This question already has answers here:
Error when preparing a multiple insert query
(5 answers)
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
Closed 5 years ago.
I am very unsure at why I am getting such an error with my code
try {
$stmt = $connection->prepare("INSERT INTO table (path, title, era, information)
VALUES (:path, :title, :era, :information)");
$stmt->bindParam(':path', $fname);
$stmt->bindParam(':title', $Name);
$stmt->bindParam(':era', $Era);
$stmt->bindParam(':descrip', $Description);
// insert row
$stmt->execute();
}
catch(PDOException $e) {
echo $e->getMessage();
}
echo "Upload Successful";
}
I have tried so many different options and I just cant fix the error
$fname=$_FILES["userfile"]["name"];
$Name =$_POST["name"];
$Era =$_POST["era"];
$Description =$_POST["info"];
these are the variables I used if that helps in solving my issue
You define the values ':path, :title, :era, :information' in your prepare statement but try to set a value for the field ':descrip' later on. Because this field is not defined in the prepare call you get that error.
Use ':information' instead of ':descrip'.
Related
This question already has answers here:
Unsure why I am getting: Number of variables doesn't match number of parameters in prepared statement
(2 answers)
Closed 10 months ago.
$insert_table = "INSERT INTO reviewst(name_show, score, content, author) VALUES('$name_show', '$score', '$review', '$author')";
$stmt = mysqli_prepare($conn, $insert_table);
if ($stmt === FALSE) {
echo "Error: " . mysqli_error($conn);
} else {
mysqli_stmt_bind_param($stmt, 'siss', $name_show, $score, $review, $author);
mysqli_stmt_execute($stmt);
}
ERROR:
Fatal error: Uncaught ArgumentCountError: The number of variables must match the number of parameters in the prepared statement in C:\xampp\htdocs\zp_milian_d_recenze\nav_links\create_review.php:77 Stack trace: #0 C:\xampp\htdocs\zp_milian_d_recenze\nav_links\create_review.php(77): mysqli_stmt_bind_param(Object(mysqli_stmt), 'siss', 'dfs', '1', 'fd', 'sdf') #1 {main} thrown in C:\xampp\htdocs\zp_milian_d_recenze\nav_links\create_review.php on line 77
I have no clue, why it shows this error when vars are spelled correctly, data types are also correct and number of vars is correct as well.
I tried to find the problem on internet, but it wasn't helpful, because in the post there was always problem with syntax, misspelled variables or wrong number of vars which I have correctly here.
Use ? as placeholders, Hence change
$insert_table = "INSERT INTO reviewst(name_show, score, content, author) VALUES('$name_show', '$score', '$review', '$author')";
to
$insert_table = "INSERT INTO reviewst(name_show, score, content, author) VALUES(?,?,?,?)";
This question already has answers here:
Reference - What does this error mean in PHP?
(38 answers)
Why does this PDO statement silently fail?
(2 answers)
Closed 2 years ago.
I am modifying my code against sql injection. Commented is old code (2 strings).
Uncommented is new. But i see no effect of the code. Database isnt updated and debug info isnt printed. My server runs php 5.6. Neither "Success" nor "Error" is printed.
Heres the code:
add_answer.php
// Insert answer
//$sql2="INSERT INTO $tbl_name(question_id, a_id, a_name, a_email, a_answer, a_img, a_datetime)VALUES('$id', '$Max_id', '$a_name', '$a_email', '$a_answer', '$a_img', '$datetime')";
$stmt = $dbh->prepare("INSERT INTO $tbl_name (question_id, a_id, a_name, a_email, a_answer, a_img, a_datetime)
VALUES (:qid, :aid, :nam, :eml, :ans, :img, :datet)");
$stmt->bindParam(':qid', $id);
$stmt->bindParam(':aid', $Max_id);
$stmt->bindParam(':nam', $a_name);
$stmt->bindParam(':eml', $a_email);
$stmt->bindParam(':ans', $a_answer);
$stmt->bindParam(':img', $a_img);
$stmt->bindParam(':datet', $a_datetime);
$result2=$stmt->execute(); $stmt->debugDumpParams();
//$result2=mysql_query($sql2);
if ($result2)
echo "Success";
else
echo "Error";
Not sure it will work, but maybe try hard coding the table name rather than using a variable for it in the query.
This question already has answers here:
Cannot pass parameter 2 by reference error in php PDO
(2 answers)
Closed 6 years ago.
I am experiencing this error:
"Cannot pass parameter 2 by reference"
I looked up several threads, not a single solution actually worked for me, it might be a really stupid mistake/type..?
$stmt = $dbh->prepare("INSERT INTO messages (message, sender, key) VALUES (:message, :sender, :key)");
$stmt -> bindParam(':message', $message);
$stmt -> bindParam(':sender', 'Smith');
$stmt -> bindParam(':key', 'Test-Key');
$stmt -> execute();
This is my code.. The error is pointing at line 32, which is the "sender" line... I personally think it's the message line instead.
Thank you for your help! :)
The bindParam() method binds the parameter to a variable. Strings are what are called constants.
In order to make this work you have to pass a variable to the method, like this:
// Prepare the statement
$stmt = $dbh->prepare("INSERT INTO messages (message, sender, key) VALUES (:message, :sender, :key)");
// Bind variables to the parameters
$stmt->bindParam(':message', $message);
$stmt->bindParam(':sender', $sender);
$stmt->bindParam(':key', $key);
// Give the bound variables a value
$message = 'The message...';
$sender = 'Smith';
$key = 'Test-Key';
// And then execute the statement
$stmt->execute();
This question already has an answer here:
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
Closed 2 months ago.
I've been stuck on this error , please help me this is my code
PHP Fatal error: Call to a member function bind_param()
$statement= $db->prepare("insert into uploaddetails(idnum,title,desc,author,tags,title) values(?,?,?,?,?,?)");
$id='NULL';
$title=$_POST['title'];
$description=$_POST['description'];
$author=$_POST['author'];
$tags=$_POST['tags'];
$file= basename($_FILES["fileToUpload"]["name"]);
$statement->bind_param( 'isssss', $id,$title, $description,$author,$tags,$file);
$statement->execute();
$db->close();
$statement->close();
Since nobody else has spotted the issue, I'll post it for you. The reason you're prepare() is failing is because you're trying to use a MySQL Reserved Word. The word desc is a reserved word in MYSQL, which means you need to wrap it in backticks like this:
$statement= $db->prepare("insert into uploaddetails(idnum,title,`desc`,author,tags,file) values(?,?,?,?,?,?)");
It also helps to use proper practice when inserting into a database/using prepared statements.
$statement= $db->prepare("insert into uploaddetails(idnum,title,`desc`,author,tags,title) values(?,?,?,?,?,?)");
if($statement !== FALSE) {
// do the binds...etc
}
Notes
file is also a reserved word, I don't know what your actual file columns name is, so keep that in mind.
Your prepare statement is failing because of the query, what you need to do is to make sure the statement is not false in order to execute bind_param, otherwise view the prepare query error as follows :
//Make sure the statement is not false
if($statement !== FALSE)
{
$statement->bind_param( 'isssss', $id,$title, $description,$author,$tags,$file);
$statement->execute();
$db->close();
$statement->close();
}
//Otherwise check why the prepare statement failed
else
{
die('prepare() failed: ' . htmlspecialchars($db->error));
}
Try this. your code is modified.
$statement= $db->prepare("INSERT INTO uploaddetails (title,desc,author,tags,file) VALUES(?,?,?,?,?)");
//$id='NULL';
$title=$_POST['title'];
$description=$_POST['description'];
$author=$_POST['author'];
$tags=$_POST['tags'];
$file= $_FILES["fileToUpload"]["name"];
$statement->bind_param( 'isssss',$title, $description,$author,$tags,$file);
$statement->execute();
$db->close();
$statement->close();
//---- Move the file to desired location...
-ID is not required because it is auto increment and mysql will take care of it,
-and you had wrong field name for file, which was title and I change it to file(correct it if you have any other name instead).
possible errors
1)column count in the table is different from your query.
2)although it shows the error in the bind_param line, the error may occur in the prepare statement line(in your case line 1)
3)you can put echo statement before and after these lines and caught the error
(in my case I repeated the same field name twice in the prepared statement)
fetch following code with your requirements and tryout
$stmt = $conn->prepare("INSERT INTO SalesReturn(CRDNUMBER, CRDDATE, REFERENCE,CUSTOMER,ITEM,QTYRETURN,UNITPRICE,TIAMOUNT1,TIAMOUNT2,EXTCRDMISC,TAMOUNT1,TAMOUNT2,CRDSUBTOT,CRDNET,CRDETAXTOT,CRDNETNOTX,CRDNETWTX,TransactionType) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)");
echo "after prepare";
$stmt->bind_param("ssssssssssssssssss",$CRDNUMBER,$CRDDATE,$REFERENCE,$CUSTOMER,$ITEM,$QTYRETURN,$UNITPRICE,$TIAMOUNT1,$TIAMOUNT2,$EXTCRDMISC,$TAMOUNT1,$TAMOUNT2,$CRDSUBTOT,$CRDNET,$CRDETAXTOT,$CRDNETNOTX,$CRDNETWTX,$TransactionType);
echo "after bind_param statement";
This question already has an answer here:
PHP mysqli prepare statement not working
(1 answer)
Closed 1 year ago.
I simply want to select a bunch of fields from a data base - as I have done it a lot of times before... But somehow I get this error:
Warning: mysqli_stmt_bind_result(): Number of bind variables doesn't match number of fields in prepared statement
But I count exactly 14 columns, so why when I add 14 variables does it throw this error?
public function get_invitation_fields()
{
$this->fields_db = array();
include('system/mysqli_db.php'); //db connection opens here
$statement="SELECT
invitation_ID,
recipient,
text,
name,
usr_ID,
deleted,
send_date,
resend_date,
last_date,
status,
register_date,
verify_date,
redeem_date
trans_ID
FROM invitations WHERE email=?";
if ($stmt = mysqli_prepare($db, $statement))
{
mysqli_stmt_bind_param($stmt, "s", $this->email);
if(!mysqli_stmt_execute($stmt))
{echo mysqli_stmt_error($stmt); echo mysqli_error($db); }
mysqli_stmt_bind_result($stmt,
$this->fields_db['invitation_ID'],
$this->fields_db['recipient'],
$this->fields_db['text'],
$this->fields_db['name'],
$this->fields_db['usr_ID'],
$this->fields_db['deleted'],
$this->fields_db['send_date'],
$this->fields_db['resend_date'],
$this->fields_db['last_date'],
$this->fields_db['status'],
$this->fields_db['register_date'],
$this->fields_db['verify_date'],
$this->fields_db['redeem_date'],
$this->fields_db['trans_ID']
); //PHP points the error to this line.
mysqli_stmt_fetch($stmt);
$this->invite_fields_db = $this->fields_db;
mysqli_stmt_close($stmt);
}
else
{
echo mysqli_stmt_error($stmt);
echo mysqli_error($db);
}
mysqli_close($db);
}
Can anyone see what's wrong?
Just don't use mysqli with it's bind_result, which indeed makes you ask other people to count your variables.
Either use PDO, which will make your code as short as
public function get_invitation_fields($email)
{
global $pdo; // connection should be opened ONCE at the beginning of the whole app
$sql = "SELECT * FROM invitations WHERE email=?";
$stm = $pdo->prepare($sql);
$stm->execute(array($email));
return $stm->fetch(); // values have to be RETURNED, not assigned
}
or at least use get_result() to get a familiar array from the query, without need of binding every variable manually, though it's not guaranteed to work.