I'm currently trying to make a registration page using Prepared Statements, fails on ->prepare
I keep ending up at the else statement Something Went Wrong
, I just don't know what's wrong, also for some reason since going from mysqli_query to these prepared statements it seems like no errors are being echo'd ( normally I'd get a white page with some mysql error on it but nothing now, is that a php.ini
problem? And could anybody tell me just how 'secure' my code is from injections and what not? Thanks.
Update 1:
Added the closing bracket on the ->prepare now I'm getting this error
[Thu Feb 28 21:40:00 2013] [error] [client 68.150.102.145] PHP Fatal error: Cannot pass parameter 6 by reference in /var/www/busapp/register.php on line 25
<?php
if (isset($_POST['submit'])) {
$email = $_POST['inputEmail'];
$firstname = $_POST['inputFirstName'];
$lastname = $_POST['inputLastName'];
$originalpassword = SHA1($_POST['inputOriginalPassword']);
$confirmpassword = SHA1($_POST['inputConfirmPassword']);
$createdip = $_SERVER['REMOTE_ADDR'];
require_once('connectdb.php');
/* Connect to the database */
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_BASE);
if (mysqli_connect_errno()) {
printf("Connect failed: %s
", mysqli_connect_error());
exit();
}
if ($stmt = $mysqli->prepare("INSERT INTO Users (Firstname, Lastname, Email, Password, Admin, Activated, CreatedIP, Datecreated)
values(?, ?, ?, ?, ?, ?, ?, ?")) {
/* Bind our params */
$stmt->bind_param('ssssiiss', $firstname, $lastname, $email, $originalpassword, 0, 0, $createdip, NOW());
/* Execute statement */
$stmt -> execute();
$alert = '<p class="alert-success">Account created, check your email for an activation link.</p>';
$mysqli -> close();
$stmt -> close();
} else {
$alert = '<p class="alert-error"> Something went wrong </p>';
$mysqli -> close();
}
}
require_once('navbar.php');
?>
<div class="container" style="padding-top: 35px; padding-bottom: 50px;">
<form class="form-signin" method="post" action="<?php echo $_SERVER['PHP_SELF']?>">
<h2 class="form-signin-heading">Please Register</h2>
<input type="text" class="input-block-level" placeholder="Email Address" name="inputEmail">
<input type="text" class="input-block-level" placeholder="First Name" name="inputFirstName">
<input type="text" class="input-block-level" placeholder="Last Name" name="inputLastName">
<input type="password" class="input-block-level" placeholder="Password" name="inputOriginalPassword">
<input type="password" class="input-block-level" placeholder="Confirm Password" name="inputConfirmPassword">
<?php echo $alert; ?>
<button type="submit" name="submit" class="btn btn-info">Register</button>
</form>
</div>
<?php require_once('footer.php'); ?>