Jump to content

Notice: Only variables should be passed by reference


XCalibre3
Go to solution Solved by kicken,

Recommended Posts

I don't know why I get this error???

Notice: Only variables should be passed by reference in C:\xampp\htdocs\sliders\registration.php on line 38

Fatal error: Uncaught Error: mysqli_stmt::bind_param(): Argument #8 cannot be passed by reference in C:\xampp\htdocs\sliders\registration.php:38 Stack trace: #0 {main} thrown in C:\xampp\htdocs\sliders\registration.php on line 38

 

$servername = "localhost";
$username = "root";
$password = "";
$dbname = "calendar";

// Establish connection
$conn = new mysqli($servername, $username, $password, $dbname);

// Verify connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

       if (isset($_POST['submit'])) {
        $username = $_POST['username'];
        $email    = $_POST['email'];
        $phone    = $_POST['phone'];
        $address  = $_POST['address'];
        $state    = $_POST['state'];
        $password = $_POST['password'];
        $create_datetime = date("Y-m-d H:i:s");
        
        $stmt = $conn->prepare("INSERT INTO `admins` (username, email, phone, address, state, password, isadmin, create_datetime) VALUES (?, ?, ?, ?, ?, ?, ?, ?)");
        $stmt->bind_param("ssissssi", $username, $email, $phone, $address, $state, $password, 'Yes', $create_datetime);
        $stmt->execute();
        $conn->close();

 

Edited by XCalibre3
Link to comment
Share on other sites

$stmt = $conn->prepare("INSERT INTO `admins` (username, email, phone, address, state, password, isadmin, create_datetime) VALUES (?, ?, ?, ?, ?, ?, 'Yes', ?)");

By the way, "Yes" is absolutely not the kind of value that should be in an isadmin column.

Link to comment
Share on other sites

6 hours ago, requinix said:
$stmt = $conn->prepare("INSERT INTO `admins` (username, email, phone, address, state, password, isadmin, create_datetime) VALUES (?, ?, ?, ?, ?, ?, 'Yes', ?)");

By the way, "Yes" is absolutely not the kind of value that should be in an isadmin column.

Okay, I have changed it to either 0 or 1.... but here is where I'm at now.

 

<?php
    if (isset($_POST['submit'])) {
        $username = $_POST['username'];
        $email    = $_POST['email'];
        $phone    = $_POST['phone'];
        $address  = $_POST['address'];
        $state    = $_POST['state'];
        $password = $_POST['password'];
        $create_datetime = date("Y-m-d H:i:s");
        $isadmin = "0";


        $stmt = $conn->prepare("INSERT INTO `admins` (username, email, phone, address, state, password, isadmin, create_datetime) VALUES (?, ?, ?, ?, ?, ?, ?, ?)");
        $stmt->bind_param("ssssssii", $username, $email, $phone, $address, $state, $password, $isadmin, $create_datetime);
        $stmt->execute();
        $conn->close();

        $result = mysqli_stmt_get_result($stmt);
        if ($result) {
            echo "<div class='form'>
                  <h3>You are registered successfully.</h3><br/>
                  <p class='link'>Click here to <a href='login.php'>Login</a></p>
                  </div>";
        } else {
            echo "<div class='form'>
                  <h3>Required fields are missing.</h3><br/>
                  <p class='link'>Click here to <a href='registration.php'>registration</a> again.</p>
                  </div>";
        }
    } else {
?>
    <form class="form" action="" method="post">
        <h1 class="login-title">Registration</h1>
        <input type="text" class="login-input" name="username" placeholder="Username" required />
        <input type="text" class="login-input" name="email" placeholder="Email Adress" required />
        <input type="text" class="login-input" name="phone" placeholder="Phone Number" required />
        <input type="text" class="login-input" name="address" placeholder="Address" required />
        <input type="text" class="login-input" name="state" placeholder="State" required />
        <input type="password" class="login-input" name="password" placeholder="Password" required />
        <input type="submit" name="submit" value="Register" class="login-button">
        <p class="link"><a href="login.php">Click to Login</a></p>
    </form>
<?php
    }
?>
</body>
</html>

 

It keeps showing

Required fields are missing.

Click here to registration again.

 

But I have enetered all the required fields.  Makes no sense.  It is entering into database though... but the login won't work.

Edited by XCalibre3
Link to comment
Share on other sites

11 minutes ago, requinix said:

Don't close the connection. PHP will do it for you. Besides, what if you close the connection and then decide you want to do something else with it...

And take another look at what you're doing with $create_datetime.

And please, pleasestop storing passwords unhashed.

Okay I changed this to hash password:

        $stmt->bind_param("ssssssis", $username, $email, $phone, $address, $state, md5($password), $isadmin, $create_datetime);

Everything inserts into the database just fine, and the $create_datetime inserts: 2023-05-02 07:16:40.  So it all seems to work fine and inserts into database, but this is the error I get

Notice: Only variables should be passed by reference in C:\xampp\htdocs\sliders\registration.php on line 39

 

if (isset($_POST['submit'])) {
        $username = $_POST['username'];
        $email    = $_POST['email'];
        $phone    = $_POST['phone'];
        $address  = $_POST['address'];
        $state    = $_POST['state'];
        $password = $_POST['password'];
        $create_datetime = date("Y-m-d H:i:s");
        $isadmin = '0';


$stmt = $conn->prepare("INSERT INTO `admins` (username, email, phone, address, state, password, isadmin, create_datetime) VALUES (?, ?, ?, ?, ?, ?, ?, ?)");

Line 39:        $stmt->bind_param("ssssssis", $username, $email, $phone, $address, $state, md5($password), $isadmin, $create_datetime);
        $stmt->execute();


 

Link to comment
Share on other sites

4 minutes ago, XCalibre3 said:

Okay I changed this to hash password:

MD5 is not proper password hashing.  PHP has a function for hashing passwords, as demonstrated in the linked stack overflow answer.  Use it.

5 minutes ago, XCalibre3 said:

but this is the error I get

Like in your original post, you're passing a value that is not a variable.  In the original post it was a string constant.  Now it's the result of a function call.  You need to pass variables to bind_param, not constants or expressions.  So hash your password before the call the bind_param and save the hashed password back into the variable (or a new variable).

$password = password_hash($password, PASSWORD_DEFAULT);

 

Link to comment
Share on other sites

7 minutes ago, kicken said:

MD5 is not proper password hashing.  PHP has a function for hashing passwords, as demonstrated in the linked stack overflow answer.  Use it.

Like in your original post, you're passing a value that is not a variable.  In the original post it was a string constant.  Now it's the result of a function call.  You need to pass variables to bind_param, not constants or expressions.  So hash your password before the call the bind_param and save the hashed password back into the variable (or a new variable).

$password = password_hash($password, PASSWORD_DEFAULT);

 

 

Okay, thank you very much.  Sorry, I'm new to prepared statements... that's why I can't login to the admin panel yet.  I have to change all that to prepared statements.  I still get that the required fields are missing, even though it puts it all in the database.  And I thought the datetime was set correctly?  Here is the code I have changed:

 

<!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8"/>
    <title>Registration</title>
    <link rel="stylesheet" href="style.css"/>
</head>
<body>
<?php
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "calendar";

// Establish connection
$conn = new mysqli($servername, $username, $password, $dbname);

// Verify connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}
?>


<?php
    if (isset($_POST['submit'])) {
        $username = $_POST['username'];
        $email    = $_POST['email'];
        $phone    = $_POST['phone'];
        $address  = $_POST['address'];
        $state    = $_POST['state'];
        $password = $_POST['password'];
        $reg_date = date("Y-m-d h:i:s");
        $isadmin = '0';

        $password = password_hash($password, PASSWORD_DEFAULT);

        $stmt = $conn->prepare("INSERT INTO `admins` (username, email, phone, address, state, password, isadmin, reg_date) VALUES (?, ?, ?, ?, ?, ?, ?, ?)");
        $stmt->bind_param("ssssssis", $username, $email, $phone, $address, $state, $password, $isadmin, $reg_date);
        $stmt->execute();

        $result = mysqli_stmt_get_result($stmt);
        if ($result) {
            echo "<div class='form'>
                  <h3>You are registered successfully.</h3><br/>
                  <p class='link'>Click here to <a href='login.php'>Login</a></p>
                  </div>";
        } else {
            echo "<div class='form'>
                  <h3>Required fields are missing.</h3><br/>
                  <p class='link'>Click here to <a href='registration.php'>registration</a> again.</p>
                  </div>";
        }
    } else {
?>
    <form class="form" action="" method="post">
        <h1 class="login-title">Registration</h1>
        <input type="text" class="login-input" name="username" placeholder="Username" required />
        <input type="text" class="login-input" name="email" placeholder="Email Adress" required />
        <input type="text" class="login-input" name="phone" placeholder="Phone Number" required />
        <input type="text" class="login-input" name="address" placeholder="Address" required />
        <input type="text" class="login-input" name="state" placeholder="State" required />
        <input type="password" class="login-input" name="password" placeholder="Password" required />
        <input type="submit" name="submit" value="Register" class="login-button">
        <p class="link"><a href="login.php">Click to Login</a></p>
    </form>
<?php
    }
?>
</body>
</html>

 

As stated.. it puts it all in database but doesn't actually register it.

 

 

register1.jpg

Link to comment
Share on other sites

  • Solution
3 minutes ago, XCalibre3 said:

I still get that the required fields are missing

INSERT queries do not have a result set.  As such, mysqli_stmt_get_result returns false, as documented.

Quote

or successful queries which produce a result set, such as SELECT, SHOW, DESCRIBE or EXPLAIN, mysqli_stmt_get_result() will return a mysqli_result object. For other successful queries, mysqli_stmt_get_result() will return false.

To check if a row was inserted, use mysqli_stmt_affected_rows.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.