PHP/MySQL: bind_param malfunction when using mysql function inside prepared statement

Asked Apr 04 '15 at 00:13

Active Apr 04 '15 at 00:13

Viewed 85 times

I'm having trouble encrypting a password when adding an entry into mysql using php bound parameters. Everything works just fine with 2 bound parameters ($username and $password) being inserted directly into the username and password field. But, when I try to add a third $salt variable and insert password with the sha2 function, it won't execute correctly anymore. The code below will print to my debug console "couldn't execute" each time. Why?

$stmt = $GLOBALS['mysqli']->stmt_init();
$sql = "INSERT INTO users ( username, password ) VALUES ( ?, sha2(concat(?,?),256) ) ";
if($stmt->prepare($sql)){
    $stmt->bind_param('sss',$username,$password,$salt);
    if($stmt->execute()){
        if($stmt->affected_rows>0){ $userID=$stmt->insert_id; }
    }
    else{ wdebug("couldn't execute"); }
    $stmt->close();     
}

asked Apr 04 '15 at 00:13

Andrew

Can you get the *actual* error from the database instead of "couldn't execute"? – David Apr 04 '15 at 00:17
Use `$stmt->error` to get the error message. – Barmar Apr 04 '15 at 00:18
new to mysql, give me a minute... – Andrew Apr 04 '15 at 00:18
1

found the problem...the error message was "Data too long for column 'password' at row1" and indeed my password column was only varchar(32). Setting it to varchar(64) did the trick. Thanks guys – Andrew Apr 04 '15 at 00:23

PHP/MySQL: bind_param malfunction when using mysql function inside prepared statement

0 Answers0