0

Everthing seems to work except inserting data stmt.

I've added closing the connection and adding closing the statement.

$error = $user = $pass = "";
  if (isset($_SESSION['user'])) destroySession();

  if (isset($_POST['user']))
  {
    $user = sanitizeString($_POST['user']);
    $pass = sanitizeString($_POST['pass']);

    if ($user == "" || $pass == "")
      $error = 'Not all fields were entered<br><br>';
    else
    {
    $stmt = $connection->prepare('SELECT * FROM members WHERE user=?');
    $stmt->bind_param('s', $user);
    $stmt->execute();
    $result = $stmt->get_result();

      if ($result->num_rows)
        $error = 'That username already exists<br><br>';
      else
      {
        $hashedPwd = password_hash($pass, PASSWORD_DEFAULT);

        $stmt = $connection->prepare("INSERT INTO members (user, pass) VALUES (?,?)");
        $stmt->bind_param("ss", $user, $hashedPwd);

        $stmt->execute;
        $stmt->close();

        die('<h4>Account created</h4>Please Log in.</div></body></html>');
      }
    }
  }

  $connection->close();

I can expect the code to recognize if a user exists. However, I can not expect the database to be updated with a new user.

mobry88
  • 19
  • 4
  • 3
    In `$stmt->bind_param("ss", $user, $hashedpass);` should it be `$hashedPwd`? – Nigel Ren Jun 24 '19 at 17:45
  • 2
    Not sure what `sanitizeString()` does, but it may be counterproductive when combined with prepared statements. – Don't Panic Jun 24 '19 at 17:50
  • Make sure that you check the result of the `INSERT` to determine if it ran successfully. (I suspect `user` may be a reserved word.) – Alex Howansky Jun 24 '19 at 17:54
  • That typo Nigel mentioned could also cause it to fail if pass is defined as not null. – Don't Panic Jun 24 '19 at 17:55
  • Just edited. $hashedPwd. Same problem. – mobry88 Jun 24 '19 at 18:00
  • 1
    This can help you learn why your query is failing: https://stackoverflow.com/questions/22662488/how-to-get-mysqli-error-information-in-different-environments-mysqli-fetch-as – Don't Panic Jun 24 '19 at 18:15
  • Thanks for the help. Just used 'code' error_reporting(E_ALL); 'code' to find the problem .The issue was with my 'code' execute. stmt->execute(); 'code' I did not put the parenthesis on it. – mobry88 Jun 24 '19 at 19:36

1 Answers1

0

Placing error_reporting(E_ALL); at the top of the page will show that there is problem with the $stmt->execute;

$stmt->execute; should be stmt->execute();

mobry88
  • 19
  • 4