Jump to content
Larry Ullman's Book Forums

Script 13.6 Prepared Statement for Insert Into

Marie
 Share Followers 1

Recommended Posts

Marie

Marie 3

Posted
Posted

I am trying to adapt code on my registration page to Script 13.6, however am getting and undefined index error for "pass" which represents the password. Otherwise, the remainder of the code follows the Registration code that is in the book. 

  
     if ($u && $e && $p && $fn && $mi && $ln) { // If everything's OK...
		// Make sure the email address is available:
		$q = "SELECT id FROM users WHERE email='$e'";
		$r = mysqli_query($db, $q) or trigger_error("Query: $q\n<br>MySQL Error: " . mysqli_error($db));
		if (mysqli_num_rows($r) == 0) { // Available.
    
    // Create the activation code:
    $a = md5(uniqid(rand(), true));
	
// Add the user to the database: 
   // Make the query:
     $q = "INSERT INTO users (username, email, pass, first_name, middle_name, last_name,  active, agree, date_expires) VALUES (?, ?, ?, ?, ?, ?, ?,  'Agree',  DATE_ADD(NOW(), INTERVAL 2 YEAR) )";      
    
// Prepare the statement:
$stmt = mysqli_prepare($db, $q);

// Bind the variables:
mysqli_stmt_bind_param($stmt, 'sssssss', $u, $e, $p, $fn, $mi, $ln, $a);

// Assign the values to variables:
$u  = $_POST['username'];
$e  = $_POST['email'];
$p  = $_POST['pass'];
$fn  = $_POST['first_name'];
$mi = $_POST['middle_name'];
$ln  = $_POST['last_name'];
$a  = $_POST['active'];

// Execute the query:
 mysqli_stmt_execute($stmt);

 

Link to post
Share on other sites
Marie

Marie 3

Posted
  • Author
Posted
22 hours ago, Larry said:

Most likely this is because you don't have an input named 'pass' in your form. On another note, though, it's not a great idea to store the user's password in an unencrypted manner. 

Yes, that was the problem. I tried several different variations and it was continually entering the user's password in an unencrypted manner SO I left it out. I also took out $a  = $_POST['active'];  

The information is now going into the database and the password is hashed. I am now wondering about the significance of the last part of the prepared statement where one assigns the values to the variables if one can simply remove some of them?

  

     $q = "INSERT INTO users (username, email, pass, first_name, middle_name, last_name, active, agree, date_expires) VALUES (?, ?, ?, ?, ?, ?, ?,  'Agree',  DATE_ADD(NOW(), INTERVAL 2 YEAR) )";      
    
// Prepare the statement:
$stmt = mysqli_prepare($db, $q);

// Bind the variables:
mysqli_stmt_bind_param($stmt, 'sssssss', $u, $e, $p, $fn, $mi, $ln, $a);

// Assign the values to variables:
$u  = $_POST['username'];
$e  = $_POST['email'];
$fn  = $_POST['first_name'];
$mi = $_POST['middle_name'];
$ln  = $_POST['last_name'];
//$a  = $_POST['active'];

 

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Followers 1
Go to topic listing
×
×
  • Create New...