I am assuming by "Boolean" that it is coming out as "false"... Can anyone explain what could be wrong here? My code may be flawed altogether, but I would like some constructive criticism.
<?php
if ($_SERVER['REQUEST_METHOD'] = "POST") {
include("mytableconn.php");
$firstName = mysqli_real_escape_string($conn, trim($_POST['firstn']));
$lastName = mysqli_real_escape_string($conn, trim($_POST['lastn']));
$email = mysqli_real_escape_string($conn, trim($_POST['uemail']));
$password = mysqli_real_escape_string($conn, trim($_POST ['userpasscode']));
$cryption = "$2y$10$";
$chars = "thisisseriouslyfucked1";
$crypchar = $cryption . $chars;
$crypass = crypt($password, $crypchar);
$user = $conn->prepare("
INSERT INTO mytable(first_name, last_name, e_mail, pass_word)
VALUES(?, ?, ?, ?)
");
$user = $user->bind_param("ssss", $firstName, $lastName, $email, $crypass);
$user->execute();
$user->close();
$conn->close();
}else {
echo("Sorry, an unexpected error occurred");
}
?>
When you prepare the sql you assign it as a variable - you should then test that variable before proceeding to check that the sql is valid.
mysqli_prepare() returns a statement object or FALSE if an error occurred
<?php
if ( $_SERVER['REQUEST_METHOD'] = "POST" ) {
include("mytableconn.php");
$firstName = mysqli_real_escape_string($conn, trim($_POST['firstn']));
$lastName = mysqli_real_escape_string($conn, trim($_POST['lastn']));
$email = mysqli_real_escape_string($conn, trim($_POST['uemail']));
$password = mysqli_real_escape_string($conn, trim($_POST['userpasscode']));
$cryption = "$2y$10$";
$chars = "thisisseriouslyfucked1";
$crypchar = $cryption . $chars;
$crypass = crypt( $password, $crypchar );
$stmt = $conn->prepare("insert into `mytable` ( `first_name`, `last_name`, `e_mail`, `pass_word` ) values (?, ?, ?, ?)");
if( $stmt ){
$stmt->bind_param("ssss", $firstName, $lastName, $email, $crypass);
$stmt->execute();
$stmt->close();
}
$conn->close();
}else {
echo("Sorry, an unexpected error occurred");
}
?>