Prepared statements in PHP for MySQL, what am I doing wrong? -

Prepared statements in PHP for MySQL, what am I doing wrong? -

previously in soon-to-be-deprecated normal mysql functions, had:

// on first connect database, create user hold info users not logged in if (mysql_num_rows(mysql_query("select id users id=1")) === 0) { mysql_query("insert users(id,username,email,password) values(1,'anonymous','anonymous','" . password_hash("noidentity", password_bcrypt) . "')"); }

this have now, trying accomplish same thing:

// on first connect database, create user hold info users not logged in $stmt = $db->prepare("select id users id = ?"); $stmt->execute(1); $stmt->store_result(); if ($stmt->num_rows == 0) { $stmt = $db->prepare("insert users (id, username, email, password) values (?, ?, ?, ?)"); $stmt->execute(1, 'anonymous', 'anonymous', password_hash("noidentity", password_bcrypt)); }

i maintain getting error "warning: mysqli_stmt::execute() expects 0 parameters, 1 given" seemingly expects 1, have 1 question mark, i'm doing wrong.

am doing right next ones?

$stmt = $db->prepare("update users set wins = wins + 1 id = ?"); $stmt->execute($_session["id"]);

should have ? wins = part? if so, how fill in value later if depends on current 1 in there?

what about:

$stmt = $db->prepare("select id, username, password users email = ?"); $stmt->execute($email); $row = $stmt->fetch(); if (password_verify($password, $row["password"])) {

am doing right there?

i'm trying grasp these prepared statements security purposes , finding little difficult.

use code, have utilize bind_param set data.

$stmt = $db->prepare("select id users id = ?"); $stmt->bind_param('i', 1); $stmt->execute();

php