is this the right way to use prepared insert statement with oop php?

Question

Hello guys I have wrote this registration page script and I want to register user info into database but I am trying to do this securely by using prepared insert statement with oop syntax but not sure if I did this right because when I register dummy data, it won't put anything in the database.

index.php page

    <!DOCTYPE html>
    <html>
    <head>
    <title>Registration form</title>
    <link rel="stylesheet" type="text/css" href="regisform.css">
    </head>
    <body>
        <div id="form">
        <div id="header"><h2>Registration Form</h2></div>
            <form method="post" action="process.php">
                <label>Username:</label>
                <input type="text" name="username" placeholder="Enter a Username please" required="required" />
                <label>Email:</label>
                <input type="text" name="email" placeholder="Enter your email please" required="required" />
                <label>Password:</label>
                <input type="text" name="password" placeholder="Enter a Password please" required="required" />
                <input type="submit" name="signup" value="Sign up"/>
            </form>
        </div>
    </body>

    </html>

    <?php 
    include "process.php";
       $db = new db();
    if(isset($_POST['signup'])) {
       $user = $_POST['username'];
       $email = $_POST['email'];
       $password = $_POST['password'];

       $query = "INSERT INTO users (user_name, user_email, user_pass) VALUES (?, ?, ?)";

       $run = $db->insert($query);
       $run->bind_param('sss', $user, $email, $password);
       $run->execute();
       $run->close();
    }
?>

process.php page

<?php

class db {
    public $host = "localhost";
    public $user = "root";
    public $pass = "";
    public $db_name = "pros";

    public $link;

    public function __construct(){
        $this->connect();
    }

    private function connect() {
        $this->link = new mysqli($this->host, $this->user, $this->pass, $this->db_name);
    }

    public function insert ($query) {
        $result = $this->link->prepare($query);
        if($result){
            echo "<center><h2>Registration Successfull!</h2></center>";
        }
        else
        {
            echo "<center><h2>Registration failed!</h2></center>";
        }
      return $result;
    }
}

?>

@user3625915 where would I need to put this? in the insert function right? — Ramin K, Jul 07 '16 at 23:30
@user3625915 did so. No errors still but it won't record anything in the database table. — Ramin K, Jul 07 '16 at 23:36
If this questioned isn't answered by the time I get home I'll help u out — MackProgramsAlot, Jul 07 '16 at 23:37

Dieter Donnert · Accepted Answer · 2019-05-13T19:22:52.987

I would use one function or method to do all of the insert

public function insert_new_user($username, $email, $password){

    $mysqli = $this->link;

    $sql = "INSERT INTO users"
        . " (user_name, user_email, user_pass)"
        . " VALUES (?, ?, ?)";

    $stmt = $mysqli->prepare( $sql );

    $stmt->bind_param("sss", $username, $email, $password );

    if($stmt->execute()){
        return "success";
    } else {
        return "failed: " . $mysqli->error;
    }

}

is this the right way to use prepared insert statement with oop php?

1 Answers1