I've been using prepared statements for a good while now with no issues but today when I tried to call a MySQL function from a prepared statement I'm getting the following:
Fatal error: Call to a member function fetch_array() on boolean in DB.php on line 336
This is the code I'm using and there is nothing different from my usual SELECT, UPDATE or DELETE querys, I also have no issues calling procedures, granted none of my procedures are returning any value.
$sql = "SELECT FN_MAINTAIN_ASSET(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) AS assetId;";
try {
$conn = $this->open();
$stmt = $conn->prepare($sql);
if($stmt === false) {
trigger_error(sprintf($txt["error_sql"], $conn->error), E_USER_ERROR);
}
$stmt->bind_param('iiiisssbbiiiis', $modify, $type, $category, $year, $title, $description, $imageFilename, $imageMain, $imageThumbnail, $membersOnlyView, $privateView, $status, $memberId, $createdIp);
$stmt->execute();
$rs = $stmt->get_result();
$result = $rs->fetch_array(MYSQL_ASSOC); // Line 336
$rs->free();
$stmt->close();
$this->close($conn);
} catch (Exception $e) {
$logObj->error($e->getMessage());
}
$rs is empty just before line 336, no error messages from $stmteither.
If anyone has any suggestions or ideas, greatly appreciated.
From the manual for get_result:
Return Values
Returns a resultset for successful SELECT queries, or FALSE for other
DML queries or on failure. The mysqli_errno() function can be used to
distinguish between the two types of failure.
If your statement is returning a boolean, it failed. Check the error message from $stmt->error, and correct whatever's wrong.
Related
I am trying to write a query using a prepared statement.
mysqli_report(MYSQLI_REPORT_ALL);
$query = $conn->prepare("INSERT INTO notification(MessageId,TopicArn,Subject,Message,Timestamp,SignatureVersion,Signature,SigningCertURL,UnsubscribeURL,topicid)
VALUES (?, ?, ?, ?, ?,?, ?, ?, ?, ?)");
This throws the following exception
Fatal error: Uncaught exception 'mysqli_sql_exception' with message 'No data supplied for parameters in prepared statement'
Where as the following query works
$query = $conn->prepare("INSERT INTO notification(MessageId,TopicArn,Subject,Message,Timestamp,SignatureVersion,Signature,SigningCertURL,UnsubscribeURL,topicid)
VALUES (".$message['MessageId'].", '".$message['TopicArn']."', '".$message['Subject']."', '".$message['Message']."', '".$message['Timestamp']."',".$message['SignatureVersion'].", '".$message['Signature']."', '".$message['SigningCertURL']."', '".$message['UnsubscribeURL']."', ".$topic.")");
I want to use prepared statement with bind_param() function. What is wrong with first query? Please help.
As I suggested - you need to bind parameters to values before you can execute the sql ~ like this perhaps:
mysqli_report(MYSQLI_REPORT_ALL);
$sql='insert into notification
(messageid,topicarn,subject,message,timestamp,signatureversion,signature,signingcerturl,unsubscribeurl,topicid)
values
(?, ?, ?, ?, ?,?, ?, ?, ?, ?)';
$stmt = $conn->prepare( sql );
if( $stmt ){
/* assumed mainly strings other than those with `id` in column name */
$stmt->bind_param('issssssssi',
$message['MessageId'],
$message['TopicArn'],
$message['Subject'],
$message['Message'],
$message['Timestamp'],
$message['SignatureVersion'],
$message['Signature'],
$message['SigningCertURL'],
$message['UnsubscribeURL'],
$topic
);
$result=$stmt->execute();
/* Other code */
} else {
/* investigate why "prepare" method failed */
echo "Error:";
}
You can bind the data like below.
$stmt = $conn->prepare( $sql );
if( $stmt ){
$stmt->bind_param('issssssssi', $message['MessageId'], $message['TopicArn'],
$message['Subject'], $message['Message'], $message['Timestamp'],
$message['SignatureVersion'], $message['Signature'], $message['SigningCertURL'],
$message['UnsubscribeURL'] ,$message['UnsubscribeURL'] );
}
You just forgot to add $ infront of the sql please add that and try again.
I want to perform a select query on my users table with sqli in php.
For security reasons (sql injection) i want to do it using parameter(s).
Also i want to store the result in a php variable.
This is my code:
the $conn variable is filled in correctly.
$login = $_POST['username'];
//Check if username is available
/*Line44*/ $stmt = $conn->prepare("SELECT login FROM users WHERE login = ?");
/*Line45*/ $stmt->bind_param('s', $login);
$result = $stmt->execute();
if ($result->num_rows > 0)
{
echo "This username is in use.";
}
else
{
//Add account to database
$stmt = $conn->prepare("INSERT INTO users (login, password, email, gender) VALUES (?, ?, ?, ?)");
$stmt->bind_param('ssss', $login, $md5pass, $email, $gender);
$stmt->execute();
$stmt->close();
echo "<font color=\"#254117;\">Your account is succesfully geregistered! <br />U can now login!</font>";
}
I get this error:
Warning: mysqli::prepare() [mysqli.prepare]: Couldn't fetch mysqli in
C:\xampp\htdocs\cammerta\registreer.php on line 44
Fatal error: Call to a member function bind_param() on a non-object in
C:\xampp\htdocs\cammerta\registreer.php on line 45
I hope someone can provide an solution and explain to me what i did wrong.
Thanks in advance!
$mysqli = new mysqli('localhost', 'my_user', 'my_password', 'world');
$stmt = $mysqli->prepare("INSERT INTO CountryLanguage VALUES (?, ?, ?, ?)");
$stmt->bind_param('sssd', $code, $language, $official, $percent);
$stmt->execute();
Plus
1.Please run query in phpmyadmin or any program
2.Maybe you not set variables. $login, $md5pass, $email, $gender
$stmt = $conn->prepare statement may be return false.Please use given code for getting error in query.
if ($stmt = $conn->prepare('your query')) {
$stmt->bind_param(...);
}
else {
printf("Error=: %s\n", $conn->error);
}
I am updating my PHP to use mysqli:: instead of mysql_* and I have run into an issue with INSERT statements. I have the following statement:
$stmt = $link->prepare("INSERT INTO `table` (`a`, `b`, `c`) VALUES(?, ?, ?)");
$stmt->bind_param("sss", $a, $b, "0");
$stmt->execute();
I have checked $stmt and it is a proper mysqli_stmt object. It is prepared properly, but for some reason, the statement won't execute. I just get a 500 error from my server.
What am I missing?
Edit
I've determined that the issue is coming from the bind_param method.
Edit 2
Okay, so the error PHP is giving me is this:
Fatal error: Cannot pass parameter 4 by reference in...
This points to the line of bind_param
You can't pass a constant to bind_param. Put the value in a variable first:
$status = "0";
$stmt->bind_param("sss", $oid, $cid, $status);
$stmt->execute();
I'm trying to understand where I am wrong with this query..
$query = "INSERT INTO turni (data, utenteId, turno_ceduto, tipo_turno_ceduto,
turno_cercato,
note, date) VALUES (?, ?, ?, ?, ?, ?, NOW())";
$stmt = mysqli_prepare($dbc,$query);
mysqli_stmt_bind_param($stmt,'sissss', $data, $utenteId, $turno_ceduto,
$tipo_turno_ceduto, $turno_cercato, $note);
mysqli_stmt_execute($stmt);
$count = mysqli_stmt_affected_rows($stmt);
Why is $count -1??
Question
Why is $count -1??
Answer
-1 indicates that the query has returned an error
mysqli_stmt_affected_rows
You shoud check errors with mysqli_error, it's returns a string description of the last error.
You get the error description from the last mysqli-function, not from the last mysql-error.
You should always check for errors after each prepare() and execute(), and report the errors.
Here's an example:
if (($stmt = mysqli_prepare($dbc,$query)) === false) {
trigger_error(mysqli_error($dbc), E_USER_ERROR);
}
mysqli_stmt_bind_param($stmt,'sissss', $data, $utenteId, $turno_ceduto,
$tipo_turno_ceduto, $turno_cercato, $note);
if (mysqli_stmt_execute($stmt) === false) {
trigger_error(mysqli_stmt_error($stmt), E_USER_ERROR);
}
$count = mysqli_stmt_affected_rows($stmt);
I've gone over this script like 30 times, and I can't for the life of me find my problem. Here is the code:
function redeem() {
$case = $_POST["case"];
$name = $_POST["name"];
$profession = $_POST["profession"];
$city = $_POST["city"];
$country = $_POST["country"];
$totalpercent = $_POST["totalpercent"];
$pretest = $_POST["pretest"];
$posttest = $_POST["posttest"];
$investigationspercent = $_POST["investigationspercent"];
$timesreset = $_POST["timesreset"];
$creditsspent = $_POST["creditsspent"];
$timescompleted = $_POST["timescompleted"];
//Add the information to the learnent_cases_leaderboard table
$stmt = $this->db->prepare("INSERT INTO learnent_cases_leaderboard (case, name, profession, city, country, totalpercent, pretest, posttest, investigationspercent, creditsspent, timescompleted, timesreset, timestamp) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, CURRENT_TIMESTAMP)");
$stmt->bind_param("sssssiiiiiii", $case, $name, $profession, $city, $country, $totalpercent, $pretest, $posttest, $investigationspercent, $creditsspent, $timescompleted, $timesreset); //the quotations specify the type of variable;
//See http://php.net/manual/en/mysqli-stmt.bind-param.php for more information on bind_param
$stmt->execute();
$stmt->close();
When I look at the error log, it gives me this error message:
Line 105 is this line:
PHP Fatal error: Call to a member function bind_param() on a non-object on line 105
Code:
$stmt->bind_param("sssssiiiiiii", $case, $name, $profession, $city, $country, $totalpercent, $pretest, $posttest, $investigationspercent, $creditsspent, $timescompleted, $timesreset);
You never checked that $stmt is an object. In this case, it's more likely to be FALSE, which is what PDO::prepare returns when your query has an error in it.
And your query has an error in it, because you did not delimit your field names in backticks and timestamp is a keyword.
Check for errors after invoking functions from 3rd party APIs, and fix your query.
First of; always run your queries in the localhost to see if your query executes without error. Next always make sure your the names of the fields and data types corresponds with what you have in your code