Cannot pass parameter by reference

Question

I am trying to make a PHP installer for a project I am working on. When I hit the submit button on my installer, it causes this error to show up:

Fatal error: Uncaught Error: Cannot pass parameter 2 by reference.

Code:

$stmt = $db->prepare("INSERT INTO `users` (`user_id`, `email`, `password`, `name`, `token_code`, `email_activation_code`, `lost_password_code`, `facebook_id`, `type`, `active`, `language`, `date`, `ip`, `last_activity`, `last_user_agent`, `total_logins`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
$stmt->bind_param("ssssssssssssssss", '1', $adminEmail, $adminPass, $adminUsername, '', '', '', '', '1', '1', 'english',);

$adminEmail = $_POST['admin-email'];
$adminUsername = $_POST['admin-username'];
$adminPass = password_hash($_POST['admin-password'], PASSWORD_DEFAULT);
$stmt->execute();

score 1 · Answer 1 · answered Aug 09 '20 at 18:22

Bind_param only accepts variables and not '' or '1'

so define a variable and add it to bind_param,

$stmt = $db->prepare("INSERT INTO `users` (`user_id`, `email`, `password`, `name`, `token_code`, `email_activation_code`, `lost_password_code`, `facebook_id`, `type`, `active`, `language`, `date`, `ip`, `last_activity`, `last_user_agent`, `total_logins`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
$emptvar = '';
$one = '1';
$language = 'english';
$stmt->bind_param("ssssssssssssssss", $one, $adminEmail, $adminPass, $adminUsername, $emptvar , $emptvar , $emptvar , $emptvar , $one, $one, $language,);

$adminEmail = $_POST['admin-email'];
$adminUsername = $_POST['admin-username'];
$adminPass = password_hash($_POST['admin-password'], PASSWORD_DEFAULT);
$stmt->execute();

score 1 · Accepted Answer · answered Aug 09 '20 at 18:22

The problem is here, because bind_param() requires all its arguments be passed by reference (except the first arg which is the control string).

$stmt->bind_param("ssssssssssssssss", '1', $adminEmail, $adminPass, $adminUsername, 
  '', '', '', '', '1', '1', 'english',);

String literals like '1' are not lvalues, so they cannot be passed by reference.

You can fix it this way:

$one = '1';
$blank = '';
$english = 'english';

$stmt->bind_param("ssssssssssssssss", $one, $adminEmail, $adminPass, $adminUsername, 
  $blank, $blank, $blank, $blank, $one, $one, $english);

If it were me, I'd use PDO instead of mysqli. PDO has an easier method of passing parameters. No binding step necessary. Just pass as an array to execute(), and this accepts non-lvalues:

$stmt = $pdo->prepare(...);
$stmt->execute([
  '1', $adminEmail, $adminPass, $adminUsername, '', '', '', '1', '1', 'english'
]);

Cannot pass parameter by reference

2 Answers2