SQL Injection for PHP INSERT statement

Asked Feb 18 '22 at 21:51

Active Feb 18 '22 at 21:51

Viewed 24 times

I currently have this.

$stmt = $connection->prepare("INSERT INTO user VALUES(:email, :dob, :username, :password)");
$stmt->bindValue(':email', $email_address);
$stmt->bindValue(':dob', $dateOB);
$stmt->bindValue(':username', $username);
$stmt->bindValue(':password', $password);
$stmt->execute();

Which gives this error: Fatal error: Uncaught Error: Call to a member function bindValue() on bool in. Ive seen many people say the error is infact with the prepare statement.

($connection is DB connection and 100% works as i have this query working without SQL injection). I've tried multiple solutions online but cant seem to get it working so any help would be fantastic.

asked Feb 18 '22 at 21:51

ross124

Trying turning on MySQL error reporting: https://stackoverflow.com/a/22662582/231316 – Chris Haas Feb 18 '22 at 21:58
One obvious problem is lack of column names section. why don't you list them? there could be other problems tho, and you need error reporting to see them – Your Common Sense Feb 18 '22 at 22:08

SQL Injection for PHP INSERT statement

0 Answers0