0

HI guys sorry you have probably been asked this plenty of times. I have an assignment due in two days and have absolutely nothing, I have been following a youtube tutorial and cannot understand why this information will not insert into the database. I can connect to the database and check the username exists but when it comes to the second prepared statement to check if it fails, it always throws this error. Any help would be greatly appreciated. Thank you

        <?php
            //We then check if the user has clicked the signup button
              if (isset($_POST['signup-submit'])) {

    //Then we include the database connection
     session_start();
    $_SESSION['message'] = '';
    include_once 'dbh.inc.php';
    //And we get the data from the signup form
    //$firs = $_POST['first'];
    //$last = $_POST['uid'];

    $uid = $_POST['uid'];
    $email = $_POST['mail'];
    $pwd = $_POST['pwd'];
    $pwdre = $_POST['pwd-repeat'];

    //Error handlers
    //Error handlers are important to avoid any mistakes the user might have made when filling out the form!
    //Check for empty fields
    if(empty($uid) || empty($email) || empty($pwd)){
        header("Location: ../signup.php?signup=empty");
        exit();
    } else {
        //Check if input characters are valid
        if (!preg_match("/^[a-zA-Z]*$/", $uid) ) {
            header("Location: ../signup.php?signup=invalid");
            exit();
        } else {
            //Check if email is valid
            if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
                header("Location: ../signup.php?signup=email");
                exit();
            } else {
                //Check if username exists USING PREPARED STATEMENTS
                $sql = "SELECT * FROM users WHERE uidUsers=?";
                //Create a prepared statement
                $stmt = mysqli_stmt_init($conn);
                //Check if prepared statement fails
                if(!mysqli_stmt_prepare($stmt, $sql)) {
                    header("Location: ../index.php?login=errorr");
                    exit();
                } else {
                    //Bind parameters to the placeholder
                    //The "s" means we are defining the placeholder as a string
                    mysqli_stmt_bind_param($stmt, "s", $uid);

                    //Run query in database
                    mysqli_stmt_execute($stmt);

                    //Check if user exists
                    mysqli_stmt_store_result($stmt);
                    $resultCheck = mysqli_stmt_num_rows($stmt);
                    if ($resultCheck > 0) {
                        header("Location: ../signup.php?signup=usertaken");
                        exit();
                    } else {
                        //Hashing the password
                        $hashedPwd = password_hash($pwd, PASSWORD_DEFAULT);
                        //Insert the user into the database
                        $sql2 = "INSERT INTO users (uidUsers, emailUsers, pwdUsers)
                        VALUES (?, ?, ?,);";
                        //Create second prepared statement
                        $stmt2 = mysqli_stmt_init($conn);

                        //Check if prepared statement fails
                        if(!mysqli_stmt_prepare($stmt2, $sql2)) {
                            header("Location: ../index.php?login=error");
                            exit();
                        } else {
                            //Bind parameters to the placeholder
                            mysqli_stmt_bind_param($stmt2, "sss",$uid, $email, $hashedPwd);

                            //Run query in database
                            mysqli_stmt_execute($stmt2);
                            header("Location: ../signup.php?signup=success");
                            exit();
                        }
                    }
                }
            }
        }
    }

    //Close first statement
    mysqli_stmt_close($stmt);
    //Close second statement
    mysqli_stmt_close($stmt2);

} else {
    header("Location: ../signup.php=fail");
    exit();
}
RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
completenovice
  • 1
  • 1
    `VALUES (?, ?, ?,)` <- extra comma – aynber May 18 '20 at 16:50
  • For next time _but when it comes to the second prepared statement to check if it fails, it always throws this error_ Would be useful to see THE ERROR – RiggsFolly May 18 '20 at 16:51
  • the error is it would return to the index page without inserting the table – completenovice May 18 '20 at 17:02
  • , the mysqli error is (which I've only just discovered due to this post) Fatal error: Uncaught mysqli_sql_exception: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ')' at line 2 in C:\Users\c0h0a\Desktop\XAMP\htdocs\RW\includes\signup.inc.php:67 Stack trace: #0 C:\Users\c0h0a\Desktop\XAMP\htdocs\RW\includes\signup.inc.php(67): mysqli_stmt_prepare(Object(mysqli_stmt), 'INSERT INTO use...') #1 {main} thrown in C:\Users\c0h0a\Desktop\XAMP\htdocs\RW\includes\signup.inc.php on line 67 – completenovice May 18 '20 at 17:02

0 Answers0