Binding paramaters


#1

Hi,
i have try too binding parameters and replace my placeholders with the function mysqli_stmt_bind_param() but all i can see in my database is the question mark (placeholder).
i have a attachment with the code.
i hope somebody can help me
thank you

ignarein


signup.inc.txt (736 Bytes)


#2

You need to post your code in the forum using the code tags.


#3

[php]

// form to insert the data

Database
<input type="text" name="first" placeholder="Firstname">
<br>
<input type="text" name="last" placeholder="Lastname">
<br>
<input type="text" name="email" placeholder="E-mail">
<br>
<input type="text" name="uid" placeholder="Username">
<br>
<input type="password" name="pwd" placeholder="Password">
<br>
<button type="submit" name="submit">Sign up</button>
//---------------------------------------------------------------------------------------------------------------------------- // read from database <?php include_once'includes/dbh.inc.php'; ?> Database <?php $data = "adm34"; // Created a template $sql = "SELECT * FROM users WHERE user_uid = ?;"; // Created a prepared statement $stmt = mysqli_stmt_init($conn); // Prepare the prepared statement if(!mysqli_stmt_prepare($stmt, $sql)){ echo "SQL statement faild"; }else { // Bind the parameter to the placeholder mysqli_stmt_bind_param($stmt, "s", $data);// s is for sting // Run paramerter inside database mysqli_stmt_execute($stmt); $result = mysqli_stmt_get_result($stmt); while ($row = mysqli_fetch_assoc($result)) { echo $row['user_uid']."
"; echo $row['user_email']."
"; echo $row['user_first']."
"; } } ?> //--------------------------------------------------------------------------------------------------- // dbh.inc.php // connect the database <?php

$dbServername = “localhost”;
$dbUsername = “root”;
$dbPasswort = “”;
$dbName = “loginsystem”;

$conn = mysqli_connect($dbServername,$dbUsername,$dbPasswort,$dbName);

//--------------------------------------------------------------------------------------------------------
// signup in the database
// signup.inc.php

<?php include_once'dbh.inc.php'; $first = mysqli_real_escape_string($conn, $_POST['first']); $last = mysqli_real_escape_string($conn, $_POST['last']); $email = mysqli_real_escape_string($conn, $_POST['email']); $uid = mysqli_real_escape_string($conn, $_POST['uid']); $pwd = mysqli_real_escape_string($conn, $_POST['pwd']); $sql = "INSERT INTO users (user_first,user_last,user_email,user_uid,user_pwd) VALUES('?','?','?','?','?');"; $stmt = mysqli_stmt_init($conn); if(!mysqli_stmt_prepare($stmt, $sql)){ echo "SQL faild"; }else { mysqli_stmt_bind_param($stmt, 'sssss', $first, $last, $email, $uid, $pwd); mysqli_stmt_execute($stmt); } header("Location: ../insert.php?signup=sucscess"); [/php] I hope it is ok now

#4

You need to remove the quotes from around the question marks.

You really should be using PDO. Here is a tutorial to get you going https://phpdelusions.net/pdo


#5

hi,
it works thank you for the help.
i have bookmark link the you send me.
i will start and learn more after i am finish that tutorial i do now.

ignarein