0 
 public function StoreUserInfo($sid, $name, $email, $password, $ktp, $gender) {
    $hash = $this->hashFunction($password);
    $encrypted_password = $hash["encrypted"];
    $salt = $hash["salt"];

    $stmt = $this->conn->prepare("UPDATE user SET name = $name , email = $email , encrypted_password = $encrypted_password , salt = $salt, ktp = $ktp , gender = $gender WHERE sid = '$sid'");
    $stmt->bind_param("sssssss", $sid, $name, $email, $encrypted_password, $salt, $ktp, $gender);
    $result = $stmt->execute();
    $stmt->close();

    if ($result) {
        $stmt = $this->conn->prepare("SELECT name, email, encrypted_password, salt, ktp, gender FROM user WHERE sid = $sid");
        $stmt->bind_param("s", $sid);
        if ($stmt === FALSE) {
        die($mysqli->error);}
        $stmt->execute();
        $stmt-> bind_result($token1,$token2,$token3,$token4,$token5,$token6,$token7);
        while ( $stmt-> fetch() ) {
           $user["sid"] = $token1;
           $user["name"] = $token2;
           $user["email"] = $token3;
           $user["ktp"] = $token6;
           $user["gender"] = $token7;
        }
        $stmt->close();
        return $user;
    } else {
        $response["error"] = TRUE;
        $response["error_msg"] = "Unknown error occurred in input!";
        echo json_encode($response);
      return false;
    }
}

I have this code and error shows

Fatal error: Call to a member function bind_param() on boolean in line 7

do I should not use prepare() on UPDATE ?

but when I remove it, it shows same error in line 13

then I need bind_param() right ?

what should I do ?

by the way my input updated in table, but i want to check it and return it true.

Improve this question
6
  • You are not using prepared query properly name = $name ?? In query you should place placeholders not directly variables Commented Oct 15, 2017 at 10:00
  • You need to bind the variables, not inject them right into the querystring. Commented Oct 15, 2017 at 10:01
  • 1
    you can do some search here php.net/manual/en/pdostatement.bindparam.php Commented Oct 15, 2017 at 10:03
  • @MKhalidJunaid actually the input updated in the table , i just want to make sure is it true or not. place holder is like a = $name ?? Commented Oct 15, 2017 at 10:06
  • 1
    I'm really curious what the hashFunction method does. It's generally considered a terrible idea to roll your own crypto - you should be using the built in password lib in PHP Commented Oct 15, 2017 at 10:07

1 Answer 1

Reset to default
1

You're using prepare / bind the wrong way...

The mysqli_ nameless version :

$stmt = $this->conn->prepare('UPDATE user 
    SET name = ?, 
        email = ? , 
        encrypted_password = ? , 
        salt = ?, 
        ktp = ?, 
        gender = ? 
    WHERE sid =?');

  $stmt->bind_param("sssssss", 
        $name, 
        $email, 
        $encrypted_password, 
        $salt, 
        $ktp, 
        $gender,
        $sid
        );

  $result = $stmt->execute();

The PDO one :

$stmt = $this->conn->prepare('UPDATE user 
    SET name = :name, 
        email = :email , 
        encrypted_password = :encrypted_password , 
        salt = :salt, 
        ktp = :ktp, 
        gender = :gender 
    WHERE sid =:sid');
// $stmt->bind_param("sssssss", $sid, $name, $email, $encrypted_password, $salt, $ktp, $gender);
$result = $stmt->execute(array(
        ':name'=>$name, 
        ':email'=>$email, 
        ':encrypted_password'=>$encrypted_password, 
        ':salt'=>$salt, 
        ':ktp'=>$ktp, 
        ':gender'=>$gender,
        ':sid'=>$sid,
        )
    );
Improve this answer
Sign up to request clarification or add additional context in comments.

13 Comments

$stmt->execute( , shouldn't that be $stmt->execute(array ( instead ? :) ( I'm not sure, I didn't try it )
@gregn3 you're dam' right, I should proof read before posting... u_u
Please don't do var_dump($this->conn->error); JFYI: PHP error reportig
the errors is disappear but the all the input was " " , why was that ?
@YourCommonSense I can't put a proper error handling without loosing the readability of the answer, but yes, var_dump is for development purpose only.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.