I'm still retrospectively trying to edit all my interactions with the database to be in prepared statements.
I'm having an issue with my registration form, with the passing of my $password and $activationKey.
The code is:
// $stmnt1 = $dbc->stmt_init(); $query = "INSERT INTO xxxxxxxxxxxxxxx VALUES (?,?,?,?,NOW(),?,?,?,?,?,?,?,?,?,?,?,?,?,?,'$activationKey')"; $stmnt = $dbc->prepare($query); $stmnt->bind_param('isssssssbisisssssss',$ID, $reg_agent, $reg_license, $reg_colicense, $reg_lname, $reg_fname, $reg_companyname,$username, SHA1('$password1'), $secQ, $secA, $reg_tel,$reg_email, $reg_biography, $reg_news, $screenpath, $reg_image_name, 'verify', $activationKey); $stmnt->execute(); $stmnt->close();
The error message is due to:
$activationKey = mt_rand() . mt_rand() . mt_rand() . mt_rand() . mt_rand();
I'm actually not very clued up with different ways to go about registration security so don't really know how to get around this. I actually want to change the SHA1 to a SHA512 but that is a different story as well :-)
The actual error message is:
Fatal error: Cannot pass parameter 19 by reference in /home/xxxxxxxxxxx/public_html/xxxxxx/signup.php on line 498
Parameter 19 is the $activationKey
Many thanks for any help