2

I'm trying to make a registeration form using php and sql but i keep getting "mysqli_stmt object is not fully initialized" as an error message.
Registration.php file:

$sql = "INSERT INTO user_table ('user_name', 'user_email', 'user_password') VALUES (?, ?, ?)";
$stmt = mysqli_stmt_init($conn);
if (mysqli_stmt_prepare($stmt, $sql)){
    header("location: ../signup.php?error=sqlerror");
    exit();
} else {
    //hashing password
    $hashedPass = password_hash($password, PASSWORD_DEFAULT);
    //inserting hashed password.
    mysqli_stmt_bind_param($stmt, "sss", $username, $email, $hashedPass);
    mysqli_stmt_execute($stmt);
    
    header("location: ../signup.php?success=registered");
    exit();
}

I think the problem is in this part (in the line number 8).

Dharman
  • 30,962
  • 25
  • 85
  • 135
Abderrahmane Bourri
  • 128
  • 1
  • 10
  • Simple typo, you used single quotes `'` to wrap identifiers as opposed to the backtick `\`` [identifier quote](https://dev.mysql.com/doc/refman/5.7/en/identifiers.html) in your query, which is causing `mysqli_stmt_prepare` to return `false`. You need to rewrite it as `INSERT INTO user_table (\`user_name\`, \`user_email\`, \`user_password\`) ...` – Will B. Mar 30 '21 at 00:50
  • You would also need to fix the logic flaw by calling `if (!mysqli_stmt_prepare($stmt, $sql))` – Will B. Mar 30 '21 at 00:59
  • I was also getting the "mysqli_stmt object is not fully initialized" error and the cause was me misspelling the table name in the query - I was trying to "DELETE FROM word" when I should have been trying "DELETE FROM words". – tschumann Jul 06 '22 at 00:06
  • I got this error message when trying to bind too many parameters to a statement - I don't know the exact number that failed but 55,000 parameters worked and 80,000 parameters didn't. I'm guessing that a mysqli statement can only have 65,536 bound parameters. – tschumann Aug 04 '22 at 20:57

1 Answers1

2

If we remove your if/else check and run everything, with the mysqli_stmt_prepare after the mysqli_stmt_init we get what we expect.

$stmt = mysqli_stmt_init($conn);
mysqli_stmt_prepare($stmt, $sql);

So the logic on your if seems like it needs a ! (meaning false). Try this alteration to your code block:

$sql = 'INSERT INTO user_table (user_name, user_email, user_password) VALUES (?, ?, ?)';
$stmt = mysqli_stmt_init($conn);

if (!mysqli_stmt_prepare($stmt, $sql)) {
    header("location: ../signup.php?error=sqlerror");
    exit();
} else {
    //hashing password
    $hashedPass = password_hash($password, PASSWORD_DEFAULT);

    //inserting hashed password.
    mysqli_stmt_bind_param($stmt, 'sss', $username, $email, $hashedPass);
    mysqli_stmt_execute($stmt);

    header("location: ../signup.php?success=registered");
    exit();
}

The above code worked in my test.

Jesse
  • 2,790
  • 1
  • 20
  • 36
  • You can wrap an if statement around a function call without the usage of a variable. So you can execute `if (!mysqli_stmt_prepare()) { ... }` for the expected results with the logic fix. The other resolution in your answer was the removal of the single quotes `'` around the column name identifiers, which was causing `mysqli_stmt_prepare()` to return `false` in the OP's query hitting `mysqli_stmt_bind_param()` and emit the error message due to the invalid logic. – Will B. Mar 30 '21 at 00:55
  • @WillB. Thanks. Updated to clarify. As a note, the quote marks don't matter on the column names (works with or without them, my csfixer didnt like them though). Added the prepare to the if, but I initially wanted it to be more explicitly visible when OP read the code. – Jesse Mar 30 '21 at 01:04
  • Yea, the OP used single quotes `'` around the column names instead of backticks `\``. It is a good practice to use the backticks for identifiers when needed for [reserved keywords](https://dev.mysql.com/doc/refman/5.7/en/keywords.html), such as `user`, `password`, `date`, `name`, etc. to avoid potential issues but is not always needed. With `user_` as prefix they are not needed. – Will B. Mar 30 '21 at 01:19