I have been trying to secure my code from SQL Injections. In the process I have come to a halt.
Here are the two things with which I ran into the wall:
Now my code displays some errors (which I will display at the
bottom of this post). Before trying to secure my (post-)form, it did NOT.
How secure IS my form as it's being processed? What can I do to
improve the security of it? I've done all I could, to the best of my
capacity.
Here is the code itself (errors are displayed at the bottom of the post)
These are the errors
> Warning: mysqli_stmt::bind_param() [mysqli-stmt.bind-param]: Number of
> variables doesn't match number of parameters in prepared statement in
> /home/********/public_html/******/formulaires/processForm-test.php on
> line 79
>
> Warning: mysqli_stmt::bind_param() [mysqli-stmt.bind-param]: Number of
> variables doesn't match number of parameters in prepared statement in
> /home/********/public_html/******/formulaires/processForm-test.php on
> line 80
>
> Warning: mysqli_stmt::bind_param() [mysqli-stmt.bind-param]: Number of
> variables doesn't match number of parameters in prepared statement in
> /home/*********/public_html/******/formulaires/processForm-test.php on
> line 81
This refers to
While
> Warning: mysqli_query() expects parameter 2 to be string, object given
> in
> /home/product/public_html/*****/formulaires/processForm-test.php
> on line 114
>
> Warning: mysqli_error() [function.mysqli-error]: Couldn't fetch mysqli
> in
> /home/product/public_html/*****/formulaires/processForm-test.php
> on line 116 Error:
Refers to these lines (EXcluding the two curly brackets)