Errors in php and mysql registration code. (for school work)

Question

Im new to php and mysql and ive been making a registration system with phpmyadmin. Everything works fine apart from my member added page. If i add data through phpmyadmin it shows up in my get user info page but if i try to add data on my add member page it comes up with 2 errors. Here they are:

Warning: mysqli_stmt_bind_param(): Number of elements in type definition string doesn't match number of bind variables in C:\xampp\htdocs\memberadded.php on line 56

Error Occurred

Warning: mysqli_error() expects exactly 1 parameter, 0 given in C:\xampp\htdocs\memberadded.php on line 73

Below is my member added page in which the errors are coming up. Please could you help me locate what causes them , would really appreciate it.

     <html>
    <head>

    <title>Add Student</title>
    </head>
    <body>
    <?php

    if(isset($_POST['submit'])){

    $data_missing = array();

    if(empty($_POST['username'])){

        // Adds name to array
        $data_missing[] = 'Username';

    } else {

        // Trim white space from the name and store the name
        $username = trim($_POST['username']);

    }

    if(empty($_POST['password'])){

        // Adds name to array
        $data_missing[] = 'Password';

    } else{

        // Trim white space from the name and store the name
        $password = trim($_POST['password']);

    }

       if(empty($_POST['email'])){

        // Adds name to array
        $data_missing[] = 'Email';

    } else {

        // Trim white space from the name and store the name
        $email = trim($_POST['email']);

    }

    if(empty($data_missing)){

        require_once('../mysqli_connect.php');

        $query = "INSERT INTO members (username, password, email) VALUES (?, ?, ?)";

        $stmt = mysqli_prepare($dbc, $query);

        mysqli_stmt_bind_param($stmt, "ss", $username, $password, $email);

        mysqli_stmt_execute($stmt);

        $affected_rows = mysqli_stmt_affected_rows($stmt);

        if($affected_rows == 1){

            echo 'User Entered';

            mysqli_stmt_close($stmt);

            mysqli_close($dbc);

        } else {

            echo 'Error Occurred <br />';
            echo mysqli_error();

            mysqli_stmt_close($stmt);

            mysqli_close($dbc);

        }

    } else {

        echo 'You need to enter the following data<br />';

        foreach($data_missing as $missing){

            echo "$missing<br />";

        }

    }

}

?>

<form action="http://localhost/memberadded.php" method="post">

    <b>Add a New User</b>

<p>Username:
<input type="text" name="username" size="30" value="" />
</p>

<p>Password:
<input type="password" name="password" size="30" value="" />
</p>

<p>Email:
<input type="text" name="email" size="30" value="" />
</p>

<p>
    <input type="submit" name="submit" value="Send" />
</p>

</form>
</body>
</html>

**Never store plain text passwords!** Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). Make sure that you [don't escape passwords](http://stackoverflow.com/q/36628418/1011527) or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. — Jay Blanchard, Apr 29 '16 at 21:06
First, you have `"ss"` and you should have `"sss"`. One each for the three variables you're inserting. — Jay Blanchard, Apr 29 '16 at 21:08
`mysqli_error()` requires the connection link. I am guessing the link is `$dbc`, so `mysqli_error($dbc)` would be the correct usage. — Jay Blanchard, Apr 29 '16 at 21:09
nitpic: you're not building a login system with phpmyadmin. you're building a login system with mysql. phpmyadmin is a MANAGEMENT interface for the mysql database server. — Marc B, Apr 29 '16 at 21:11

Evhz · Accepted Answer · 2016-04-29T21:29:13.367

0

Your file: mysqli_connect.php should return the mysqli_connect() element. Have a look at the docs:

$dbc = mysqli_connect("127.0.0.1", "user", "password", "mydb");

There are 3 strings as params, so set "sss" instead of "ss" in mysqli_stmt_bind_param method. Do so, modify your file to return a mysqli db connection and, add in your code:

$dbc=require_once('../mysqli_connect.php');
...

...
if(empty($data_missing)){ 
    ...
    mysqli_stmt_bind_param($stmt, "sss", $username, $password, $email);
    ...
} else {

     echo 'Error Occurred <br />';
     echo mysqli_error($dbc); // Here

     mysqli_stmt_close($stmt);
     mysqli_close($dbc);    // as it is here
}

That should solve your Warning.

edited Apr 29 '16 at 21:29

answered Apr 29 '16 at 21:16

Evhz

8,852
9
51
69

1

The OP appears to be connecting OK, else they would not be getting the errors they are getting. The first warning [was solved here](http://stackoverflow.com/questions/36947417/errors-in-php-and-mysql-registration-code-for-school-work#comment61453526_36947417). The second was [solved here](http://stackoverflow.com/questions/36947417/errors-in-php-and-mysql-registration-code-for-school-work#comment61453548_36947417). – Jay Blanchard Apr 29 '16 at 21:21
If the connection is working not return is needed though – Evhz Apr 29 '16 at 21:32
@Karlos thanks for the help, solved my problem appreciate it. But someone mentioned about the built in password_hash() if you have time please could you explain it to me – PokeSteelProductions Apr 30 '16 at 21:17
try not so save plain passwords in db, use [this](https://github.com/ircmaxell/password_compat) library or a different kind of hash function, that you apply on the user input password before saving it in the db. As in your code it looks you don't process the `$_POST['password']` before the insert operation. – Evhz Apr 30 '16 at 21:28

Errors in php and mysql registration code. (for school work)

1 Answers1