File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes PHP and the fly likes Post-form security (MySQLi) + error in the process Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Languages » PHP
Bookmark "Post-form security (MySQLi) + error in the process" Watch "Post-form security (MySQLi) + error in the process" New topic
Author

Post-form security (MySQLi) + error in the process

Sami Dma
Greenhorn

Joined: Jul 16, 2013
Posts: 12
I have been trying to secure my code from SQL Injections. In the process I have come to a halt.

Here are the two things with which I ran into the wall:

  • Now my code displays some errors (which I will display at the
    bottom of this post). Before trying to secure my (post-)form, it did NOT.
  • How secure IS my form as it's being processed? What can I do to
    improve the security of it? I've done all I could, to the best of my
    capacity.

  • Here is the code itself (errors are displayed at the bottom of the post)







    These are the errors

    > Warning: mysqli_stmt::bind_param() [mysqli-stmt.bind-param]: Number of
    > variables doesn't match number of parameters in prepared statement in
    > /home/********/public_html/******/formulaires/processForm-test.php on
    > line 79
    >
    > Warning: mysqli_stmt::bind_param() [mysqli-stmt.bind-param]: Number of
    > variables doesn't match number of parameters in prepared statement in
    > /home/********/public_html/******/formulaires/processForm-test.php on
    > line 80
    >
    > Warning: mysqli_stmt::bind_param() [mysqli-stmt.bind-param]: Number of
    > variables doesn't match number of parameters in prepared statement in
    > /home/*********/public_html/******/formulaires/processForm-test.php on
    > line 81





    This refers to







    While

    > Warning: mysqli_query() expects parameter 2 to be string, object given
    > in
    > /home/product/public_html/*****/formulaires/processForm-test.php
    > on line 114
    >
    > Warning: mysqli_error() [function.mysqli-error]: Couldn't fetch mysqli
    > in
    > /home/product/public_html/*****/formulaires/processForm-test.php
    > on line 116 Error:




    Refers to these lines (EXcluding the two curly brackets)

     
    I agree. Here's the link: http://aspose.com/file-tools
     
    subject: Post-form security (MySQLi) + error in the process
     
    Similar Threads
    Writing to web space from Java applet.
    Send file to applet from PHP
    uploading to new directory fails
    \r\n db saving and echo issue
    notice undefined index php