Fatal error: Cannot pass parameter 2 by reference in line 68

#1

I am getting this error kindly help…

register.php

  ini_set('display_errors', '1');
  ini_set('display_startup_errors', '1');
  error_reporting(E_ALL);

  include_once 'includes/config.php'; 

 

  
if ($_SERVER['REQUEST_METHOD'] == 'POST') { 

  //collect form data and store in variables
  
  $username = trim($_POST['username'] );
  $email = trim($_POST['email'] );
  $password = md5($_POST['password']);
 

 

    //validation from user

    if (!filter_var($email, FILTER_VALIDATE_EMAIL)){
    
        $error = "Enter a  valid email";

    }elseif (strlen($username) <= 4) {

      $error = "Username is too Short";

    }elseif (strlen($_POST['password']) <= 6) {

              $error = "Password too short";
      }else{

              $sql = $dbh -> prepare ("SELECT * FROM users WHERE email=?");

              $sql->execute([$email]);

              $result = $sql->fetch();

              if($result){
                    
                     $error="The email is already taken";

              }else{

              $sql = $dbh -> prepare ("SELECT * FROM users WHERE username=?");

              $sql->execute([$username]);

              $result = $sql->fetch();

              if($result){
                    
                     $error="The username is already taken";


              }else{

                 $sql = "INSERT INTO users (username, email, password, rights )values( :username, :email, :password :rights )";
                  $query = $dbh -> prepare($sql);
                  //Bind the parameters
                  $query->bindParam(':email', $email,PDO::PARAM_STR);
                  $query->bindParam(':username', $username,PDO::PARAM_STR);
                  $query->bindParam(':password', $password,PDO::PARAM_STR);
                  $query->bindParam(':rights', 'User'); //Line 68
                  $query->execute();
                  
                  header('Location: login.php');

                  exit(); 
                }

                  }
             } 

        }
 
?>

dddd

0 Likes

#2

Try that maybe.

$sRights = 'User';
$query->bindParam(':rights', $sRights); //Line 68
0 Likes

#3

bindParam expects a variable, not a string. If you want to bind a string you need bindValue

Also, do not store password plaintext in the database, use password_hash to store them securely!

0 Likes

#4

Thanks

0 Likes

#5

Thanks. Its just a demo that’s why I didnt hash it but I will take note of that.

0 Likes

#6

Nothing was inserted in the Database after the changes i made.??

0 Likes

#7

There is comma missing between :password and :rights

( :username, :email, :password :rights )
                              ^-- there should be a comma here
2 Likes

#8

Thanks so much…It worked.:smile: I guess I wasn’t keen enough, thanks again.

0 Likes

#9

The database would have reported that if PDO’s error reporting were enabled.

0 Likes

#10

… what can be acomplished by

$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION)

on non-productive systems.

0 Likes