I'm using the code below to bind parameter in my query to add users to my DB
if($stmt = $dbh->prepare('INSERT INTO tblusers(UserName,FirstName,LastName,Email,Password,RegistratieIP) VALUES( :username, :firstname, :lastname, :email, :password, :ip)')){
$stmt->bind_param(':username', $inUsername);
$stmt->bind_param(':firstname', $inFirstName);
$stmt->bind_param(':lastname', $inLastName);
$stmt->bind_param(':email', $inEmail);
$stmt->bind_param(':password', $inPassword);
$stmt->bind_param(':ip', $ip);
$stmt->execute();
}else{
echo $dbh->error;
}
The error I receive is:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ':username, :firstname, :lastname, :email, :password, :ip)' at line 1a
I've been checking out the php manual and according to that manual, my syntax should be correct.
The PHP mysqli::prepare page doesn't seem to agree with you. It uses ? for parameter markers and the first argument to bind is the argument type rather than name.
Try instead with the form:
if ($stmt = $dbh->prepare('INSERT INTO tbl(col1,col2) values (?,?)')) {
$stmt->bind_param('ss', $colval1, $colval2);
$stmt->execute();
}