-1

The Error is:

Fatal error: Uncaught mysqli_sql_exception: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ':rafli_namaUser, :rafli_username, :rafli_password)' at line 2 in C:\xampp\htdocs\rafli_kasir\rafli_register.php:16 Stack trace: #0 C:\xampp\htdocs\rafli_kasir\rafli_register.php(16): mysqli->prepare('INSERT INTO raf...') #1 {main} thrown in C:\xampp\htdocs\rafli_kasir\rafli_register.php on line 16

cannot find any solution after research, this is my code:

<?php
require_once("rafli_koneksi.php");
if(isset($_POST['rafli_register'])){
    $rafli_namaUser = filter_input(INPUT_POST, 'rafli_namaUser', FILTER_SANITIZE_STRING);
    $rafli_username = filter_input(INPUT_POST, 'rafli_username', FILTER_SANITIZE_STRING);
    $rafli_password = password_hash($_POST["rafli_password"], PASSWORD_DEFAULT);
    $sql = "INSERT INTO rafli_user (rafli_namaUser, rafli_username, rafli_password) 
            VALUES (:rafli_namaUser, :rafli_username, :rafli_password)";
    $stmt = $rafli_conn->prepare($sql);
    $params = array(
        ":rafli_namaUser" => $rafli_namaUser,
        ":rafli_username" => $rafli_username,
        ":rafli_password" => $rafli_password
    );
    $saved = $stmt->execute($params);
    if($saved) header("Location: rafli_login.php");
}
?>

rafli_koneksi.php

<?php

$rafli_host = "localhost";
$rafli_username = "root";
$rafli_password = "";
$rafli_database = "rafli_kasir";
$rafli_conn = new mysqli( $rafli_host, $rafli_username, $rafli_password, $rafli_database );
    echo 'Gagal terhubung ke database';
} else {
    // Koneksi berhasil
}

?>

RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
Rafli Purnawarman
  • 1
  • 1
  • what line does return the error? – Pavel Janicek Feb 07 '22 at 12:06
  • Tune up your [MySQL error reporting](https://stackoverflow.com/questions/22662488/mysqli-fetch-assoc-expects-parameter-call-to-a-member-function-bind-param) to get feedback on what's failing. – Markus AO Feb 07 '22 at 12:15
  • this part `$_POST["rafli_password"]` you are grabbing field value raw which means user are allowed to use Space character only for there password unless you validate it before hand ( it would be bad if user decided to press the spacebar 6x and it accept it as password ) – Emma Marshall Feb 07 '22 at 12:30
  • Also in future, PLEASE post the complete error message and not a summary. Also please post the error in the question and not as the title – RiggsFolly Feb 07 '22 at 12:35
  • @EmmaMarshall Actually 6 spaces generates a perfectly usable hash :) Undiscernable from any other hash. But it would be useful to enforce certain requirements I agree – RiggsFolly Feb 07 '22 at 12:38
  • @PavelJanicek its line 15 where $saved = $stmt->execute($params); – Rafli Purnawarman Feb 07 '22 at 12:52
  • Can you show us the contents of `rafli_koneksi.php` please – RiggsFolly Feb 07 '22 at 12:52
  • 1
    SO you mixed up the `PDO` and `MYSQLI_` extensions. They are not the same thing at all. Use `?` instead and [READ THE MANUAL pages about the mysqli_ extension](https://www.php.net/manual/en/book.mysqli.php) Specially the `bind_param()` section – RiggsFolly Feb 07 '22 at 12:59
  • @RiggsFolly I have updated the question, please check it – Rafli Purnawarman Feb 07 '22 at 13:00
  • 1
    I have added a comment please read that and then read the manual – RiggsFolly Feb 07 '22 at 13:01

1 Answers1

1

Did you forget to define $rafli_conn in this piece of code?

bool means Boolean, i.e. true or false.

You set $stmt = $rafli_conn->prepare($sql); and later it says that you cannot call ->execute() on a bool — so there is a high likelihood that $stmt is returning false.

Can you print_r($stmt) and test what its value is? Once you have that working, you should be fine.

Djave
  • 8,595
  • 8
  • 70
  • 124
  • `$stmt = $rafli_conn->prepare($sql);` returns `false` because `$rafli_conn` is not defined anywhere. **Edit** Yup, I entered that comment before your edit :)] – Pavel Janicek Feb 07 '22 at 12:11
  • I'm guessing it's coming from `require_once("rafli_koneksi.php");`. – Markus AO Feb 07 '22 at 12:11
  • @PavelJanicek you were too quick for me! – Djave Feb 07 '22 at 12:13
  • If `$rafli_conn` didnt exist, the error would be from the `prepare` line and would be `Warning: Undefined variable $rafli_conn` – RiggsFolly Feb 07 '22 at 12:41
  • @RiggsFolly might that change depending on the level of error reporting you have set? – Djave Feb 07 '22 at 12:44
  • when i add print_r($stmt) nothing showed up – Rafli Purnawarman Feb 07 '22 at 12:47
  • what happens if you add `mysqli_report(MYSQLI_REPORT_ALL)` before your code on this page? – Djave Feb 07 '22 at 12:50
  • 1
    OP is using PDO, well at least the INSERT using named parameters insinuates that, so `mysqli_` functions wont help – RiggsFolly Feb 07 '22 at 12:51
  • @Djave Fatal error: Uncaught mysqli_sql_exception: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ':rafli_namaUser, :rafli_username, :rafli_password)' at line 2 in C:\xampp\htdocs\rafli_kasir\rafli_register.php:16 Stack trace: #0 C:\xampp\htdocs\rafli_kasir\rafli_register.php(16): mysqli->prepare('INSERT INTO raf...') #1 {main} thrown in C:\xampp\htdocs\rafli_kasir\rafli_register.php on line 16 – Rafli Purnawarman Feb 07 '22 at 12:54
  • 1
    **Well now we know what the issue is** You cannot use NAMED PARAMETERS when using the `MYSQLI_` database extension. – RiggsFolly Feb 07 '22 at 12:55