What's wrong with mysqli_prepare() Please Help

Beginners - Learning PHP
#1

image
image877×114 4.53 KB

Getting this error

Cant fix as I’m in learning Please help

Code is below >>>>

<?php

// Include config file

require_once "config.php";

 

// Define variables and initialize with empty values

$username = $password = $confirm_password = "";

$username_err = $password_err = $confirm_password_err = "";

global $link,$sql;

// Processing form data when form is submitted

if($_SERVER["REQUEST_METHOD"] == "POST"){

 

    // Validate username

    if(empty(trim($_POST["username"]))){

        $username_err = "Please enter a username.";

    } else{

        // Prepare a select statement

        $sql = "SELECT id FROM users WHERE username = ?";

        

        if($stmt = mysqli_prepare($link, $sql)){

            // Bind variables to the prepared statement as parameters

            mysqli_stmt_bind_param($stmt, "s", $param_username);

            

            // Set parameters

            $param_username = trim($_POST["username"]);

            

            // Attempt to execute the prepared statement

            if(mysqli_stmt_execute($stmt)){

                /* store result */

                mysqli_stmt_store_result($stmt);

                

                if(mysqli_stmt_num_rows($stmt) == 1){

                    $username_err = "This username is already taken.";

                } else{

                    $username = trim($_POST["username"]);

                }

            } else{

                echo "Oops! Something went wrong. Please try again later.";

            }

            // Close statement

            mysqli_stmt_close($stmt);

        }

    }

    

    // Validate password

    if(empty(trim($_POST["password"]))){

        $password_err = "Please enter a password.";     

    } elseif(strlen(trim($_POST["password"])) < 6){

        $password_err = "Password must have atleast 6 characters.";

    } else{

        $password = trim($_POST["password"]);

    }

    

    // Validate confirm password

    if(empty(trim($_POST["confirm_password"]))){

        $confirm_password_err = "Please confirm password.";     

    } else{

        $confirm_password = trim($_POST["confirm_password"]);

        if(empty($password_err) && ($password != $confirm_password)){

            $confirm_password_err = "Password did not match.";

        }

    }

    

    // Check input errors before inserting in database

    if(empty($username_err) && empty($password_err) && empty($confirm_password_err)){

        

        // Prepare an insert statement

        $sql = "INSERT INTO users (username, password) VALUES (?, ?)";

         

        if($stmt = mysqli_prepare($link, $sql)){

            // Bind variables to the prepared statement as parameters

            mysqli_stmt_bind_param($stmt, "ss", $param_username, $param_password);

            

            // Set parameters

            $param_username = $username;

            $param_password = password_hash($password, PASSWORD_DEFAULT); // Creates a password hash

            

            // Attempt to execute the prepared statement

            if(mysqli_stmt_execute($stmt)){

                // Redirect to login page

                header("location: login.php");

            } else{

                echo "Something went wrong. Please try again later.";

            }

            // Close statement

            mysqli_stmt_close($stmt);

        }

    }

    

    // Close connection

    mysqli_close($link);

}

?>

 

<!DOCTYPE html>

<html lang="en">

<head>

    <meta charset="UTF-8">

    <title>Sign Up</title>

    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.css">

    <style type="text/css">

        body{ font: 14px sans-serif; }

        .wrapper{ width: 350px; padding: 20px; }

    </style>

</head>

<body>

    <div class="wrapper">

        <h2>Sign Up</h2>

        <p>Please fill this form to create an account.</p>

        <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">

            <div class="form-group <?php echo (!empty($username_err)) ? 'has-error' : ''; ?>">

                <label>Username</label>

                <input type="text" name="username" class="form-control" value="<?php echo $username; ?>">

                <span class="help-block"><?php echo $username_err; ?></span>

            </div>    

            <div class="form-group <?php echo (!empty($password_err)) ? 'has-error' : ''; ?>">

                <label>Password</label>

                <input type="password" name="password" class="form-control" value="<?php echo $password; ?>">

                <span class="help-block"><?php echo $password_err; ?></span>

            </div>

            <div class="form-group <?php echo (!empty($confirm_password_err)) ? 'has-error' : ''; ?>">

                <label>Confirm Password</label>

                <input type="password" name="confirm_password" class="form-control" value="<?php echo $confirm_password; ?>">

                <span class="help-block"><?php echo $confirm_password_err; ?></span>

            </div>

            <div class="form-group">

                <input type="submit" class="btn btn-primary" value="Submit">

                <input type="reset" class="btn btn-default" value="Reset">

            </div>

            <p>Already have an account? <a href="login.php">Login here</a>.</p>

        </form>

    </div>    

</body>

</html>
#2

$link is null. That is the issue with using global variables, you need to trace back through to find out if something nulled it, or you just didn’t set it properly.

#3

The errors mean that $link isn’t a mysqli connection ($link probably doesn’t exist at all, which would produce an undefined variable notice error, but your php’s error_reporting is not set to E_ALL.)

The problem is in the connection code, not where these errors are occurring at.

Next, you have a huge amount of repetitive and unnecessary code/variables. These are just taking up your time in creating and changing if there are corrections to be made. In case it is helpful, here is a list of things that will greatly simplify the code -

  1. Don’t create bespoke variables for every form field. Instead, keep the ‘set’ of form data as an array and use an array to hold the error messages.
  2. ‘global’ only has meaning inside of a function, and even there is should be avoided. Your use of global in the main code is a waste of typing. It doesn’t do anything there.
  3. You should trim all the input data once, then use the trimmed values throughout the rest of the code. Don’t Repeat Yourself (DRY.) You can trim all the data at once using one php array statement.
  4. Use an array to hold the validation errors, using the form field name as the array index. This array is also an error flag. If the array is empty, there are no errors.
  5. Don’t SELECT data in order to decide if you are going to INSERT it. Instead, define the username column as a unique index, just attempt to insert the data, then detect if a duplicate key error occurred.
  6. Use exceptions for database statement errors - connection, query, prepare, and execute, and in most cases let php catch the exception where it will use its error related settings to control what happens with the actual error information (database statement errors will ‘automatically’ get displayed or logged the same as php errors.) This will let you remove the existing error handling logic. The exception to this rule is when inserting/updating duplicate or out of range user submitted data. In this case your code would catch the exception, detect if the error number is for something that your code can handle, then setup a message telling the user exactly what was wrong with the data they submitted. This is what you would be doing to detect a duplicate username.
  7. Use the much simpler and more consistent PDO extension. Over half of the database statements will go-away.
  8. Every header() redirect needs an exit; statement to stop program execution.
  9. After successfully processing the form data (with no errors), you should redirect to the exact same url of the current page to cause a get request.
  10. Php automatically destroys all resources used on a page, so, in general you don’t need to close prepared statements or close database connections.
  11. To cause a form to submit to the same page, leave the action=’…’ attribute out of the form.
  12. All dynamic values that you output on a web page need to have htmlentities() applied to them to help prevent cross site scripting.
Sponsor our Newsletter | Privacy Policy | Terms of Service