#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2017
    Posts
    107
    Rep Power
    1

    Question Improvements To Member Regsitration Site Reg.php


    Ladies & Gentleman,

    Or should I say 'Gentle Ladies' and 'Hard Men' (tough guys)! :winky:


    Here is my very latest (New Code) reg.php. I have modified it by:

    * Removing outdated strip tags, mysqli_real_escape_string.
    * Bound input parameters on the user reg form.
    * Added htmlspecialcharacters code on output to prevent sql injection.

    Look how cluttered my old code was before a lot of programmers here and other sources helped me out (thanks to all!).

    Ok, my new code does not have the email confirmation code and a lot of others but I will add them soon. I took them out here to make the new code simple for you to easily understand the code. Kept just the fundamentals on the 1st impression. Will add the remaining necessities on the 2nd impression.
    You are welcome to make any suggestions and critisize the coding (but do bother to show an example of an improvement to the area you critisize). Ok ?


    Old Code:

    PHP Code:

    <?php

    //DB connection details.    
    $server_name "localhost";
    $user_name "root";
    $server_password "";
    $db_name "e-id";


    //Connect to DB.
    $conn = new mysqli($server_name,$user_name,$server_password,$db_name);

    if(
    $conn->connect_error)
    {
        die(
    $conn->connect_error);
    }

    //Site details.
    $site_domain "site-domain.com";
    $site_name "site-name";
    $site_admin_email "admin@site-domain.com";

    //Perform following action when user registration "Submit button is clicked".
    if  (isset($_POST['submit']))
    {
        
    //Check if user filled-in "Username", "Password" and "Email" fields or not. If not, give alert to fill them in.
        
    if(!empty($_POST["member_registration_username"]) && !empty($_POST["member_registration_password"])&& !empty($_POST["member_registration_email"]))
        {
            
    $member_registration_username trim(strip_tags(strtolower(mysqli_real_escape_string($conn,$_POST["member_registration_username"]))));
            
    $member_registration_password trim(strip_tags(md5(mysqli_real_escape_string($conn,$_POST["member_registration_password"]))));
            
            
    //Check for Username match in users    table.    
            
    $sql "SELECT * FROM users WHERE Usernames ='".$member_registration_username."'";
            
    $result mysqli_query($conn,$sql);
            
    //If there is a Username match in the "Usernames" column then do the following ...
            
    if(mysqli_num_rows($result)!=0)
            {
                
    //Give alert "username" already taken.
                
    $_SESSION['message']="That Username $member_registration_username is already registered!";
                exit();
            }

            
    //Check for Email match in users table.
            
    $sql "SELECT * FROM users WHERE Emails ='".$member_registration_email."'";
            
    $result mysqli_query($conn,$sql);
            
            
    //If there is a Username match in the "Usernames" column then do the following ...
            
    if(mysqli_num_rows($result)>0)
            {
                
    //Give alert "email" already taken.
                
    $_SESSION['message']="That Email $member_registration_email is already registered!";
                exit();
            }
            
            
    //Dump new "Username", "Email" and "Password" into "users" table.
            
    $sql "INSERT INTO users(Usernames,Passwords,Emails) VALUES('".$member_registration_username."','".$member_registration_password."','".$member_registration_email."')";
            if(
    $sql)
            {
                
    //Give alert dumping new user details into db a success.
                
    $_SESSION['message']="Data insertion into table success!";
            }
            else    
            {
                
    //Give alert dumping new user details into db a failure.
                
    $_SESSION['message']="Data insertion into table failure!";
            }    
        }
        else
        {    
    //Give alert to fill-in all fields.
            
    $_SESSION['message']="You must fill-in all input fields!";
        }
    }

    ?>
    <!DOCTYPE html>
    <html>
    <head>
    <title><?php $site_name ?> Signup Page</title>
      <meta charset="utf-8">
    </head>
    <body>
    <div class = "container">
    <form method="post" action="">
    <center><h2>Signup Form</h2></center>
    <div class="form-group">
    <center><label>Username:</label>
    <input type="text" placeholder="Enter a unique Username" name="member_registration_username" required [A-Za-z0-9]></center>
    </div>
    <div class="form-group">
    <center><label>Password:</label>
    <input type="password" placeholder="Enter a new Password" name="member_registration_password" required [A-Za-z0-9]></center>
    </div>
    <div class="form-group">
    <center><label>Email:</label>
    <input type="email" placeholder="Enter your Email" name="member_registration_email" required [A-Za-z0-9]></center>
    </div>
    <center><button type="submit" class="btn btn-default" name="submit">Register!</button></center>
    </form>
    </div>
    </body>
    </html>

    New Code:

    PHP Code:

    <?php

    //Connect to DB.
    require "conn.php";

    //Grab basic site details.
    require "site_details.php";

    //Perform following action when user registration "Submit button is clicked".
    if  (isset($_POST['submit']))
    {
        
    //Check if user filled-in "Username", "Password" and "Email" fields or not. If not, give alert to fill them in.
        
    if(!empty($_POST["member_registration_username"]) && !empty($_POST["member_registration_password"])&& !empty($_POST["member_registration_email"]))
        {
            
    //Check for username match in "Usernames" column in "users"    table. If there is a match then do the following ...
            
    $stmt mysqli_prepare($conn'SELECT COUNT(*) FROM users WHERE usernames = ?');
            
    mysqli_stmt_bind_param($stmt's'$_POST['member_registration_username']);
            
    mysqli_stmt_execute($stmt);
            
    mysqli_stmt_bind_result($stmt$rows);
            if (
    mysqli_stmt_fetch($stmt) && $rows
            {
                die(
                
    'That Username '.htmlspecialchars($_POST['member_registration_username']).' is already registered!'
                
    );
            }

            
    //Check for email match in "Emails" column is "users" table. If there is a match then do the following ...
            
    $stmt mysqli_prepare($conn'SELECT COUNT(*) FROM users WHERE emails = ?');
            
    mysqli_stmt_bind_param($stmt's'$_POST['member_registration_email']);
            
    mysqli_stmt_execute($stmt);
            
    mysqli_stmt_bind_result($stmt$rows);
            if (
    mysqli_stmt_fetch($stmt) && $rows
            {
                die(
                
    'That Email '.htmlspecialchars($_POST['member_registration_email']).' is already registered!'
                
    );
            }
            
            
    //Dump new "Username", "Email" and "Password" into "users" table.        
            
    $name $_POST['member_registration_username'];
            
    $password $_POST['member_registration_email'];
            
    $password $_POST['member_registration_password'];
     
            if (
    $stmt $mysqli->prepare("INSERT INTO tbl_users (name, password) VALUES (?, ?)")) 
            { 
            
    // Bind the variables to the parameter as strings. 
            
    $stmt->bind_param("ss"$name$password);
     
            
    // Execute the statement.
            
    $stmt->execute();
     
            
    // Close the prepared statement.
            
    $stmt->close();
            }    
        }
        else
        {    
    //Give alert to fill-in all fields.
            
    echo "You must fill-in all input fields!";
        }
    }

    ?>
    <!DOCTYPE html>
    <html>
    <head>
    <title><?php $site_name ?> Signup Page</title>
      <meta charset="utf-8">
    </head>
    <body>
    <div class = "container">
    <form method="post" action="">
    <center><h2>Signup Form</h2></center>
    <div class="form-group">
    <center><label>Username:</label>
    <input type="text" name="member_registration_username" required [A-Za-z0-9]></center>
    </div>
    <div class="form-group">
    <center><label>Password:</label>
    <input type="password" name="member_registration_password" required [A-Za-z0-9]></center>
    </div>
    <div class="form-group">
    <center><label>Email:</label>
    <input type="email" name="member_registration_email" required [A-Za-z0-9]></center>
    </div>
    <center><button type="submit" class="btn btn-default" name="submit">Register!</button></center>
    </form>
    </div>
    </body>
    </html>

    Fellow programmers, looking at my 2nd code, do you think:

    * it is better;
    * clutter free;
    * more understandable;
    * sql injection free.


    And, on my 2nd code, any chance you can help me convert the INSERT sql command (line 45-55) to mysqli style from pdo ?
    I got that pdo code from:
    3 Ways to Prevent SQL Injection in PHP - wikiHow

    Since most of my code, in my many pages script, is in mysqli or procedural style, it will look odd if 10 lines are pdo or oop style.
    Yes, I know I know, I should do it in pdo and oop style but I'm still a beginner and most tutorials on basic php are in mysqli and procedural style and so I cannot just switch to pdo and oop just yet. Let me learn to walk first and then I'll hop like a Kangaroo. I'm still a toddler. have to take things one step at a time or I'll get confused and put-off from php.

    Question: On my 1st (old code), you will see I don't use the "echo" but "Session Message" instead as 2 youtube tutorials showed to do it that way without giving any explanation why. Therefore, I ask:

    1. What is the difference and benefits (pros) aswell as the cons between the echo and the session message ?
    2. When should I use which one of them ?


    Thanks!
    Last edited by UniqueIdeaMan; April 17th, 2017 at 08:08 AM.
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2017
    Posts
    107
    Rep Power
    1
    Ooops! Another source just brought it to my attention that I'm still breaking rules about storing passwords. Suggested me this:

    Never store passwords in a database! - Tom Moertel

    I forgot to hash it. Infact, just gonna read up on hashing now.

    PHP: password_hash - Manual
    PHP: password_verify - Manual
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2017
    Posts
    107
    Rep Power
    1
    Hello Everyone!

    What do you make out of my latest code update ?


    Member Reg & Login script

    config.php

    PHP Code:

    <?php

    /*
    *    ERROR HANDLING
    *    ini_set('display_errors', 1);
    *   ini_set('display_startup_errors', 1);

    *    For All Error, Warning and Notice
    *   error_reporting(E_ALL); OR error_reporting(-1);
    *    For All Errors
    *   error_reporting(E_ERROR);
    *    For All Warnings
    *   error_reporting(E_WARNING);
    *    For All Notice
    *   error_reporting(E_NOTICE);
    */
    error_reporting(E_ALL);

    // session start
    session_start();

    // include files
    include 'conn.php';
    include 
    'site_details.php';

    // include functions
    include 'functions.php';

    ?>

    functions.php

    PHP Code:

    <?php
    // functions file

    /*
    * check if user is logged by checking if session named "user" isset
    * return true if session "user" exists or false if not exists
    */
    function is_logged() {
        if (isset(
    $_SESSION["user"]) && !empty($_SESSION["user"])) {
            return 
    true;
        } else {
            return 
    false;
        }
    }
    ?>

    site_details.php

    PHP Code:

    <?php

    $site_name 
    "Programmer's Haven";
    $site_domain "domain.com";
    $site_admin_email "programmers_haven_admin@domain.com";

    ?>

    reg.php

    PHP Code:

    <?php

    // config.php contains reference to site_details.php (which contains details such as site name, site domain, webmaster email) and conn.php (which contains db connection details).
    include 'config.php';

    // Check if user is already logged in or not.
    if (is_logged() === true) {
        die(
    "You are logged in, can't register.");
    }

    if (
    $_SERVER['REQUEST_METHOD'] == "POST")
    {
        if (isset(
    $_POST["username"]) && 
           isset(
    $_POST["password"]) &&
           isset(
    $_POST["password_confirmation"]) && 
           isset(
    $_POST["email"]) && 
           isset(
    $_POST["email_confirmation"]) && 
           isset(
    $_POST["forename"]) && 
           isset(
    $_POST["gender"]) &&
           isset(
    $_POST["surname"])) {

            
    // Create random hash for email confirmation.
               
    $member_registration_random_numbers sha1(mt_rand(530));

               
    // Account activation link that will verify email.
            
    $account_activation_link "http://www.'".$site_domain."'.com/$site-name/activate_account.php?email='".$_POST['email']."'&hash='".$member_registration_random_numbers."'";

               
    // Remove space in start of string.
               /*
            *    Passwords and email are leaved unescaped here because
            *    if you put them into mysqli_real_escape_string they are not empty.
               */
            
    $username     trim(mysqli_real_escape_string($conn$_POST["username"]));
            
    $password     $_POST["password"];
            
    $password2     $_POST["password_confirmation"];
            
    $forename     trim(mysqli_real_escape_string($conn$_POST["forename"]));
            
    $surname     trim(mysqli_real_escape_string($conn$_POST["surname"]));
            
    $gender     trim(mysqli_real_escape_string($conn$_POST["gender"]));
            
    $email         $_POST["email"];
            
    $email_confirmation $_POST["email_confirmation"];
            
    $email2     trim(mysqli_real_escape_string($conn$email)); // Escaped email for inserting into database
            
    $activation 0// 1 = active | 0 = not active

            // Hashed password.
            
    $hashed_pass password_hash($passwordPASSWORD_DEFAULT); 
        
            
    // Select username and email to check if they exist or not.
            
    $stmt mysqli_prepare($conn"SELECT usernames, emails FROM users WHERE usernames = ? OR emails = ?");
            
    mysqli_stmt_bind_param($stmt'ss'$username$email);
            
    mysqli_stmt_execute($stmt);
            
    $result mysqli_stmt_get_result($stmt);

            
    $row mysqli_fetch_array($resultMYSQLI_ASSOC);

            
    // check if username is registered
            
    if ($row['Usernames'] == $username) {
                
    $_SESSION['error'] = "That username is already registered.";
            
    // check if username is between 6 and 30 characters long
            
    } elseif (strlen($username) < || strlen($username) > 30) {
                
    $_SESSION['error'] = "Username must be between 6 and 30 characters long.";
            
    // check if email is registered
            
    } elseif ($row['Emails'] == $email) {
                
    $_SESSION['error'] = "That email is already registered.";
            
    // check if emails match
            
    } elseif ($email != $email_confirmation) {
                
    $_SESSION['error'] = "Emails don't match.";
            
    // check if email is actual email
            
    } elseif (!filter_var($emailFILTER_VALIDATE_EMAIL)) {
                
    $_SESSION['error'] = "Invalid email format.";
            
    // check if passwords match
            
    } elseif ($password != $password2) {
                
    $_SESSION['error'] = "Passwords don't match.";
            
    // check if password lenght is between 6 and 30 charaters long
            
    } elseif (strlen($password) < || strlen($password) > 30) {
                
    $_SESSION['error'] = "Password must be between 6 and 30 characters long.";
            } else {

                
    // insert query with mysqli prepared statement
                
    $stmt mysqli_prepare($conn"INSERT INTO users(usernames, passwords, emails, forenames, surnames, genders, account_activation_codes, account_activations) VALUES (?, ?, ?, ?, ?, ?, ?, ?)");
                
    mysqli_stmt_bind_param($stmt'sssssssi'$username$hashed_pass$email2$forename$surname$gender$member_registration_random_numbers$activation);
                
    mysqli_stmt_execute($stmt);

                
    // check if query is inserted
                
    if (mysqli_stmt_insert_id($stmt)) {
                    echo 
    "<h3 style='text-align:center'>Thank you for your registration.<br /> Redirecting to login page ...</h3>";

                    
    // Redirect to login page after 5 seconds
                    
    header("refresh:5;url=login.php");

                    
    // Empty $_SESSION['error'] variable so no more in use, its empty now.
                    
    unset($_SESSION['error']);
                    unset(
    $_POST);
                    exit(); 

                    
    // Email sent to new user with account activation link.
                    
    $to $email;
                    
    $subject "Your '".$site_name."' Account Activation!";
                    
    $body $forename.' '.$surname."\n\n You need to click the following link to confirm your email address and activate your account.\n\n\
                    
    $account_activation_link";
                    
    $from $site_admin_email;
                    
    $headers "from: " $from;
                
                    if (
    mail($to,$subject,$body,$headers)) {
                        
    $_SESSION['error'] = "Registration sucessfuly. Check your email for further instructions!";
                    } else {
                        
    $_SESSION['error'] = "Email not sent, please contact website administrator.";
                    }
                    */
                } else {
                    
    $_SESSION['error'] = "There was a problem with registering, please try again.";
                }

            }
        }
    }


    ?>
    <!DOCTYPE html>
    <html>
        <head>
            <title><?php $site_name ?> Signup Page</title>
        </head>
    <body>
    <div class ="container">

    <?php

    // error messages
    if (isset($_SESSION['error']) && !empty($_SESSION['error'])) {
        echo 
    '<p style="color:red;">'.$_SESSION['error'].'</p>';
    }

    ?>

    <form method="post" action="">
        <center><h2>Signup Form</h2></center>
        <div class="form-group">
            <center><label>Username:</label>
            <input type="text" placeholder="Enter a unique Username" name="username" required [A-Za-z0-9] value="<?php if(isset($_POST['username'])) { echo htmlentities($_POST['username']); }?>"></center>
        </div>
        <div class="form-group">
            <center><label>Password:</label>
            <input type="password" placeholder="Enter a new Password" name="password" required [A-Za-z0-9]></center>
        </div>
        <div class="form-group">
            <center><label>Repeat Password:</label>
            <input type="password" placeholder="Repeat a new Password" name="password_confirmation" required [A-Za-z0-9]></center>
        </div>
        <div class="form-group">
            <center><label>First Name:</label>
            <input type="text" placeholder="Enter your First Name" name="forename" required [A-Za-z] value="<?php if(isset($_POST['forename'])) { echo htmlentities($_POST['forename']); }?>"></center>
        </div>
        <div class="form-group">
            <center><label>Surname:</label>
            <input type="text" placeholder="Enter your Surname" name="surname" required [A-Za-z] value="<?php if(isset($_POST['surname'])) { echo htmlentities($_POST['surname']); }?>"></center>
        </div>
        <div class="form-group">
            <center><label>Gender:</label>
            <input type="radio" name="gender" value="male" <?php if(isset($_POST['gender'])) { echo 'checked'; }?> required>Male<input type="radio" name="gender" value="female" <?php if(isset($_POST['gender'])) { echo 'checked'; }?> required>Female</center>
        </div>
        <div class="form-group">
            <center><label>Email:</label>
            <input type="email" placeholder="Enter your Email" name="email" required [A-Za-z0-9] value="<?php if(isset($_POST['email'])) { echo htmlentities($_POST['email']); }?>"></center>
        </div>
        <div class="form-group">
            <center><label>Repeat Email:</label>
            <input type="email" placeholder="Repeat your Email" name="email_confirmation" required [A-Za-z0-9] value="<?php if(isset($_POST['email_confirmation'])) { echo htmlentities($_POST['email_confirmation']); }?>"></center>
        </div>
        <center><button type="submit" class="btn btn-default" name="submit">Register!</button></center>
        <center><font color="red" size="3"><b>Already have an account ?</b><br><a href="login.php">Login here!</a></font></center>

    </form>

    </div>
    </body>
    </html>

    login.php

    PHP Code:

    <?php
    include 'config.php';

    // check if user is already logged in
    if (is_logged() === true) {
        die(
    "You are already logged in.");
    }

    if (
    $_SERVER['REQUEST_METHOD'] == "POST")
    {
        if (isset(
    $_POST["username_or_email"]) && isset($_POST["password"])) {

            
    $username $_POST["username_or_email"];
            
    $email $_POST["username_or_email"];
            
    $password $_POST["password"];

            
    $stmt mysqli_prepare($conn"SELECT Usernames, Passwords, Emails, Account_Activation_Codes, Account_Activations FROM users WHERE Usernames = ? OR Emails = ?");
            
    mysqli_stmt_bind_param($stmt'ss'$username$email);
            
    mysqli_stmt_execute($stmt);
            
    $result mysqli_stmt_get_result($stmt);

            
    $row mysqli_fetch_array($resultMYSQLI_ASSOC);
            
            
    // check for username and password matching
            
    if ($username == $row['Usernames']  || $email == $row['Emails'] && password_verify($password$row['Passwords'])) {

                
    /* 
                * Check if user has activation link in database, if it has then he has not activated his account
                * or
                * check if user Activation_Accounts is set to 1 its active and 0 is not active.
                */
                
    if ($row['Account_Activation_Codes'] != '' || $row['Account_Activations'] == '0') {
                    
    $error "You didn't activate your account. Please check your email.";
                } else {        

                    
    // if remember me check box is checked set cookie
                    
    if (isset($_POST['remember']) && $_POST['remember'] == "on") {
                        
    /*
                        * if you want to set cookie, set only hash and store it into database
                        * when you come on login page you need to check  if that hash from cookie exists in database
                        * if it exist just start session
                        * NEVER STORE USERNAMES, EMAILS, PASSWORDS AND OTHER USER INFORMATION IN COOKIE
                        */

                        //setcookie("username_or_email", $username_or_email, time()+ (10 * 365 * 24 * 60 * 60));
                        //setcookie("password", $password, time()+ (10 * 365 * 24 * 60 * 60));
                    
    } else {
                        
    // start session
                        
    $_SESSION["user"] = $username;
                        
    $_SESSION["user"] = $email;

                        
    // redirect to member page
                        
    header("Location: home.php");
                        exit();
                    }

                }
                        
            } else {
                
    $error "Invalid username or password.";
            }        
        }
    }    

    ?>
    <!DOCTYPE html>
    <html>
        <head>
            <title><?php $site_name?> Member Login Page</title>
        </head>
    <body>
    <div class="container">
        <form method="post" action="">
        <h3 style="text-align:center;"><?php $site_name ?> Member Login Form</h3>

        <?php if(!empty($error)) { echo '<p style="color:red; text-align:center;">'.$error.'</p>'; } ?>

            <div class="form-group">
                <center><label>Username/Email:</label>
                <input type="text" placeholder="Enter Username or Email" name="username_or_email" required></center>
            </div>
            <div class="form-group">
                <center><label>Password:</label>
                <input type="password" placeholder="Enter password" name="password" required></center>
            </div>
            <div class="form-group">
                <center><label>Remember Login Details:</label>
                <input type="checkbox" name="remember"></center>
            </div>
            <div class="form-group">
                <center><input type="submit" name="submit" value="Login" class="button button-success"></center>
            </div>

            <div class="form-group">
                <center><font color="red" size="3"><b>Forgot your password ?</b><br><a href="member_login_password_reset.php">Reset it here!</a></font></center>
                <center><font color="red" size="3"><b>Not registered ?</b><br><a href="register.php">Register here!</a></font></center>
            </div>
        </form>
    </div>
    </body>
    </html>
    I am getting these absurd errors on reg.php:

    Notice: Undefined variable: site in C:\xampp\htdocs\...\...\register.php on line 24
    Warning: mysqli_stmt_bind_param() expects parameter 1 to be mysqli_stmt, boolean given in C:\xampp\htdocs\....\...\register.php on line 78
    Warning: mysqli_stmt_execute() expects parameter 1 to be mysqli_stmt, boolean given in C:\xampp\htdocs\...\...\register.php on line 79
    Warning: mysqli_stmt_insert_id() expects parameter 1 to be mysqli_stmt, boolean given in C:\xampp\htdocs\...\...\register.php on line 82


    And these errors on the login.php:

    Warning: mysqli_stmt_bind_param() expects parameter 1 to be mysqli_stmt, boolean given in C:\xampp\htdocs\...\...\login.php on line 18
    Warning: mysqli_stmt_execute() expects parameter 1 to be mysqli_stmt, boolean given in C:\xampp\htdocs\...\...\login.php on line 19
    Warning: mysqli_stmt_get_result() expects parameter 1 to be mysqli_stmt, boolean given in C:\xampp\htdocs\...\...\login.php on line 20
    Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, null given in C:\xampp\htdocs\...\...\login.php on line 22


    Apart from the error codes. I believe the script is now sql injection free and the password hashing is sound. What is your opinion ?
  6. #4
  7. Banned (not really)
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 1999
    Location
    Caro, Michigan
    Posts
    14,667
    Rep Power
    4495
    Well, look at your highlighted code again, and you can see the $site variable highlighted.... I can only assume you meant to refer to a $site-name variable? If so, put it outside of the string like you did with $site_domain or put curly braces around it.
    PHP Code:
    $account_activation_link "http://www.'".$site_domain."'.com/$site-name/activate_account.php?email='".$_POST['email']."'&hash='".$member_registration_random_numbers."'"

    As for the rest, mysqli_prepare() will return FALSE when there is an error. You're not doing any checking for that and always assuming $stmt is a valid statement object that you can use. Your prepare() line is failing, which is causing the warnings on the other lines. "boolean given" is your hint.

    -John
    -- Cigars, whiskey and wild, wild women. --
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2017
    Posts
    107
    Rep Power
    1
    Originally Posted by Sepodati
    Well, look at your highlighted code again, and you can see the $site variable highlighted.... I can only assume you meant to refer to a $site-name variable? If so, put it outside of the string like you did with $site_domain or put curly braces around it.
    PHP Code:
    $account_activation_link "http://www.'".$site_domain."'.com/$site-name/activate_account.php?email='".$_POST['email']."'&hash='".$member_registration_random_numbers."'"

    As for the rest, mysqli_prepare() will return FALSE when there is an error. You're not doing any checking for that and always assuming $stmt is a valid statement object that you can use. Your prepare() line is failing, which is causing the warnings on the other lines. "boolean given" is your hint.

    -John
    Last night, I corrected it to this:

    "$account_activation_link = "http://www.'".$site_domain."'.com/'".$site_name."'/activate_account.php?"
  10. #6
  11. Banned (not really)
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 1999
    Location
    Caro, Michigan
    Posts
    14,667
    Rep Power
    4495
    Congrats, you picked the lowest hanging fruit.
    -- Cigars, whiskey and wild, wild women. --
  12. #7
  13. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2017
    Posts
    107
    Rep Power
    1
    Sedopati,


    Can you be kind enough to fix my BIND PARAMS so I don't get these errors ? I'm at a loss how to get this done. I will learn from your sample and other newbies too who visit this thread.
    My errors are mentioned in my original post.
  14. #8
  15. Banned (not really)
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 1999
    Location
    Caro, Michigan
    Posts
    14,667
    Rep Power
    4495
    I already told you what was happening with that. Your prepare() statement looks like it's failing. Print out $stmt->error and see what it says.
    -- Cigars, whiskey and wild, wild women. --
  16. #9
  17. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2017
    Posts
    107
    Rep Power
    1
    Errors are gone now!
    I had changed the column names from capital to lower case on the first letters a wk ago and forgotten about it and so did not update the script. Like:
    "Usernames" to "username" and so on. That is why it was not working and spitting errors!

IMN logo majestic logo threadwatch logo seochat tools logo