php - I'm trying to go from the soon to be deprecated mysql statements to msqli prepared statements, what am I doing wrong? -

php - I'm trying to go from the soon to be deprecated mysql statements to msqli prepared statements, what am I doing wrong? -

here's php:

$db = new mysqli($db_host, $db_user, $db_pass, $db_database); if (mysqli_connect_errno()) { echo "could not connect database."; } // on first connect database, create user hold info users not logged in $stmt = $db->prepare("select id users id = ?"); $stmt->bind_param("i" , 1); $stmt->execute(); if ($stmt->num_rows == 0) { $stmt = $db->prepare("insert users (id, username, email, password) values (?, ?, ?, ?"); $stmt->bind_param("isss", 1, "anonymous", "anonymous", password_hash("noidentity", password_bcrypt)); $stmt->execute(); }

but when runs, error:

fatal error: cannot pass parameter 2 reference

and points line have $stmt->bind_param("i" , 1);

i'm not sure i'm doing wrong.

also, if want set value of field in row 1 higher is, how do prepared statements?

this, example: update users set wins = wins + 1 id = ? setting wins value, assume should used prepared statement, consider "wins + 1" string, , include in prepared statement?

all arguments bind_param (except first) must variables passed reference, can't pass literal values such 1, "anonymous"...

if values inserted fixed these, there no point in using bind_param @ all, safe have them in query:

$stmt = $bd->prepare("insert users (id, username, email, password) values (1, 'anonymous',...)");

however in general need set these parameters variables, such as:

$params = array(1,"anonymous","anonymous",password_hash("noidentity",password_bcrypt)); $stmt->bind_param("isss",$params[0],$params[1],$params[2],$params[3]);

php mysql prepared-statement