to see if account already exists
        $query = mysqli_prepare("SELECT * FROM customer WHERE username=?");
        $query->bind_param("s", $username);
        $query->execute() or die(mysqli_error());

        if(mysqli_num_rows($query) > 0) {
            #This username already exists in db
            $result = "Username already exists";
        } else {
            $insert = mysqli_prepare("INSERT INTO customer(username, password, name, total) VALUES (?, ?, ?, ?)");
            $insert->bind_param("sssd", $username, $password, $name, $total);
            $insert->execute() or die(mysqli_error());
            #$result = "Account registered!"
        }

    }



 ?>

I establish connection to my db like this in connection.php

 $conn = new mysqli(DB_HOST, DB_USERNAME, DB_PASSWORD, DB_DATABASE);

Like I said before, I can get the query to execute with mysqli_query but for some reason I cannot get param to work. Also tried adding or die but no errors are being printed

`mysqli_error()` requires an argument, but you can use `$mysqli->error` or whatever the connection variable is called, see http://php.net/manual/en/mysqli.error.php — Progman, Jan 23 '19 at 21:32
`mysqli_prepare()` also requires another argument. The first argument should be your mysqli connection. See http://php.net/manual/en/mysqli.prepare.php Notice you're checking for an error after `execute()` but not after `mysqli_prepare()`. — Bill Karwin, Jan 23 '19 at 21:35
Pro tip: You really need to learn how to double-check function usage in the documentation. I have been coding for over 30 years, and I refer to reference docs many times a day. Don't assume you know the arguments to a function -- read the documentation! — Bill Karwin, Jan 23 '19 at 21:36
**WARNING**: Writing your own access control layer is not easy and there are many opportunities to get it severely wrong. Please, do not write your own authentication system when any modern [development framework](http://codegeekz.com/best-php-frameworks-for-developers/) like [Laravel](http://laravel.com/) comes with a robust [authentication system](https://laravel.com/docs/master/authentication) built-in. At the absolute least follow [recommended security best practices](http://www.phptherightway.com/#security) and **never store passwords as plain-text** or a weak hash like **SHA1 or MD5**. — tadman, Jan 23 '19 at 21:38
Note: The object-oriented interface to `mysqli` is significantly less verbose, making code easier to read and audit, and is not easily confused with the obsolete `mysql_query` interface. Before you get too invested in the procedural style it’s worth switching over. Example: `$db = new mysqli(…)` and `$db->prepare("…")` The procedural interface is an artifact from the PHP 4 era when `mysqli` API was introduced and ideally should not be used in new code. — tadman, Jan 23 '19 at 21:38
I added $conn to mysqli_prepare and also moved my die statement up to mysqli_prepare statement but now I get no output. Or errors. — Sai Peri, Jan 23 '19 at 21:46
Are you watching the http error log? If you get a totally white screen in your browser, it's likely you had a PHP error like a fatal syntax error, so the code didn't run at all. Always keep a terminal window open tailing your error log while you're developing, so you spot fatal PHP errors. — Bill Karwin, Jan 23 '19 at 21:53
When I open up a terminal and navigate to my htdocs and run "php register.php" I get the contents printed in my terminal. I am assuming this is like perl and that means I have no errors? — Sai Peri, Jan 23 '19 at 21:59
https://stackoverflow.com/questions/845021/how-to-get-useful-error-messages-in-php — miken32, Jan 24 '19 at 02:22

PHP inserting with bind_param

0 Answers0