the code inside if ($stmt->prepare($sql)) doesn't run

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
aneuryzma
Forum Contributor
Posts: 106
Joined: Sat May 17, 2008 7:03 am

the code inside if ($stmt->prepare($sql)) doesn't run

Post by aneuryzma »

pickle | Please use [ code=php ], [ code=text ], etc tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: :arrow: Posting Code in the Forums to learn how to do it too.


Hi,

I don't understand why this code inside $stmt->prepare($sql) if condition doesn't run.
The information is not stored in the database.

Code: Select all

 
        $db = mysqli_connect('127.0.0.1', 'root', 'mo98nf89') or die("Could not connect: " . mysqli_error());
        mysqli_select_db($db, "phpro_auth");
 
        $sql = 'INSERT INTO phpro_users (phpro_username, phpro_password, phpro_email, $phpro_firstname, $phpro_lastname ) VALUES (?, ?, ?, ?, ?)';
 
        $stmt = $db->stmt_init( );
        
        echo "this run ";
        echo $phpro_username;
        
        if ($stmt->prepare($sql)) {
 
        echo "this code doesn't run ";
        echo $phpro_username;
        
            // Associate placeholders with data type and variable name
            $stmt->bind_param('sssss', $phpro_username, $phpro_password, $phpro_email, $phpro_firstname, $phpro_lastname);

thanks


pickle | Please use [ code=php ], [ code=text ], etc tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: :arrow: Posting Code in the Forums to learn how to do it too.
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Re: the code inside if ($stmt->prepare($sql)) doesn't run

Post by pickle »

Preparing a statement doesn't execute it, it just prepares it so subsequent executions of that particular query run faster.

Unless you'll be running this query many times in a single request, there's really no need to prepare the query. Not to mention unprepared queries are simpler to grasp.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
aneuryzma
Forum Contributor
Posts: 106
Joined: Sat May 17, 2008 7:03 am

Re: the code inside if ($stmt->prepare($sql)) doesn't run

Post by aneuryzma »

THis it the complete code. It was working before.. I edited it a little bit and it stopped..
I call execute() function.

Code: Select all

 
<?php
/*** begin our session ***/
session_start();
 
echo "start ";
 
/*** first check that both the username, password and form token have been sent ***/
if(!isset( $_POST['phpro_username'], $_POST['phpro_password'], $_POST['phpro_email'], $_POST['phpro_firstname'], $_POST['phpro_lastname'], $_POST['form_token'] ))
{
    $message = 'Please enter a valid username and password';
}
/*** check the form token is valid ***/
elseif( $_POST['form_token'] != $_SESSION['form_token'])
{
    $message = 'Invalid form submission';
}
/*** check the username is the correct length ***/
elseif (strlen( $_POST['phpro_username']) > 20 || strlen($_POST['phpro_username']) < 4)
{
    $message = 'Incorrect Length for Username';
}
/*** check the password is the correct length ***/
elseif (strlen( $_POST['phpro_password']) > 20 || strlen($_POST['phpro_password']) < 4)
{
    $message = 'Incorrect Length for Password';
}
/*** check the username has only alpha numeric characters ***/
elseif (ctype_alnum($_POST['phpro_username']) != true)
{
    /*** if there is no match ***/
    $message = "Username must be alpha numeric";
}
/*** check the password has only alpha numeric characters ***/
elseif (ctype_alnum($_POST['phpro_password']) != true)
{
        /*** if there is no match ***/
        $message = "Password must be alpha numeric";
}
else
{   
    
    
    /*** if we are here the data is valid and we can insert it into database ***/
    $phpro_username = filter_var($_POST['phpro_username'], FILTER_SANITIZE_STRING);
    $phpro_password = filter_var($_POST['phpro_password'], FILTER_SANITIZE_STRING);
    $phpro_email = filter_var($_POST['$phpro_email'], FILTER_SANITIZE_STRING);
    $phpro_firstname = filter_var($_POST['phpro_firstname'], FILTER_SANITIZE_STRING);
    $phpro_lastname = filter_var($_POST['phpro_lastname'], FILTER_SANITIZE_STRING);
    
    /*** now we can encrypt the password ***/
    $phpro_password = sha1( $phpro_password );
    
    try
      {
        
        
        $db = mysqli_connect('127.0.0.1', 'root', 'mo98nf89') or die("Could not connect: " . mysqli_error());
        mysqli_select_db($db, "phpro_auth");
 
        $sql = 'INSERT INTO phpro_users (phpro_username, phpro_password, phpro_email, $phpro_firstname, $phpro_lastname ) VALUES (?, ?, ?, ?, ?)';
 
        $stmt = $db->stmt_init( );
        
        echo "this run ";
        echo $phpro_username;
        
        if ($stmt->prepare($sql)) {
 
        echo "this code doesn't run ";
        echo $phpro_username;
        
            // Associate placeholders with data type and variable name
            $stmt->bind_param('sssss', $phpro_username, $phpro_password, $phpro_email, $phpro_firstname, $phpro_lastname);
 
        echo "ok";
        echo $phpro_username;
        echo $phpro_password;
        echo $phpro_email;
        echo $phpro_firstname;
        echo $phpro_lastname;
 
            // Bind result variables
            //$stmt->bind_result($username);
 
            // Execute prepared statement
            $stmt->execute( );
 
        }
 
        /*** unset the form token session variable ***/
        unset( $_SESSION['form_token'] );
 
        /*** if all is done, say thanks ***/
        $message = 'New user added';
    }
    catch(Exception $e)
    {
        /*** check if the username already exists ***/
        //if( $e->getCode() == 23000)
        //{
        //    $message = 'Username already exists';
        //}
        //else
        //{
            /*** if we are here, something has gone wrong with the database ***/
        //    $message = 'We are unable to process your request. Please try again later"';
        //}
    }
}
?>
 
<html>
<head>
<title>PHPRO Login</title>
</head>
<body>
<p><?php echo $message;?>
 
</body>
</html>
 
 
thanks
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Re: the code inside if ($stmt->prepare($sql)) doesn't run

Post by pickle »

prepare() will generate an error accessible via mysqli_stmt->error. Check that.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
Post Reply