Page 1 of 1
the code inside if ($stmt->prepare($sql)) doesn't run
Posted: Wed May 06, 2009 9:45 am
by aneuryzma
pickle | Please use [ code=php ], [ code=text ], etc tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:
Posting Code in the Forums to learn how to do it too.
Hi,
I don't understand why this code inside $stmt->prepare($sql) if condition doesn't run.
The information is not stored in the database.
Code: Select all
$db = mysqli_connect('127.0.0.1', 'root', 'mo98nf89') or die("Could not connect: " . mysqli_error());
mysqli_select_db($db, "phpro_auth");
$sql = 'INSERT INTO phpro_users (phpro_username, phpro_password, phpro_email, $phpro_firstname, $phpro_lastname ) VALUES (?, ?, ?, ?, ?)';
$stmt = $db->stmt_init( );
echo "this run ";
echo $phpro_username;
if ($stmt->prepare($sql)) {
echo "this code doesn't run ";
echo $phpro_username;
// Associate placeholders with data type and variable name
$stmt->bind_param('sssss', $phpro_username, $phpro_password, $phpro_email, $phpro_firstname, $phpro_lastname);
thanks
pickle | Please use [ code=php ], [ code=text ], etc tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:
Posting Code in the Forums to learn how to do it too.
Re: the code inside if ($stmt->prepare($sql)) doesn't run
Posted: Wed May 06, 2009 9:55 am
by pickle
Preparing a statement doesn't execute it, it just prepares it so subsequent executions of that particular query run faster.
Unless you'll be running this query many times in a single request, there's really no need to prepare the query. Not to mention unprepared queries are simpler to grasp.
Re: the code inside if ($stmt->prepare($sql)) doesn't run
Posted: Wed May 06, 2009 10:21 am
by aneuryzma
THis it the complete code. It was working before.. I edited it a little bit and it stopped..
I call execute() function.
Code: Select all
<?php
/*** begin our session ***/
session_start();
echo "start ";
/*** first check that both the username, password and form token have been sent ***/
if(!isset( $_POST['phpro_username'], $_POST['phpro_password'], $_POST['phpro_email'], $_POST['phpro_firstname'], $_POST['phpro_lastname'], $_POST['form_token'] ))
{
$message = 'Please enter a valid username and password';
}
/*** check the form token is valid ***/
elseif( $_POST['form_token'] != $_SESSION['form_token'])
{
$message = 'Invalid form submission';
}
/*** check the username is the correct length ***/
elseif (strlen( $_POST['phpro_username']) > 20 || strlen($_POST['phpro_username']) < 4)
{
$message = 'Incorrect Length for Username';
}
/*** check the password is the correct length ***/
elseif (strlen( $_POST['phpro_password']) > 20 || strlen($_POST['phpro_password']) < 4)
{
$message = 'Incorrect Length for Password';
}
/*** check the username has only alpha numeric characters ***/
elseif (ctype_alnum($_POST['phpro_username']) != true)
{
/*** if there is no match ***/
$message = "Username must be alpha numeric";
}
/*** check the password has only alpha numeric characters ***/
elseif (ctype_alnum($_POST['phpro_password']) != true)
{
/*** if there is no match ***/
$message = "Password must be alpha numeric";
}
else
{
/*** if we are here the data is valid and we can insert it into database ***/
$phpro_username = filter_var($_POST['phpro_username'], FILTER_SANITIZE_STRING);
$phpro_password = filter_var($_POST['phpro_password'], FILTER_SANITIZE_STRING);
$phpro_email = filter_var($_POST['$phpro_email'], FILTER_SANITIZE_STRING);
$phpro_firstname = filter_var($_POST['phpro_firstname'], FILTER_SANITIZE_STRING);
$phpro_lastname = filter_var($_POST['phpro_lastname'], FILTER_SANITIZE_STRING);
/*** now we can encrypt the password ***/
$phpro_password = sha1( $phpro_password );
try
{
$db = mysqli_connect('127.0.0.1', 'root', 'mo98nf89') or die("Could not connect: " . mysqli_error());
mysqli_select_db($db, "phpro_auth");
$sql = 'INSERT INTO phpro_users (phpro_username, phpro_password, phpro_email, $phpro_firstname, $phpro_lastname ) VALUES (?, ?, ?, ?, ?)';
$stmt = $db->stmt_init( );
echo "this run ";
echo $phpro_username;
if ($stmt->prepare($sql)) {
echo "this code doesn't run ";
echo $phpro_username;
// Associate placeholders with data type and variable name
$stmt->bind_param('sssss', $phpro_username, $phpro_password, $phpro_email, $phpro_firstname, $phpro_lastname);
echo "ok";
echo $phpro_username;
echo $phpro_password;
echo $phpro_email;
echo $phpro_firstname;
echo $phpro_lastname;
// Bind result variables
//$stmt->bind_result($username);
// Execute prepared statement
$stmt->execute( );
}
/*** unset the form token session variable ***/
unset( $_SESSION['form_token'] );
/*** if all is done, say thanks ***/
$message = 'New user added';
}
catch(Exception $e)
{
/*** check if the username already exists ***/
//if( $e->getCode() == 23000)
//{
// $message = 'Username already exists';
//}
//else
//{
/*** if we are here, something has gone wrong with the database ***/
// $message = 'We are unable to process your request. Please try again later"';
//}
}
}
?>
<html>
<head>
<title>PHPRO Login</title>
</head>
<body>
<p><?php echo $message;?>
</body>
</html>
thanks
Re: the code inside if ($stmt->prepare($sql)) doesn't run
Posted: Wed May 06, 2009 10:58 am
by pickle
prepare() will generate an error accessible via mysqli_stmt->error. Check that.