CODEWITHSUNDEEP
phpmysqli
user1591983
user1591983

Reputation: 3

PHP->MySQL, ERROR: "Trying to get property of non-object"

Im fairly new to php/sql, but I did alot of research about this until I decided to get help.

Basically im trying to insert a new username/email/password/salt into a MySQL5 DB. This is my test register.php with just an echo:

include 'dbcxn.php';

$usr = $_POST['user'];
$mail = $_POST['mail'];
$pwd = $_POST['p'];
$random_salt = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true));
$password = hash('sha512', $pwd.$random_salt);

$insert_stmt = DB::cxn()->prepare("INSERT INTO members (username, email, password, salt) VALUES ($usr, $mail, $password, $random_salt)");
echo $insert_stmt->param_count." parameters\n";

I tried using just "$insert_stmt = $mysqli->prepare", same thing happens. So I made the class DB. Here's my dbcxn.php if it helps:

define("HOST", "");
define("USER", "");
define("PASSWORD", "");
define("DATABASE", "");
define("PORT", "");

$mysqli = new mysqli(HOST, USER, PASSWORD, DATABASE, PORT);

class DB {
private static $mysqls;
private function __construct(){}

static function cxn() {
    if( !self::$mysqls ) {
        self::$mysqls = new mysqli(HOST, USER, PASSWORD, DATABASE, PORT);
    }
    return self::$mysqls;
}
}

Don't know what else to try and need to get some sleep :). Thanks in advance for any advice.

Upvotes: 0

Views: 1448

Answers (2)

rooobertek
rooobertek

Reputation: 300

Your SQL has syntax error. What you get is something like: INSERT INTO members (username, email, password, salt) VALUES (username, [email protected], mypassword, lkjlk21j3lkjsdclksdmfl3i4)

You may want this:

INSERT INTO members (username, email, password, salt) VALUES (?, ?, ?, ?)

Upvotes: 0

Michael
Michael

Reputation: 3141

Your main problem is that your strings are not escaped, at all.

mysqli::prepare() is used for prepared queries. In order to make this work successfully, you should change your query to this:

$insert_stmt = DB::cxn()->prepare("INSERT INTO members (username, email, password, salt) VALUES (?, ?, ?, ?)");
$insert_stmt->bind_param('ssss', $usr, $mail, $password, $random_salt);
$insert_stmt->execute();

You can read up on the bind_param at http://www.php.net/manual/en/mysqli-stmt.bind-param.php for more information, and an explanation on that first parameter ('s' signifying a string value, there are 4 here because you're inserting 4 string values).

Upvotes: 0

Related Questions