aspose file tools*
The moose likes PHP and the fly likes Post-form security (MySQLi) + error in the process Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Languages » PHP
Bookmark "Post-form security (MySQLi) + error in the process" Watch "Post-form security (MySQLi) + error in the process" New topic
Author

Post-form security (MySQLi) + error in the process

Sami Dma
Greenhorn

Joined: Jul 16, 2013
Posts: 12
I have been trying to secure my code from SQL Injections. In the process I have come to a halt.

Here are the two things with which I ran into the wall:

  • Now my code displays some errors (which I will display at the
    bottom of this post). Before trying to secure my (post-)form, it did NOT.
  • How secure IS my form as it's being processed? What can I do to
    improve the security of it? I've done all I could, to the best of my
    capacity.

  • Here is the code itself (errors are displayed at the bottom of the post)







    These are the errors

    > Warning: mysqli_stmt::bind_param() [mysqli-stmt.bind-param]: Number of
    > variables doesn't match number of parameters in prepared statement in
    > /home/********/public_html/******/formulaires/processForm-test.php on
    > line 79
    >
    > Warning: mysqli_stmt::bind_param() [mysqli-stmt.bind-param]: Number of
    > variables doesn't match number of parameters in prepared statement in
    > /home/********/public_html/******/formulaires/processForm-test.php on
    > line 80
    >
    > Warning: mysqli_stmt::bind_param() [mysqli-stmt.bind-param]: Number of
    > variables doesn't match number of parameters in prepared statement in
    > /home/*********/public_html/******/formulaires/processForm-test.php on
    > line 81





    This refers to







    While

    > Warning: mysqli_query() expects parameter 2 to be string, object given
    > in
    > /home/product/public_html/*****/formulaires/processForm-test.php
    > on line 114
    >
    > Warning: mysqli_error() [function.mysqli-error]: Couldn't fetch mysqli
    > in
    > /home/product/public_html/*****/formulaires/processForm-test.php
    > on line 116 Error:




    Refers to these lines (EXcluding the two curly brackets)

     
    It is sorta covered in the JavaRanch Style Guide.
     
    subject: Post-form security (MySQLi) + error in the process
     
    Similar Threads
    notice undefined index php
    Send file to applet from PHP
    Writing to web space from Java applet.
    \r\n db saving and echo issue
    uploading to new directory fails