I'm still retrospectively trying to edit all my interactions with the database to be in prepared statements.

I'm having an issue with my registration form, with the passing of my $password and $activationKey.

The code is:

// $stmnt1 = $dbc->stmt_init();

    $query = "INSERT INTO xxxxxxxxxxxxxxx VALUES (?,?,?,?,NOW(),?,?,?,?,?,?,?,?,?,?,?,?,?,?,'$activationKey')";

    $stmnt = $dbc->prepare($query);

    $stmnt->bind_param('isssssssbisisssssss',$ID, $reg_agent, $reg_license, $reg_colicense, $reg_lname, $reg_fname, $reg_companyname,$username, SHA1('$password1'), $secQ, $secA, $reg_tel,$reg_email, $reg_biography, $reg_news, $screenpath, $reg_image_name, 'verify', $activationKey);


The error message is due to:

$activationKey =  mt_rand() . mt_rand() . mt_rand() . mt_rand() . mt_rand();

I'm actually not very clued up with different ways to go about registration security so don't really know how to get around this. I actually want to change the SHA1 to a SHA512 but that is a different story as well :-)

The actual error message is:
Fatal error: Cannot pass parameter 19 by reference in /home/xxxxxxxxxxx/public_html/xxxxxx/signup.php on line 498

Parameter 19 is the $activationKey

Many thanks for any help

Value of parameter 19 is 'verify', $activationKey is 20 (and it seems to work fine) unless you are counting from 0. If that it's a enum field then check if 'verify' is an accepted value.