I have this code in MyFile.php
$db= mysqli_connect("host","user","pw","db");//connect to db
if (mysqli_connect_errno($con))//check connection
{echo "Failed to connect to MySQL: " . mysqli_connect_error();}
//Create a token for the unique link
$title= $_GET[apt_title];
$email= $_GET[mail_address];
$token = sha1(uniqid($email, true));
$time = $_SERVER["REQUEST_TIME"];
//prepare the query to be executed
$query = $db->prepare(
"INSERT INTO pending_users (email, token, title_apt, tstamp) VALUES (?, ?, ?, ?)"
);
$query->execute(
array(
$title,
$email,
$token,
$time
)
);
Error message:
Warning: mysqli_stmt::execute() expects exactly 0 parameters, 1 given in /websites
How should I call execute() the right way?
Because mysqli::execute() does not accept any parameters. Before calling it, you have to prepare the query and then bind the params to the query. Then you have to call the execute() method. So try like this:
$query = $db->prepare(
"INSERT INTO pending_users (email, token, title_apt) VALUES (?, ?, ?, ?)"
);
$query->bind_param('ssss', $title, $email, $token, $time);
$query->execute();
For more check the documentation
Passing parameters in execute() is available only as of PHP 8.1. You need to upgrade your PHP version or use the old bind_param().
you need to bind params before executing the query,
in procedural way do like this
mysqli_stmt_execute($stmt);
if you are doing it like object oriented way after binding params
/* Execute the statement */
$stmt->execute();
Docs link.
http://www.php.net/manual/en/mysqli-stmt.execute.php
If you look at the manual for mysqli::execute(), you'll see that it does not accept any parameters.
bool mysqli_stmt::execute ( void )
Instead, you should use mysqli::bind_param to bind your parameters.
Related
I am creating a user registration system, and I am at the point where I start modifying the database i get the error
"Warning: mysqli_stmt::bind_param(): Number of elements in type definition string doesn't match number of bind variables in /opt/lampp/htdocs/Projectss/01_sarah/index.php on line 41
"
I have tried using every single method in php documentation concerning adding data to the database
here is some code
$hash_password = password_hash($password, PASSWORD_DEFAULT);
$query = "INSERT INTO users (first_name,last_name,email,password) VALUES('$first_name','$last_name','$email','$hash_password')";
$stmt = $conn->prepare($query);
if (!$stmt) {
echo mysqli_error($conn);
}
$stmt->bind_param('ssss', $query);
$stmt->execute(); // execute prepared statement
$conn->close(); // close connection
}
The expected result should is to not receive any warning after saving the information to the database
You're passing complete query in the bindParam and also passing the values in the query instead of this you need to pass the parameters in the bindParam like this..
$hash_password = password_hash($password, PASSWORD_DEFAULT);
$query = "INSERT INTO users (first_name,last_name,email,password) VALUES(?, ?, ?, ?)";
$stmt = $conn->prepare($query);
$stmt->bind_param('ssss', $first_name, $last_name, $email, $hash_password);
$stmt->execute(); // execute prepared statement
$conn->close(); // close connection
Wanting to encrypt a particular data variable but keep getting "PHP Fatal error: Call to undefined function AES_ENCRYPT()..."
Research has lead me to a hint that it's using PHP instead of MySQL?
$key="xyz";
$stmt = mysqli_prepare($mysqli, "INSERT INTO details (FirstName, LastName, EncryptThis) VALUES (?,?,?)");
if ($stmt === false) {
trigger_error('Statement failed! ' . htmlspecialchars(mysqli_error($mysqli)), E_USER_ERROR);
}
$bind = mysqli_stmt_bind_param($stmt, "sss", $FirstName, $LastName, AES_ENCRYPT('$EncryptThis','$key'));
if ($bind === false) {
trigger_error('Bind param failed!', E_USER_ERROR);
}
$exec = mysqli_stmt_execute($stmt);
Am using varbinary in the DB...
Have tried various uses of
AES_ENCRYPT('$EncryptThis','$key')
EG
AES_ENCRYPT($EncryptThis,$key)
etc etc
MySQL is expecting values to be be passed as bind parameters. Not names of functions or other SQL expressions. Just values.
If you want to invoke the MySQL AES_ENCRYPT function, that needs to be appear as part of the SQL text (the string prepared as a SQL statement). The name of the function can't be passed as a part of a bind parameter.
Like this:
"INSERT ... VALUES ( ? , ? , AES_ENCRYPT( ? , ? ) )"
mysqli_stmt_bind_param($stmt, "ssss", $FirstName, $LastName, $EncryptThis, $key);
I'm retrieving tweets from the twitter api, which i'm trying to save in my database however i keep getting an error, which i cant seem to fix. i've checked the number of parameters is correct and everything should be okay, so i dont see why i get following error:
Fatal error: Call to a member function bind_param() on a non-object
tweets database:
function retrievePlayerTweets(){
global $con;
$query = $con->prepare("Select players.fullname, players.twitter_user, team.id as teamId FROM players, team WHERE players.teamId = team.id");
$query->execute();
$query->bind_result($fullname, $twitter_user, $teamId);
while ($query->fetch()) {
foreach(retrieveUserTweets($twitter_user) as $twitterData) {
$id = $twitterData['id_str'];
$text = $twitterData['text'];
$name = $twitterData['user']['name'];
$dateString = $twitterData['created_at'];
$favoriteCount = $twitterData['favorite_count'];
$date = date('Y-m-d H:i:s', strtotime($dateString));
$insert_tweet = $con->prepare("INSERT IGNORE INTO tweets (`fullname`, `username`, `text`, `created`, `teamId`, `twitterId`, `favoriteCount`) VALUES (?, ?, ?, ?, ?, ?, ?)");
$insert_tweet->bind_param("ssssisi", $name, $twitter_user, $text, $date, $teamId, $id, $favoriteCount);
$insert_tweet->execute() or die(mysqli_error($con));
}
}
}
The problem is with your $con variable which is not connecting to the database, due to which the methods inside cannot be called.
also it is good pratice to add die() function to print error message after call to the execute function in PDO or mysqli, to see error in query use:
if using PDO:
$insert_tweet->execute() or die(print_r($con->errorInfo()));
if using mysqli:
$insert_tweet->execute() or die(mysqli_error($con));
I am updating my PHP to use mysqli:: instead of mysql_* and I have run into an issue with INSERT statements. I have the following statement:
$stmt = $link->prepare("INSERT INTO `table` (`a`, `b`, `c`) VALUES(?, ?, ?)");
$stmt->bind_param("sss", $a, $b, "0");
$stmt->execute();
I have checked $stmt and it is a proper mysqli_stmt object. It is prepared properly, but for some reason, the statement won't execute. I just get a 500 error from my server.
What am I missing?
Edit
I've determined that the issue is coming from the bind_param method.
Edit 2
Okay, so the error PHP is giving me is this:
Fatal error: Cannot pass parameter 4 by reference in...
This points to the line of bind_param
You can't pass a constant to bind_param. Put the value in a variable first:
$status = "0";
$stmt->bind_param("sss", $oid, $cid, $status);
$stmt->execute();
I have this code in MyFile.php
$db= mysqli_connect("host","user","pw","db");//connect to db
if (mysqli_connect_errno($con))//check connection
{echo "Failed to connect to MySQL: " . mysqli_connect_error();}
//Create a token for the unique link
$title= $_GET[apt_title];
$email= $_GET[mail_address];
$token = sha1(uniqid($email, true));
$time = $_SERVER["REQUEST_TIME"];
//prepare the query to be executed
$query = $db->prepare(
"INSERT INTO pending_users (email, token, title_apt, tstamp) VALUES (?, ?, ?, ?)"
);
$query->execute(
array(
$title,
$email,
$token,
$time
)
);
Error message:
Warning: mysqli_stmt::execute() expects exactly 0 parameters, 1 given in /websites
How should I call execute() the right way?
Because mysqli::execute() does not accept any parameters. Before calling it, you have to prepare the query and then bind the params to the query. Then you have to call the execute() method. So try like this:
$query = $db->prepare(
"INSERT INTO pending_users (email, token, title_apt) VALUES (?, ?, ?, ?)"
);
$query->bind_param('ssss', $title, $email, $token, $time);
$query->execute();
For more check the documentation
Passing parameters in execute() is available only as of PHP 8.1. You need to upgrade your PHP version or use the old bind_param().
you need to bind params before executing the query,
in procedural way do like this
mysqli_stmt_execute($stmt);
if you are doing it like object oriented way after binding params
/* Execute the statement */
$stmt->execute();
Docs link.
http://www.php.net/manual/en/mysqli-stmt.execute.php
If you look at the manual for mysqli::execute(), you'll see that it does not accept any parameters.
bool mysqli_stmt::execute ( void )
Instead, you should use mysqli::bind_param to bind your parameters.