This question already has answers here:
Call to a member function bind_param() on a non-object [duplicate]
(6 answers)
Closed 6 years ago.
I'm learning mysqli_. If I run the query without the bind_param it works, but if I add the bind_param my query stops working.
This is my code:
// Make a connection to database.
$user = 'test';
$sql = "SELECT * FROM `user` WHERE `user` = ?";
$querySelect = $mysqli->prepare($sql);
$querySelect->bind_param('s', $user);
$querySelect->execute();
echo 'N: '.$querySelect->num_rows.'<br>'; // Got 0, but the correct result is 1.
ERROR:
Call to a member function bind_param() on a non-object
I guess this line returns false:
$querySelect = $mysqli->prepare($sql);
try to do:
var_dump($querySelect);
in order to be sure. If return false, that means something wrong with getting data user from database (wrong table, connection, table column, ...)
but this sql is also strange:
$sql = "SELECT * FROM `user` WHERE `user` = ?";
maybe you wanted to write:
$sql = "SELECT * FROM `user` WHERE `user_id` = ?";
so, user_id instead of user or maybe only id, depends on the name of you primary key
Related
This question already has answers here:
mysqli prepared statement num_rows returns 0 while query returns greater than 0 [duplicate]
(3 answers)
Closed 3 years ago.
Even though there is an entry in the database, with this query, I always get 0 entries back
$sql = "SELECT * FROM saved_food WHERE user_id = ? AND favorite_food LIKE ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param("is", $me['id'], $favFood);
$stmt->execute();
var_dump($stmt->num_rows);
the dump is 0
The user_id colum is a foreign key, and shows to the id of the table "user".
I can't see the error here.
Is there a special method for foreignkey values?
I got the error... facepalm
I forgot to call ->get_result();
$sql = "SELECT * FROM saved_food WHERE user_id = ? AND favorite_food LIKE ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param("is", $me['id'], $favFood);
$stmt->execute();
$result = $stmt->get_result();
var_dump($result->num_rows);
This question already has answers here:
Can I parameterize the table name in a prepared statement? [duplicate]
(2 answers)
Closed 5 years ago.
It is working
$result = $conn->prepare("SELECT * FROM questions");
$result->execute();
But this not
$result = $conn->prepare("SELECT * FROM (?)");
$result -> bind_param("s", $name_tb);
$name_tb = "questions";
$result->execute();
The error is:
Call to a member function bind_param() on boolean
This won't work.
It is actually not possible to bind table names. You can only bind query parameters. What you can do is something like:
$table = "TABLENAME";
query($table);
function query($table) {
$sql = "SELECT * FROM $table";
}
For sure you have to edit the content of the function that it'll work. Its just to show you an example. But keep in mind: No tablenames. Only parameters with bind.
This question already has answers here:
Can I parameterize the table name in a prepared statement? [duplicate]
(2 answers)
Closed 5 years ago.
I try to prepare statement to sql (mysqli) in php, but there is an error code as written above. This is the code I wrote:
if (!$this->isUserExist($username, $token)) {return false;}
$tables = array();
$tables[0] = "faculty";
$tables[1] = "department";
$tables[2] = "teacher";
$tables[3] = "announcement";
$ttable = $tables[$table];
var_dump($ttable); // faculty
var_dump($id); // 6
echo "DELETE FROM ".$ttable." WHERE ".$ttable.".id = ".$id.""; //returns DELETE FROM faculty WHERE faculty.id = 6
$stmt = $this->con->prepare("DELETE FROM ? WHERE ?.id = ?"); //Fatal error occurs here
$stmt->bind_param("sss",$ttable,$ttable,$id);
//$stmt->execute();
if ($stmt->num_rows> 0) {
return "true";
} else {
return "false";
}
However if i insert exact statement without any placeholders that is shown in echo my i get no errors, and MySQL database successfully deletes row.
$stmt = $this->con->prepare("DELETE FROM faculty WHERE faculty.id = 6"); //no errors occur, executing this statement does affect row in MySQL database
The system doesn't allow to 'prepare' table names, You should do it this way
$stmt = $this->con->prepare("DELETE FROM ".$ttable." WHERE ".$ttable.".id = ?"); //Fatal error occurs here
$stmt->bind_param("s",$id);
please read this http://us3.php.net/manual/en/book.pdo.php#69304
Table and Column names cannot be replaced by parameters in PDO.
Do something like this:
$query = "DELETE FROM ".$ttable." WHERE ".$ttable.".id = ?";
$stmt = $this->con->prepare($query);
$stmt->bind_param("s",$id);
This question already has answers here:
MySQL "LIKE" search doesn't work
(2 answers)
Closed 7 years ago.
I am attempting to create a search function for my website using PDO. At the moment I send the search query through the URL and then try to fetch the results however whenever I do a var dump it returns null. I tested the query on PHP my admin and it returns around 4 results.
I use a class I created to connect to the database, this works on all my other queries.
Here is my search function
function search($query) {
$sql = "SELECT * FROM `Sweets` WHERE `Description` LIKE :search";
$stmt = $this->connection->prepare($sql);
$stmt->bindParam(':search', $query);
$stmt->execute();
$done = $stmt->fetch();
var_dump($done[0]);
}
Below is the search php my form calls as an action
<?php
// Start our connecting to our database
require('class-database-functions.php');
$database = new Database_Functions();
// Get the search value passed through $_GET
$search_query = $_GET['query'];
$search = $database->search($search_query);
?>
Try this
$sql = "SELECT * FROM `Sweets` WHERE `Description` LIKE ?";
$stmt = $this->connection->prepare($sql);
$stmt->bindValue(1, "%$query%",PDO::PARAM_STR);
This question already has answers here:
MySQLi equivalent of mysql_result()?
(12 answers)
Closed 9 years ago.
I am trying to return the user's id number from the database but I can't figure out how to return the result of the query. I used to use mysql_result() so what would I need to do now that I'm using mysqli?
function user_id_from_username($username){
$query = mysqli_query($conn, "SELECT `user_id` FROM `users` WHERE `username` = '$username'");
return (what?);
}
You haven't reaped one of the main benefits of moving from mysql to mysqli, which is using prepared statements to parameterize your queries and protect yourself from injection.
$query = mysqli_prepare($conn, "SELECT user_id FROM `users` WHERE username = ?");
mysqli_stmt_bind_param($query, "s", $username);
mysqli_stmt_execute($query);
mysqli_stmt_bind_result($query, $userid);
mysqli_stmt_fetch($query);
//$userid is now user_id
check this http://php.net/manual/en/mysqli.query.php for myqli_query usage. and this http://www.php.net/manual/en/class.mysqli-result.php on how to get the values from the result.