It turns out that I made sql queries with query and now I found out because they told me that it is very insecure against sql injection attacks, therefore I decided to start using mysqli and well I did my first replacement which was in the site login, but although the code seems to be perfect the page does not work and throws me an error.
Code:
$sentencia = $con->prepare("SELECT* FROM cuenta WHERE nombre= '?' or email= '?' and pass= '?'");
$sentencia->bind_param($sentencia, "sss", $nombre_str, $email_str, $pass_str);
$sentencia->execute();
And the error it gives me is:
PHP Fatal error: Cannot pass parameter 2 by reference in xxxx
Any other information you need do not hesitate to ask me and thank you very much in advance.
You are mixing the styles of object-oriented and procedural .
Change the line:
a
And you don't need to put quotes around the variables
?
in your query:Here I leave you a complete example to your last question, to obtain it
id
with awhile
: