0

I wrote a code that protects me from sql injections, but now it doesn't even create users. Here is the my code:

    <?php
$user = $_GET['username'];
$pass = $_GET['password'];

$servername = "localhost";
$username = "root";
$password = "";
$dbname = "test123";

$conn = new mysqli($servername, $username, $password, $dbname);
function selectInfo($user, $pass){
    global $conn;
    $stmt = $conn->prepare("INSERT INTO users (username, password) VALUES (?, ?)");
    $stmt->bind_param("ss", $user, $pass);
    $stmt->execute();
    $stmt->close();
    }
?>

i get no error when executing but it doesn't create users that i need. Sorry for bad code. Im new at this.

Improve this question
6
  • Are you passing username and pasword in url? Its also strange any one can know your password. Commented Jul 29, 2017 at 7:28
  • You got no error because you are not looking for it. Commented Jul 29, 2017 at 7:29
  • If you want to use $conn in your function, then pass it in as a parameter, try not to use global if you can avoid it. Commented Jul 29, 2017 at 7:34
  • I use get because i want to use it with c#, but maybe i wont use it. Commented Jul 29, 2017 at 7:35
  • Thanks for everyone who answered. I appreciate it :) Commented Jul 29, 2017 at 7:36

1 Answer 1

Reset to default
3

the real reason is you are not calling the function

either do this

  <?php
$user = $_GET['username'];
$pass = $_GET['password'];

$servername = "localhost";
$username = "root";
$password = "";
$dbname = "test123";

$conn = new mysqli($servername, $username, $password, $dbname);
function selectInfo($user, $pass){
    global $conn;
    $stmt = $conn->prepare("INSERT INTO users (username, password) VALUES (?, ?)");
    $stmt->bind_param("ss", $user, $pass);
    $stmt->execute();
    $stmt->close();
    }
selectInfo($user, $pass);
?>

or 

<?php
$user = $_GET['username'];
$pass = $_GET['password'];

$servername = "localhost";
$username = "root";
$password = "";
$dbname = "test123";

$conn = new mysqli($servername, $username, $password, $dbname);

    $stmt = $conn->prepare("INSERT INTO users (username, password) VALUES (?, ?)");
    $stmt->bind_param("ss", $user, $pass);
    $stmt->execute();
    $stmt->close();


?>
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

"..not calling the function" was the catch.
Well, i can't believe i didn't called the function. Must be so blind :D

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.