Search the Community

I'm new to coding and prepared statements. I'm getting: "Fatal error: Call to a member function bind_param() on a non-object in /home/content/01/3251001/html/Manage-Users/acc-files/updateRecord.php on line 17" For this: <?php include "db_connect.php"; if(isset($_POST['UserID'])){ $stmt = $con -> prepare('UPDATE UserList SET Status = ?, FirstName = ?, LastName = ?, Username = ?, Email = ?, Department = ?, Manager = ?, WHERE UserID = ?'); $stmt -> bind_param('isssssss', /* Line 17 */ $_POST['Status'], $_POST['FirstName'], $_POST['LastName'], $_POST['Username'], $_POST['Email'], $_POST['Department'], $_POST['Manager'], $_POST['UserID']); $stmt->execute(); } Thank you in advance for helping.

Hello, I hope it's ok to ask this question here. I have a registration script, but I'm not sure how to handle it efficiently and I have some questions about it. This is used in the page 'signup.php'. The class is called 'User'. I haven't noticed any errors or bugs. It would be very useful for me to be aware of my mistakes. public function regUser($uname,$upass,$upassverify) { $new_password = password_hash($upass, PASSWORD_DEFAULT); if(!password_verify($upassverify, $new_password)) { // passwords are not the same (I thought it would be better to do this after hashing, but maybe it doesn't matter or it's worse. I'm not sure about it) $info = 'pass_err'; } $stmt1 = $this->db->prepare("SELECT * FROM users WHERE username=:uname"); $stmt1->execute(array(':uname'=>$uname)); if($stmt1->rowCount() > 0) { // this username has already been used $info = 'user_err'; } if (!$info) { $stmt2 = $this->db->prepare("INSERT INTO users(username,password) VALUES(:uname, :upass)"); $stmt2->bindparam(":uname", $uname); $stmt2->bindparam(":upass", $new_password); $stmt2->execute(); // succesfully made an account $info = "success"; } header("Location:/signup.php?status=".$info); exit(); } Am I using the prepared statements as how I should be using them? Is this a safe way of handling my data or do you see vulnerabilities? I'm using PRG to prevent resubmission but I want to show a 'everything is fine' or 'oh no, something went wrong' to the one who is signinup. If I now go to signup.php?status=success, i see 'eveything is fine', without actually signing up, is there a better way to do this or can I somehow prevent everyone being able to see this? As you might have noticed in my last post, my English is not very good, sorry about that. Thanks, Fabian