php - prepared statement using bindValue not working

I'm new to PHP and I'm trying to get a prepared statement to work. Its for my final year project at university and I remember reading that prepared statements are good practice and also good for SQL injections. However the following code gives me a Server 500 error.

<?php
    $email = "[email protected]";
    $hash = "somerandomhashedpassword";
    $db = new mysqli("localhost", "root", "1234", "UEAnetwork");    
    $sql = "INSERT INTO Students (Email, Password) VALUES (?,?)";
    $stmt = $db->prepare($sql);
    $stmt->bindValue(1, $email);
    $stmt->bindValue(2, $hash);           
    if ($stmt->execute()) {
        echo "You have registered!!!!!!!!!!!!!!!!!!!!!!!!!!!!";
    }
?>
Copy code

If I run the following then a row is inserted, so I'm pretty sure I'm connecting to the database properly.

<?php
    $db = new mysqli("localhost", "root", "1234", "UEAnetwork");    
    $sql = "INSERT INTO Students (Email, Password) VALUES ('[email protected]','somerandomhashedpassword')";
    $stmt = $db->prepare($sql);         
    if ($stmt->execute()) {
        echo "You have registered!!!!!!!!!!!!!!!!!!!!!!!!!!!!";
    }
?>
Copy code

Am I usingbindValue incorrectly? I've seen it used this way in many tutorials online but I must be doing something wrong.