0

I'm Reviewing this code I got from YouTube to help my understanding about connecting PHP to MySQL

<?php
$username = $_POST['username'];
$password = $_POST['password'];
$gender = $_POST['gender'];
$email = $_POST['email'];
$phoneCode = $_POST['phoneCode'];
$phone = $_POST['phone'];
if (!empty($username) || !empty($password) || !empty($gender) || !empty($email) || !empty($phoneCode) || !empty($phone)) {
 $host = "localhost";
    $dbUsername = "root";
    $dbPassword = "";
    $dbname = "youtube";
    //create connection
    $conn = new mysqli($host, $dbUsername, $dbPassword, $dbname);
    if (mysqli_connect_error()) {
     die('Connect Error('. mysqli_connect_errno().')'. mysqli_connect_error());
    } else {
     $SELECT = "SELECT email From register Where email = ? Limit 1";
     $INSERT = "INSERT Into register (username, password, gender, email, phoneCode, phone) values(?, ?, ?, ?, ?, ?)";
     //Prepare statement
     $stmt = $conn->prepare($SELECT);
     $stmt->bind_param("s", $email);
     $stmt->execute();
     $stmt->bind_result($email);
     $stmt->store_result();
     $stmt->store_result();
     $stmt->fetch();
     $rnum = $stmt->num_rows;
     if ($rnum==0) {
      $stmt->close();
      $stmt = $conn->prepare($INSERT);
      $stmt->bind_param("ssssii", $username, $password, $gender, $email, $phoneCode, $phone); //line 32
      $stmt->execute();
      echo "New record inserted sucessfully";
     } else {
      echo "Someone already register using this email";
     }
     $stmt->close();
     $conn->close();
    }
} else {
 echo "All field are required";
 die();
}
?>

My question is what "ssssii" on line 32 do?

and also what values (?,?,?,?,?,?) On $insert for?

Source: Code and Coins YouTube.

Dharman
  • 30,962
  • 25
  • 85
  • 135
Al_Muzakier
  • 49
  • 1
  • 9
  • 1
    It defines the datatypes of the following params. "s" is string, "i" is integer. In this case the $username, $password, etc are of types string, string, string, string, integer, integer. This is necessary for the MySQL server to use the correct datatypes when binding the parameters before making the actual query – Gowire Dec 26 '20 at 08:31
  • Thanks, I thought it just a random statement before. – Al_Muzakier Dec 26 '20 at 08:35
  • Surely, you can see that ` $stmt->store_result(); $stmt->store_result();` looks rather odd. Assuming that the `email` column is a unique key in that table, don't even bother checking if the `email` value exists in the table (this is a problem regarding "race conditions" anyhow). Just try to INSERT it. If the INSERT fails, then assume the email address is already listed. – mickmackusa Dec 28 '20 at 05:27

1 Answers1

1

This is prepared statement. S is string i is integer. The (?,?,?,?) is for the script to know where to bind the params to

yxlow07
  • 332
  • 2
  • 10