Jump to content
Larry Ullman's Book Forums

Script 13.6 Prepared Statement for Insert Into


Recommended Posts

I am trying to adapt code on my registration page to Script 13.6, however am getting and undefined index error for "pass" which represents the password. Otherwise, the remainder of the code follows the Registration code that is in the book.

  
     if ($u && $e && $p && $fn && $mi && $ln) { // If everything's OK...
		// Make sure the email address is available:
		$q = "SELECT id FROM users WHERE email='$e'";
		$r = mysqli_query($db, $q) or trigger_error("Query: $q\n<br>MySQL Error: " . mysqli_error($db));
		if (mysqli_num_rows($r) == 0) { // Available.
    
    // Create the activation code:
    $a = md5(uniqid(rand(), true));
	
// Add the user to the database: 
   // Make the query:
     $q = "INSERT INTO users (username, email, pass, first_name, middle_name, last_name,  active, agree, date_expires) VALUES (?, ?, ?, ?, ?, ?, ?,  'Agree',  DATE_ADD(NOW(), INTERVAL 2 YEAR) )";      
    
// Prepare the statement:
$stmt = mysqli_prepare($db, $q);

// Bind the variables:
mysqli_stmt_bind_param($stmt, 'sssssss', $u, $e, $p, $fn, $mi, $ln, $a);

// Assign the values to variables:
$u  = $_POST['username'];
$e  = $_POST['email'];
$p  = $_POST['pass'];
$fn  = $_POST['first_name'];
$mi = $_POST['middle_name'];
$ln  = $_POST['last_name'];
$a  = $_POST['active'];

// Execute the query:
 mysqli_stmt_execute($stmt);

 

Link to comment
Share on other sites

22 hours ago, Larry said:

Most likely this is because you don't have an input named 'pass' in your form. On another note, though, it's not a great idea to store the user's password in an unencrypted manner. 

Yes, that was the problem. I tried several different variations and it was continually entering the user's password in an unencrypted manner SO I left it out. I also took out $a  = $_POST['active'];  

The information is now going into the database and the password is hashed. I am now wondering about the significance of the last part of the prepared statement where one assigns the values to the variables if one can simply remove some of them?

 

     $q = "INSERT INTO users (username, email, pass, first_name, middle_name, last_name, active, agree, date_expires) VALUES (?, ?, ?, ?, ?, ?, ?,  'Agree',  DATE_ADD(NOW(), INTERVAL 2 YEAR) )";      
    
// Prepare the statement:
$stmt = mysqli_prepare($db, $q);

// Bind the variables:
mysqli_stmt_bind_param($stmt, 'sssssss', $u, $e, $p, $fn, $mi, $ln, $a);

// Assign the values to variables:
$u  = $_POST['username'];
$e  = $_POST['email'];
$fn  = $_POST['first_name'];
$mi = $_POST['middle_name'];
$ln  = $_POST['last_name'];
//$a  = $_POST['active']; 

 

Link to comment
Share on other sites

 Share

×
×
  • Create New...