Trying to insert data using prepared statements in PHP.

<?php
$username = stripslashes($_POST['username']);
$password = stripslashes($_POST['password']);
$state = stripslashes($_POST['state']);
$state_code = stripslashes($_POST['state_code']);
$conn = new mysqli("localhost", "root", "icecold","test");

if (mysqli_connect_errno()){
echo "Unable to connect to database<br>";
echo "Error ". mysqli_connect_errno() . " - ".mysqli_connect_error();
exit;
}

$username = mysqli_real_escape_string($conn, $_POST['username']);
$password = mysqli_real_escape_string($conn, $_POST['password']);
$state = mysqli_real_escape_string($conn, $_POST['state']);
$state_code = mysqli_real_escape_string($conn, $_POST['state_code']);

$sql = "INSERT INTO user_records(username, password, state_code)
VALUES (?, ?, ?)";
$sql2 = "INSERT INTO states(states, state_code)
VALUES (?, ?)";

// initialize prepared statement
$stmt = $conn->stmt_init();
if ($stmt->prepare($sql)) {
// bind parameters and execute statment
$stmt->bind_param('sss', $username, $password, $state_code);
$stmt->execute();
/*
if ($stmt->prepare($sql2)) {
// bind parameters and execute statment
$stmt->bind_param('ss', $states, $state_code);
$stmt->execute();
*/
$conn->close();

echo $username."".$password."".$state_code."".$state ;


?>

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Categories