Hi, I have just started to learn prepared statements and sqli to make the signup process on my website more secure and safe. Below is just the basic code I have written to get it working, it is sent from a html form, which calls a jquery function to validate the signup form and then issuse a result "Success" or "Fail".
<?php
session_start();
include ('connection.php');
include ('functions.php');
$insert = $db->stmt_init();
if($insert->prepare("INSERT INTO `users` (`first_name`, `last_name`) VALUES (?, ?)"))
{
$insert->bind_param('ss', $first_name, $last_name);
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$insert->execute();
$insert->close();
echo "Successful";
return 1;
}
else
{
echo mysqli_error();
return 0;
}
?>
As it is my first time using prepared statements I don't know if I am doing everything in a "good" and safe way. I have the connection to my db in a seprate file this is why I havent included it above. Could you pick at my code to find any obvious problems with it?
Grateful for all your advice, thanks :)