Registeration help

Register.php
[php]<?php
include(‘config.php’);
########################

ShadowCMS - MySQLi

edition

2013

########################

if (isset($_POST[‘submit’])) {
$username = mysqli_escape_string(strip_tags($_POST[‘username’]));
$password = SHA1(mysqli_escape_string(strip_tags($_POST[‘password’])));
$email = mysqli_escape_string(strip_tags($_POST[‘email’]));

$checkuser = mysqli_query("SELECT username FROM users WHERE username='$username'");
$user_exists = mysqli_num_rows($checkuser);

if ($user_exits > 0) {
	printf("This username is already taken, please choose a different one");
	exit();
}

$stmt = $mysqli->prepare(“INSERT INTO ‘users’ (username, password, email) VALUES(?, ?, ?)”);
$stmt->bind_param(‘sssssid’, $username, $password, $email);
$stmt->excute();

echo “You have successfully registered”;
}
?>

Registeration! Username:
Password:
E-mail:
[/php]

Config.php
[php]<?php
define(‘DB_HOST’, ‘localhost’);
define(‘DB_USER’, ‘root’);
define(‘DB_PASS’, ‘root’);
define(‘DB_NAME’, ‘hybrid’);

function database() {
static $mysqli = null;
if(is_null($mysqli)) {
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);

if($mysqli->connect_errno) {
	printf("Connection failed! Error code: %s/n", $mysqli->connect_error());
}
}
return $mysqli;
$mysqli = new database();

}
?>

I get no errors but for some reason when you submit it, the data won’t go into the users table. What’s wrong?
[/php]

I get no errors but for some reason when I submit it, the data won’t go into the users table. What’s wrong?

You’ve got more parameters than defined in the INSERT, only three fields: (username, password, email) and three place holders: VALUES(?, ?, ?), but four parameters: $stmt->bind_param(‘sssssid’, $username, $password, $email);

[php]$stmt = $mysqli->prepare(“INSERT INTO ‘users’ (username, password, email) VALUES(?, ?, ?)”);
$stmt->bind_param(‘sssssid’, $username, $password, $email);
$stmt->excute();[/php]

Xerxes: this is because the first parameter is the MySQLi field definition. However, you’re on to something - if he has three placeholders only - username, password, email - then the field definition should be “sss” (triple string) and not “sssssid”.

Ah OK, slightly different to PDO, but yes, this looks right:

[php]$stmt = $mysqli->prepare(“INSERT INTO ‘users’ (username, password, email) VALUES(?, ?, ?)”);
$stmt->bind_param(‘sss’, $username, $password, $email);
$stmt->excute();[/php]

Sponsor our Newsletter | Privacy Policy | Terms of Service