Followed a video and what should work just fine instead is giving me an error. I get the WHOOPS error from !mysqli_stmt_prepare. Maybe there's something I've missed? The video had us remove the values in place of "?"s, but this had never worked for me, so I just put the $var back in. BTW: There are only special characters (apostrophes and quotes) inside of the personal statement when they form is submitted. I thought the statement would escape those no problem. Thanks.
<?php
header('Refresh:3; url=/Collaborate/');
$link = mysqli_connect("*****","*****","*****", "*****");
if (!$link) {
echo "Error: Unable to connect to MySQL." . PHP_EOL;
echo "Debugging errno: " . mysqli_connect_errno() . PHP_EOL;
echo "Debugging error: " . mysqli_connect_error() . PHP_EOL;
exit;
}
$Fname = $_POST['Fname'];
$Lname = $_POST['Lname'];
$Website = $_POST['Website'];
$Phone = $_POST['Phone'];
$Email = $_POST['Email'];
$Interests1 = $_POST['Int1'];
$Interests2 = $_POST['Int2'];
$Interests3 = $_POST['Int3'];
$PersonalStatement = $_POST['PersonalStatement'];
// BAD ESCAPE. BAD!
// array_walk_recursive($link, $_POST, 'mysqli_real_escape_string' );
$sql = "INSERT INTO User(Fname, Lname, Website, Phone, Email, Interest1, Interest2, Interest3, PersonalStatement) VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?);";
$stmt = mysqli_stmt_init($link);
if (!mysqli_stmt_prepare($stmt, "sssssssss", $sql)) {
echo "WHOOPS!";
} else {
mysqli_stmt_bind_param($stmt, $Fname, $Lname, $Website, $Phone, $Email, $Interests1, $Interests2, $Interests3, $PersonalStatement);
mysqli_stmt_execute($stmt);
echo "<h2>We got you $Fname!</h2>";
}
?>
