aspose file tools*
The moose likes PHP and the fly likes Post-form security (MySQLi) + error in the process Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Languages » PHP
Bookmark "Post-form security (MySQLi) + error in the process" Watch "Post-form security (MySQLi) + error in the process" New topic
Author

Post-form security (MySQLi) + error in the process

Sami Dma
Greenhorn

Joined: Jul 16, 2013
Posts: 12
I have been trying to secure my code from SQL Injections. In the process I have come to a halt.

Here are the two things with which I ran into the wall:

  • Now my code displays some errors (which I will display at the
    bottom of this post). Before trying to secure my (post-)form, it did NOT.
  • How secure IS my form as it's being processed? What can I do to
    improve the security of it? I've done all I could, to the best of my
    capacity.

  • Here is the code itself (errors are displayed at the bottom of the post)







    These are the errors

    > Warning: mysqli_stmt::bind_param() [mysqli-stmt.bind-param]: Number of
    > variables doesn't match number of parameters in prepared statement in
    > /home/********/public_html/******/formulaires/processForm-test.php on
    > line 79
    >
    > Warning: mysqli_stmt::bind_param() [mysqli-stmt.bind-param]: Number of
    > variables doesn't match number of parameters in prepared statement in
    > /home/********/public_html/******/formulaires/processForm-test.php on
    > line 80
    >
    > Warning: mysqli_stmt::bind_param() [mysqli-stmt.bind-param]: Number of
    > variables doesn't match number of parameters in prepared statement in
    > /home/*********/public_html/******/formulaires/processForm-test.php on
    > line 81





    This refers to







    While

    > Warning: mysqli_query() expects parameter 2 to be string, object given
    > in
    > /home/product/public_html/*****/formulaires/processForm-test.php
    > on line 114
    >
    > Warning: mysqli_error() [function.mysqli-error]: Couldn't fetch mysqli
    > in
    > /home/product/public_html/*****/formulaires/processForm-test.php
    > on line 116 Error:




    Refers to these lines (EXcluding the two curly brackets)

     
    I agree. Here's the link: http://aspose.com/file-tools
     
    subject: Post-form security (MySQLi) + error in the process