XCalibre3 Posted May 1, 2023 Share Posted May 1, 2023 (edited) I don't know why I get this error??? Notice: Only variables should be passed by reference in C:\xampp\htdocs\sliders\registration.php on line 38 Fatal error: Uncaught Error: mysqli_stmt::bind_param(): Argument #8 cannot be passed by reference in C:\xampp\htdocs\sliders\registration.php:38 Stack trace: #0 {main} thrown in C:\xampp\htdocs\sliders\registration.php on line 38 $servername = "localhost"; $username = "root"; $password = ""; $dbname = "calendar"; // Establish connection $conn = new mysqli($servername, $username, $password, $dbname); // Verify connection if ($conn->connect_error) { die("Connection failed: " . $conn->connect_error); } if (isset($_POST['submit'])) { $username = $_POST['username']; $email = $_POST['email']; $phone = $_POST['phone']; $address = $_POST['address']; $state = $_POST['state']; $password = $_POST['password']; $create_datetime = date("Y-m-d H:i:s"); $stmt = $conn->prepare("INSERT INTO `admins` (username, email, phone, address, state, password, isadmin, create_datetime) VALUES (?, ?, ?, ?, ?, ?, ?, ?)"); $stmt->bind_param("ssissssi", $username, $email, $phone, $address, $state, $password, 'Yes', $create_datetime); $stmt->execute(); $conn->close(); Edited May 1, 2023 by XCalibre3 Quote Link to comment Share on other sites More sharing options...
XCalibre3 Posted May 1, 2023 Author Share Posted May 1, 2023 (edited) Maybe because of the 'Yes'? hmmm If so, how would I write that? Edited May 1, 2023 by XCalibre3 Quote Link to comment Share on other sites More sharing options...
XCalibre3 Posted May 1, 2023 Author Share Posted May 1, 2023 Maybe like this $dummy = "Yes"; $yes = $dummy; Quote Link to comment Share on other sites More sharing options...
ginerjm Posted May 1, 2023 Share Posted May 1, 2023 (edited) It says argument 8, not 7 And - I wouldn't define the phone field as an integer. You'll be sorry. Edited May 1, 2023 by ginerjm Quote Link to comment Share on other sites More sharing options...
requinix Posted May 1, 2023 Share Posted May 1, 2023 $stmt = $conn->prepare("INSERT INTO `admins` (username, email, phone, address, state, password, isadmin, create_datetime) VALUES (?, ?, ?, ?, ?, ?, 'Yes', ?)"); By the way, "Yes" is absolutely not the kind of value that should be in an isadmin column. Quote Link to comment Share on other sites More sharing options...
ginerjm Posted May 1, 2023 Share Posted May 1, 2023 @requinix - Doh! So obvious and didn't see it. Quote Link to comment Share on other sites More sharing options...
XCalibre3 Posted May 2, 2023 Author Share Posted May 2, 2023 6 hours ago, ginerjm said: It says argument 8, not 7 And - I wouldn't define the phone field as an integer. You'll be sorry. Thank you, changed to S Quote Link to comment Share on other sites More sharing options...
XCalibre3 Posted May 2, 2023 Author Share Posted May 2, 2023 (edited) 6 hours ago, requinix said: $stmt = $conn->prepare("INSERT INTO `admins` (username, email, phone, address, state, password, isadmin, create_datetime) VALUES (?, ?, ?, ?, ?, ?, 'Yes', ?)"); By the way, "Yes" is absolutely not the kind of value that should be in an isadmin column. Okay, I have changed it to either 0 or 1.... but here is where I'm at now. <?php if (isset($_POST['submit'])) { $username = $_POST['username']; $email = $_POST['email']; $phone = $_POST['phone']; $address = $_POST['address']; $state = $_POST['state']; $password = $_POST['password']; $create_datetime = date("Y-m-d H:i:s"); $isadmin = "0"; $stmt = $conn->prepare("INSERT INTO `admins` (username, email, phone, address, state, password, isadmin, create_datetime) VALUES (?, ?, ?, ?, ?, ?, ?, ?)"); $stmt->bind_param("ssssssii", $username, $email, $phone, $address, $state, $password, $isadmin, $create_datetime); $stmt->execute(); $conn->close(); $result = mysqli_stmt_get_result($stmt); if ($result) { echo "<div class='form'> <h3>You are registered successfully.</h3><br/> <p class='link'>Click here to <a href='login.php'>Login</a></p> </div>"; } else { echo "<div class='form'> <h3>Required fields are missing.</h3><br/> <p class='link'>Click here to <a href='registration.php'>registration</a> again.</p> </div>"; } } else { ?> <form class="form" action="" method="post"> <h1 class="login-title">Registration</h1> <input type="text" class="login-input" name="username" placeholder="Username" required /> <input type="text" class="login-input" name="email" placeholder="Email Adress" required /> <input type="text" class="login-input" name="phone" placeholder="Phone Number" required /> <input type="text" class="login-input" name="address" placeholder="Address" required /> <input type="text" class="login-input" name="state" placeholder="State" required /> <input type="password" class="login-input" name="password" placeholder="Password" required /> <input type="submit" name="submit" value="Register" class="login-button"> <p class="link"><a href="login.php">Click to Login</a></p> </form> <?php } ?> </body> </html> It keeps showing Required fields are missing. Click here to registration again. But I have enetered all the required fields. Makes no sense. It is entering into database though... but the login won't work. Edited May 2, 2023 by XCalibre3 Quote Link to comment Share on other sites More sharing options...
requinix Posted May 2, 2023 Share Posted May 2, 2023 Don't close the connection. PHP will do it for you. Besides, what if you close the connection and then decide you want to do something else with it... And take another look at what you're doing with $create_datetime. And please, please, stop storing passwords unhashed. Quote Link to comment Share on other sites More sharing options...
XCalibre3 Posted May 2, 2023 Author Share Posted May 2, 2023 11 minutes ago, requinix said: Don't close the connection. PHP will do it for you. Besides, what if you close the connection and then decide you want to do something else with it... And take another look at what you're doing with $create_datetime. And please, please, stop storing passwords unhashed. Okay I changed this to hash password: $stmt->bind_param("ssssssis", $username, $email, $phone, $address, $state, md5($password), $isadmin, $create_datetime); Everything inserts into the database just fine, and the $create_datetime inserts: 2023-05-02 07:16:40. So it all seems to work fine and inserts into database, but this is the error I get Notice: Only variables should be passed by reference in C:\xampp\htdocs\sliders\registration.php on line 39 if (isset($_POST['submit'])) { $username = $_POST['username']; $email = $_POST['email']; $phone = $_POST['phone']; $address = $_POST['address']; $state = $_POST['state']; $password = $_POST['password']; $create_datetime = date("Y-m-d H:i:s"); $isadmin = '0'; $stmt = $conn->prepare("INSERT INTO `admins` (username, email, phone, address, state, password, isadmin, create_datetime) VALUES (?, ?, ?, ?, ?, ?, ?, ?)"); Line 39: $stmt->bind_param("ssssssis", $username, $email, $phone, $address, $state, md5($password), $isadmin, $create_datetime); $stmt->execute(); Quote Link to comment Share on other sites More sharing options...
kicken Posted May 2, 2023 Share Posted May 2, 2023 4 minutes ago, XCalibre3 said: Okay I changed this to hash password: MD5 is not proper password hashing. PHP has a function for hashing passwords, as demonstrated in the linked stack overflow answer. Use it. 5 minutes ago, XCalibre3 said: but this is the error I get Like in your original post, you're passing a value that is not a variable. In the original post it was a string constant. Now it's the result of a function call. You need to pass variables to bind_param, not constants or expressions. So hash your password before the call the bind_param and save the hashed password back into the variable (or a new variable). $password = password_hash($password, PASSWORD_DEFAULT); Quote Link to comment Share on other sites More sharing options...
XCalibre3 Posted May 2, 2023 Author Share Posted May 2, 2023 7 minutes ago, kicken said: MD5 is not proper password hashing. PHP has a function for hashing passwords, as demonstrated in the linked stack overflow answer. Use it. Like in your original post, you're passing a value that is not a variable. In the original post it was a string constant. Now it's the result of a function call. You need to pass variables to bind_param, not constants or expressions. So hash your password before the call the bind_param and save the hashed password back into the variable (or a new variable). $password = password_hash($password, PASSWORD_DEFAULT); Okay, thank you very much. Sorry, I'm new to prepared statements... that's why I can't login to the admin panel yet. I have to change all that to prepared statements. I still get that the required fields are missing, even though it puts it all in the database. And I thought the datetime was set correctly? Here is the code I have changed: <!DOCTYPE html> <html> <head> <meta charset="utf-8"/> <title>Registration</title> <link rel="stylesheet" href="style.css"/> </head> <body> <?php mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT); $servername = "localhost"; $username = "root"; $password = ""; $dbname = "calendar"; // Establish connection $conn = new mysqli($servername, $username, $password, $dbname); // Verify connection if ($conn->connect_error) { die("Connection failed: " . $conn->connect_error); } ?> <?php if (isset($_POST['submit'])) { $username = $_POST['username']; $email = $_POST['email']; $phone = $_POST['phone']; $address = $_POST['address']; $state = $_POST['state']; $password = $_POST['password']; $reg_date = date("Y-m-d h:i:s"); $isadmin = '0'; $password = password_hash($password, PASSWORD_DEFAULT); $stmt = $conn->prepare("INSERT INTO `admins` (username, email, phone, address, state, password, isadmin, reg_date) VALUES (?, ?, ?, ?, ?, ?, ?, ?)"); $stmt->bind_param("ssssssis", $username, $email, $phone, $address, $state, $password, $isadmin, $reg_date); $stmt->execute(); $result = mysqli_stmt_get_result($stmt); if ($result) { echo "<div class='form'> <h3>You are registered successfully.</h3><br/> <p class='link'>Click here to <a href='login.php'>Login</a></p> </div>"; } else { echo "<div class='form'> <h3>Required fields are missing.</h3><br/> <p class='link'>Click here to <a href='registration.php'>registration</a> again.</p> </div>"; } } else { ?> <form class="form" action="" method="post"> <h1 class="login-title">Registration</h1> <input type="text" class="login-input" name="username" placeholder="Username" required /> <input type="text" class="login-input" name="email" placeholder="Email Adress" required /> <input type="text" class="login-input" name="phone" placeholder="Phone Number" required /> <input type="text" class="login-input" name="address" placeholder="Address" required /> <input type="text" class="login-input" name="state" placeholder="State" required /> <input type="password" class="login-input" name="password" placeholder="Password" required /> <input type="submit" name="submit" value="Register" class="login-button"> <p class="link"><a href="login.php">Click to Login</a></p> </form> <?php } ?> </body> </html> As stated.. it puts it all in database but doesn't actually register it. Quote Link to comment Share on other sites More sharing options...
Solution kicken Posted May 2, 2023 Solution Share Posted May 2, 2023 3 minutes ago, XCalibre3 said: I still get that the required fields are missing INSERT queries do not have a result set. As such, mysqli_stmt_get_result returns false, as documented. Quote or successful queries which produce a result set, such as SELECT, SHOW, DESCRIBE or EXPLAIN, mysqli_stmt_get_result() will return a mysqli_result object. For other successful queries, mysqli_stmt_get_result() will return false. To check if a row was inserted, use mysqli_stmt_affected_rows. Quote Link to comment Share on other sites More sharing options...
XCalibre3 Posted May 2, 2023 Author Share Posted May 2, 2023 Thank you... I changed $result = mysqli_stmt_get_result($stmt); TO: $result = mysqli_stmt_affected_rows($stmt); It now shows registered successfully. TYTY Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.