When I bind data in my php file to my database. I check by database and the values are all NULL? What is wrong?
Also: How can I pass a hashed password to be stored in my database? I know how to password_hash and password_verify. I can't figure out how to store a hashed password.
/*the variables are declared in a html form in another file. The action attribute
calls this php file with this code here. I use POST to get the user input for each of the variables first, last, password, and initials*/
//create database connection
$dbc = mysqli_connect ('domain', 'root', 'password', 'database')
or die ('Error connecting');
//my condition to check for value when user enters data from html form. I use POST and isset.
if (isset($_POST['first']) && isset($_POST['last']) && isset($_POST['password']) &&
isset ($_POST['initials'])) {
//This is where I bind the data to prevent sql injection attacks.
$thisdb= mysqli_prepare($dbc, "INSERT INTO database VALUES (?, ?, ?, ?)");
mysqli_stmt_bind_param($stmt, 'sssd', $first, $last, $password, $initials);
mysqli_stmt_execute($thisdb);
mysqli_stmt_close($thisdb);
}
else
{ echo('user missing data'); exit();}
// close database
mysqli_close ($dbc);
Use:
mysqli_stmt_bind_param($stmt, 'sssd', $_POST['first'], $_POST['last'], $_POST['password'], $_POST['initials']);
You were binding to variables that you never assigned.
Apart from the undefined variables that are already mentioned, you might run into problems as you are declaring your initials as a double:
mysqli_stmt_bind_param($stmt, 'sssd', $first, $last, $password, $initials);
^ are you sure initials is supposed to be a double?
You probably want:
mysqli_stmt_bind_param($stmt, 'ssss', $_POST['first'], $_POST['last'], $_POST['password'], $_POST['initials']);
You should add error handling to your database to see where what problem occurs exactly.
Note: Storing passwords in plain text is a very bad idea, you need to salt and hash them.