PHP Warning: mysqli_stmt :: bind_param (): The number of elements in the type definition string does not match the number

advertisements

I am familiar with this error but it looks like i am blind or something . followings are php codes:

DB_functions.php

    <?php

class DB_Functions {

    private $conn;

    // constructor
    function __construct() {
        require_once 'DB_Connect.php';
        // connecting to database
        $db = new Db_Connect();
        $this->conn = $db->connect();
    }

    // destructor
    function __destruct() {

    }

/*update user data*/

public function updateUser($name, $email, $oldpassword, $newpassword)
{
        $uuid = uniqid('', true);
        $hash = $this->hashSSHA($newpassword);
        $encrypted_password = $hash["encrypted"]; // encrypted password
        $salt = $hash["salt"]; // salt

        $stmt = $this->conn->prepare("update users set name ='$name', email ='$email', encrypted_password = '$encrypted_password' , updated_at = NOW() where email ='$email' ");
        $stmt->bind_param("sssss",  $name, $email, $encrypted_password , $updated_at);
        $stmt->execute();
        $stmt ->bind_result($row_name, $row_email, $row_encryptedpassword, $row_updatedat);
        $user = array(
         'name',
         'email',
         'encrypted_password',
         'updated_at',
       );
      return $user;
        $stmt->close();

    }

    /**
     * Storing new user
     * returns user details
     */
    public function storeUser($name, $email, $password) {
        $uuid = uniqid('', true);
        $hash = $this->hashSSHA($password);
        $encrypted_password = $hash["encrypted"]; // encrypted password
        $salt = $hash["salt"]; // salt

        $stmt = $this->conn->prepare("INSERT INTO users(unique_id, name, email, encrypted_password, salt, totalpoints, digipoints,total_coupons, created_at, updated_at) VALUES(?, ?, ?, ?, ?,0,0, 0, NOW(), NOW())");
        $stmt->bind_param("sssss", $uuid, $name, $email, $encrypted_password, $salt , $totalpoints, $digipoints, $total_coupons, $created_at,$updated_at );
        $result = $stmt->execute();
        $stmt->close();

        // check for successful store
        if ($result) {
            $stmt = $this->conn->prepare("SELECT id, name, email, encrypted_password, salt, totalpoints, digipoints, total_coupons, created_at, unique_id, updated_at FROM users WHERE email = ?");
            $stmt->bind_param("s", $email);
            $stmt->execute();

$stmt->bind_result($row_user_id, $row_user_name, $row_user_email, $row_user_encryptedpass, $row_user_salt,$row_totalpoints, $row_digipoints,$row_totalcoupons, $row_user_createdat,$row_user_uniqueid, $row_user_updatedat);
$stmt->fetch();

$user = array(
     'id' => $row_user_id,
     'name' => $row_user_name,
     'email' => $row_user_email,
'encrypted_password' => $row_user_encryptedpass,
'salt' => $row_user_salt,
'totalpoints' => $row_totalpoints,
'digipoints' => $row_digipoints,
'total_coupons' => $row_totalcoupons,
'created_at'=>$row_user_createdat,
'unique_id' => $row_user_uniqueid,
'updated_at' => $row_user_updatedat,
);

            $stmt->close();

            return $user;
        } else {
            return false;
        }
    }

    /**
     * Get user by email and password
     */
    public function getUserByEmailAndPassword($email, $password) {

        $stmt = $this->conn->prepare("SELECT unique_id, name, email, encrypted_password, salt, totalpoints, digipoints, created_at, unique_id, updated_at FROM users WHERE email = ?");

        $stmt->bind_param("s", $email);

        if ($stmt->execute()) {
          $stmt->bind_result($row_user_id, $row_user_name, $row_user_email, $row_user_encryptedpass, $row_user_salt, $row_totalpoints, $row_digipoints,$row_user_createdat,$row_user_uniqueid, $row_user_updatedat);
$stmt->fetch();

$user = array(
     'id' => $row_user_id,
     'name' => $row_user_name,
     'email' => $row_user_email,
'encrypted_password' => $row_user_encryptedpass,
'salt' => $row_user_salt,
'totalpoints' => $row_totalpoints,
'digipoints' => $row_digipoints,
'created_at' => $row_user_createdat,
'unique_id' => $row_user_uniqeid,
'updated_at' => $row_user_updatedat,
);
            $stmt->close();
            return $user;
        } else {
            return NULL;
        }
    }

    /**
     * Check user is existed or not
     */
    public function isUserExisted($email) {
        $stmt = $this->conn->prepare("SELECT email from users WHERE email = ?");

        $stmt->bind_param("s", $email);

        $stmt->execute();

        $stmt->store_result();

        if ($stmt->num_rows > 0) {
            // user existed
            $stmt->close();
            return true;
        } else {
            // user not existed
            $stmt->close();
            return false;
        }
    }

    /**
     * Encrypting password
     * @param password
     * returns salt and encrypted password
     */
    public function hashSSHA($password) {

        $salt = sha1(rand());
        $salt = substr($salt, 0, 10);
        $encrypted = base64_encode(sha1($password . $salt, true) . $salt);
        $hash = array("salt" => $salt, "encrypted" => $encrypted);
        return $hash;
    }

    /**
     * Decrypting password
     * @param salt, password
     * returns hash string
     */
    public function checkhashSSHA($salt, $password) {

        $hash = base64_encode(sha1($password . $salt, true) . $salt);

        return $hash;
    }

}

?>

register.php

<?php
require_once 'include/DB_Functions.php';
$db = new DB_Functions();
// json response array
$response = array("error" => FALSE);
if (isset($_POST['name']) && isset($_POST['email']) && isset($_POST['password'])) {
    // receiving the post params
    $name = $_POST['name'];
    $email = $_POST['email'];
    $password = $_POST['password'];

    // check if user is already existed with the same email
    if ($db->isUserExisted($email)) {
        // user already existed
        $response["error"] = TRUE;
        $response["error_msg"] = "User already existed with " . $email;
        echo json_encode($response);
    } else {
        // create a new user
        $user = $db->storeUser($name, $email, $password);
        if ($user) {
            // user stored successfully
            $response["error"] = FALSE;
            $response["uid"] = $user["unique_id"];
            $response["user"]["name"] = $user["name"];
            $response["user"]["email"] = $user["email"];
            $response["user"]["totalpoints"] = $user["totalpoints"];
            $response["user"]["digipoints"] = $user["digipoints"];
            $response["user"]["total_coupons"] = $user["total_coupons"];
            $response["user"]["created_at"] = $user["created_at"];
            $response["user"]["updated_at"] = $user["updated_at"];
            echo json_encode($response);
        } else {
            // user failed to store
            $response["error"] = TRUE;
            $response["error_msg"] = "Unknown error occurred in registration!";
            echo json_encode($response);
        }
    }
} else {
    $response["error"] = TRUE;
    $response["error_msg"] = "Required parameters (name, email or password) is missing!";
    echo json_encode($response);
}
?>

and here is the warning that is my server error_log

[09-Feb-2016 08:36:43 UTC] PHP Warning:  mysqli_stmt::bind_param(): Number of elements in type definition string doesn't match number of bind variables in /home/hevak/public_html/beeken/include/DB_Functions.php on line 62

please do not downgrade i Know this has been asked so many times but i am really really confused here.


You do not use prepared Statement properbly in updateUser.

You have no placeholder in the query string:

 $stmt = $this->conn->prepare("update users set name ='$name', email ='$email', encrypted_password = '$encrypted_password' , updated_at = NOW() where email ='$email' ");

Change to:

 $stmt = $this->conn->prepare("update users set name =?, email =?, encrypted_password = ?, updated_at = NOW() where email =? ");
 $stmt->bind_param("ssssss",  $name, $email, $encrypted_password , $updated_at, $email);