Prepared Statemens parsing a $actionKey

Question

ebanbury 13 Junior Poster

12 Years Ago

Hi

I'm still retrospectively trying to edit all my interactions with the database to be in prepared statements.

I'm having an issue with my registration form, with the passing of my $password and $activationKey.

The code is:

// $stmnt1 = $dbc->stmt_init();

    $query = "INSERT INTO xxxxxxxxxxxxxxx VALUES (?,?,?,?,NOW(),?,?,?,?,?,?,?,?,?,?,?,?,?,?,'$activationKey')";

    $stmnt = $dbc->prepare($query);

    $stmnt->bind_param('isssssssbisisssssss',$ID, $reg_agent, $reg_license, $reg_colicense, $reg_lname, $reg_fname, $reg_companyname,$username, SHA1('$password1'), $secQ, $secA, $reg_tel,$reg_email, $reg_biography, $reg_news, $screenpath, $reg_image_name, 'verify', $activationKey);

    $stmnt->execute(); 
    $stmnt->close();

The error message is due to:

$activationKey =  mt_rand() . mt_rand() . mt_rand() . mt_rand() . mt_rand();

I'm actually not very clued up with different ways to go about registration security so don't really know how to get around this. I actually want to change the SHA1 to a SHA512 but that is a different story as well :-)

The actual error message is:
Fatal error: Cannot pass parameter 19 by reference in /home/xxxxxxxxxxx/public_html/xxxxxx/signup.php on line 498

Parameter 19 is the $activationKey

Many thanks for any help

php

2 Contributors
1 Reply
81 Views
12 Hours Discussion Span
Latest Post 12 Years Ago Latest Post by cereal

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

cereal 1,524 Nearly a Senior Poster Featured Poster · Answer 1 · 2012-04-02T14:17:32+00:00

Value of parameter 19 is 'verify', $activationKey is 20 (and it seems to work fine) unless you are counting from 0. If that it's a enum field then check if 'verify' is an accepted value.