Insert into phpmyadmin with bind param

Question

I want to insert values into my database. I have phpMyAdmin database on a free webserver. Here is the code:

$con = mysqli_connect("hostname", "user", "password", "databasename");
    $name = $_POST["name"];
    $username = $_POST["username"];
    $password = $_POST["password"];
    $email = $_POST["email"];
    $phonenumber = $_POST["phonenumber"];

    $statement = mysqli_prepare($con, "INSERT INTO User (name, username, password, email, phonenumber) 
                                        VALUES (?, ?, ?, ?, ?)"); 
    mysqli_stmt_bind_param($statement, "sss", $name, $username, $password, $email, $phonenumber);
    mysqli_stmt_execute($statement);
    mysqli_stmt_close($statement);
    mysqli_close($con);

And the problem is how in phpMyAdmin I could insert values like "... VALUES ('Caroline', 'CC'...");and it worked, and i can insert with the code above like "... VALUES ('?', '?', '?'..."); but it inserts ? into every column.

Here is the table with Values( '$name', '? ', '?'..):

So how could I insert $name with ' ' and bind param? If i change in bind_param the $name into '$name' it still doesn't work. But if I change VALUES('$name') then it insert the right value into the table.

Answer 1

As mentioned, you have 3x s's in your your binding, but 5x ? placeholders.

You also seem to be wanting to execute this directly in phpmyadmin; that's not how it works. Those placeholders/binding only get executed/populated via your website/local machine from the web browser and accessed as http://localhost|yourhost/file.php

It needs to be executed from a server and with an environment that has PHP/MySQL installed.

Plus, make sure your form does not fail you once you've done this; something that wasn't posted.

Add error reporting to the top of your file(s) which will help find errors.

<?php 
error_reporting(E_ALL);
ini_set('display_errors', 1);

// rest of your code

Sidenote: Displaying errors should only be done in staging, and never production.

You should also check for errors in your query, should there be any type of constraints or collision with your incoming/existing data.

• http://php.net/manual/en/mysqli.error.php

---

Passwords

I also noticed that you may be storing passwords in plain text. This is not recommended.

Use one of the following:

• CRYPT_BLOWFISH
• crypt()
• bcrypt()
• scrypt()
• On OPENWALL
• PBKDF2
• PBKDF2 on PHP.net
• PHP 5.5's password_hash() function.
• Compatibility pack (if PHP < 5.5) https://github.com/ircmaxell/password_compat/

Other links:

• PBKDF2 For PHP