So my variables are set.
My connection is working.
But I'm still getting blank values sent to the DB.
$stmt = $connection->prepare('INSERT INTO EMAILS (email, first, last) VALUES (?,?,?)');
$stmt->bind_param('sss',$email, $first, $last);
$email = mysql_real_escape_string($from);
$first = mysql_real_escape_string($fname);
$last = mysql_real_escape_string($lname);
$stmt -> bind_result($result);
$stmt->execute();
I'm not to prepared statements, so it's entirely possible it's all wrong, but if anyone could share some insight that would be great.
(edit: variables said values)
I don't see why you're escaping the strings AFTER you binded them to the query. As someone pointed out, you also don't need them when using prepared statements.
if(!$stmt = $connection->prepare("INSERT INTO EMAILS (email, first, last) VALUES (?,?,?)"))
{
die($connection->error);
}
$stmt->bind_param('sss', $from, $fname, $lname);
$stmt->execute();
$stmt->close();
This should input the values or display an error. For further debugging, you could also echo the $from, $fname, $lname variables to ensure they are what you think they are.
EDIT
And as someone else pointed out (but I missed since I didn't pay attention to the title of the question), we're working under the assumption that $from, $fname and $lname are actually defined at all. If submitted through a form, they can be defined using
$from = $_POST["from"];
$fname = $_POST["fname"];
$lname = $_POST["lname"];
Replace the names inside of $_POST[" "] with whatever you name these fields in the HTML form. And keep in mind this needs to be done before you register them with bind_param