This question already has an answer here:
this is the first time ever that I am trying to secure my code against sql injection using mysqli prepared statement
. so please be gentle and explain things in simple terms so I can understand it.
Now I am using the following code which I thought i was right but it throws these errors and I do not understand that at all.
here is the errors:
- Warning: mysqli_stmt_bind_param() expects parameter 1 to be mysqli_stmt, boolean given in on line 92
-
- Warning: mysqli_stmt_execute() expects parameter 1 to be mysqli_stmt, boolean given in on line 93
-
- Warning: mysqli_stmt_close() expects parameter 1 to be mysqli_stmt, boolean given in on line 96
here is the code:
- $stmt = mysqli_prepare(
- $db_conx,
- "INSERT $storenameTable (firstname, lastname, username, address_1, address_2, postcode, country, county, city, email, password, storeShop, signupdate) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"
- );
- //after validation, of course
- mysqli_stmt_bind_param($stmt, "issi", $firstname, $lastname, $username, $address_1, $address_2, $postcode, $country, $county, $city, $email, $hashedPass, $storenameTable);
- mysqli_stmt_execute($stmt); <//<<<<<<<< line 92
- if (mysqli_affected_rows($db_conx)) <//<<<<<<<< line 93
- {
- mysqli_stmt_close($stmt); <//<<<<<<<< line 96
- //update was successful
- $id = mysqli_insert_id($db_conx);
- }
i would appreciate your help.
</div>