Page 1 of 1

the code inside if ($stmt->prepare($sql)) doesn't run

Posted: Wed May 06, 2009 9:45 am
by aneuryzma
pickle | Please use [ code=php ], [ code=text ], etc tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: :arrow: Posting Code in the Forums to learn how to do it too.


Hi,

I don't understand why this code inside $stmt->prepare($sql) if condition doesn't run.
The information is not stored in the database.

Code: Select all

 
        $db = mysqli_connect('127.0.0.1', 'root', 'mo98nf89') or die("Could not connect: " . mysqli_error());
        mysqli_select_db($db, "phpro_auth");
 
        $sql = 'INSERT INTO phpro_users (phpro_username, phpro_password, phpro_email, $phpro_firstname, $phpro_lastname ) VALUES (?, ?, ?, ?, ?)';
 
        $stmt = $db->stmt_init( );
        
        echo "this run ";
        echo $phpro_username;
        
        if ($stmt->prepare($sql)) {
 
        echo "this code doesn't run ";
        echo $phpro_username;
        
            // Associate placeholders with data type and variable name
            $stmt->bind_param('sssss', $phpro_username, $phpro_password, $phpro_email, $phpro_firstname, $phpro_lastname);

thanks


pickle | Please use [ code=php ], [ code=text ], etc tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: :arrow: Posting Code in the Forums to learn how to do it too.

Re: the code inside if ($stmt->prepare($sql)) doesn't run

Posted: Wed May 06, 2009 9:55 am
by pickle
Preparing a statement doesn't execute it, it just prepares it so subsequent executions of that particular query run faster.

Unless you'll be running this query many times in a single request, there's really no need to prepare the query. Not to mention unprepared queries are simpler to grasp.

Re: the code inside if ($stmt->prepare($sql)) doesn't run

Posted: Wed May 06, 2009 10:21 am
by aneuryzma
THis it the complete code. It was working before.. I edited it a little bit and it stopped..
I call execute() function.

Code: Select all

 
<?php
/*** begin our session ***/
session_start();
 
echo "start ";
 
/*** first check that both the username, password and form token have been sent ***/
if(!isset( $_POST['phpro_username'], $_POST['phpro_password'], $_POST['phpro_email'], $_POST['phpro_firstname'], $_POST['phpro_lastname'], $_POST['form_token'] ))
{
    $message = 'Please enter a valid username and password';
}
/*** check the form token is valid ***/
elseif( $_POST['form_token'] != $_SESSION['form_token'])
{
    $message = 'Invalid form submission';
}
/*** check the username is the correct length ***/
elseif (strlen( $_POST['phpro_username']) > 20 || strlen($_POST['phpro_username']) < 4)
{
    $message = 'Incorrect Length for Username';
}
/*** check the password is the correct length ***/
elseif (strlen( $_POST['phpro_password']) > 20 || strlen($_POST['phpro_password']) < 4)
{
    $message = 'Incorrect Length for Password';
}
/*** check the username has only alpha numeric characters ***/
elseif (ctype_alnum($_POST['phpro_username']) != true)
{
    /*** if there is no match ***/
    $message = "Username must be alpha numeric";
}
/*** check the password has only alpha numeric characters ***/
elseif (ctype_alnum($_POST['phpro_password']) != true)
{
        /*** if there is no match ***/
        $message = "Password must be alpha numeric";
}
else
{   
    
    
    /*** if we are here the data is valid and we can insert it into database ***/
    $phpro_username = filter_var($_POST['phpro_username'], FILTER_SANITIZE_STRING);
    $phpro_password = filter_var($_POST['phpro_password'], FILTER_SANITIZE_STRING);
    $phpro_email = filter_var($_POST['$phpro_email'], FILTER_SANITIZE_STRING);
    $phpro_firstname = filter_var($_POST['phpro_firstname'], FILTER_SANITIZE_STRING);
    $phpro_lastname = filter_var($_POST['phpro_lastname'], FILTER_SANITIZE_STRING);
    
    /*** now we can encrypt the password ***/
    $phpro_password = sha1( $phpro_password );
    
    try
      {
        
        
        $db = mysqli_connect('127.0.0.1', 'root', 'mo98nf89') or die("Could not connect: " . mysqli_error());
        mysqli_select_db($db, "phpro_auth");
 
        $sql = 'INSERT INTO phpro_users (phpro_username, phpro_password, phpro_email, $phpro_firstname, $phpro_lastname ) VALUES (?, ?, ?, ?, ?)';
 
        $stmt = $db->stmt_init( );
        
        echo "this run ";
        echo $phpro_username;
        
        if ($stmt->prepare($sql)) {
 
        echo "this code doesn't run ";
        echo $phpro_username;
        
            // Associate placeholders with data type and variable name
            $stmt->bind_param('sssss', $phpro_username, $phpro_password, $phpro_email, $phpro_firstname, $phpro_lastname);
 
        echo "ok";
        echo $phpro_username;
        echo $phpro_password;
        echo $phpro_email;
        echo $phpro_firstname;
        echo $phpro_lastname;
 
            // Bind result variables
            //$stmt->bind_result($username);
 
            // Execute prepared statement
            $stmt->execute( );
 
        }
 
        /*** unset the form token session variable ***/
        unset( $_SESSION['form_token'] );
 
        /*** if all is done, say thanks ***/
        $message = 'New user added';
    }
    catch(Exception $e)
    {
        /*** check if the username already exists ***/
        //if( $e->getCode() == 23000)
        //{
        //    $message = 'Username already exists';
        //}
        //else
        //{
            /*** if we are here, something has gone wrong with the database ***/
        //    $message = 'We are unable to process your request. Please try again later"';
        //}
    }
}
?>
 
<html>
<head>
<title>PHPRO Login</title>
</head>
<body>
<p><?php echo $message;?>
 
</body>
</html>
 
 
thanks

Re: the code inside if ($stmt->prepare($sql)) doesn't run

Posted: Wed May 06, 2009 10:58 am
by pickle
prepare() will generate an error accessible via mysqli_stmt->error. Check that.