This question already has answers here:
Cannot pass parameter 2 by reference error in php PDO
(2 answers)
Closed 6 years ago.
I am experiencing this error:
"Cannot pass parameter 2 by reference"
I looked up several threads, not a single solution actually worked for me, it might be a really stupid mistake/type..?
$stmt = $dbh->prepare("INSERT INTO messages (message, sender, key) VALUES (:message, :sender, :key)");
$stmt -> bindParam(':message', $message);
$stmt -> bindParam(':sender', 'Smith');
$stmt -> bindParam(':key', 'Test-Key');
$stmt -> execute();
This is my code.. The error is pointing at line 32, which is the "sender" line... I personally think it's the message line instead.
Thank you for your help! :)
The bindParam() method binds the parameter to a variable. Strings are what are called constants.
In order to make this work you have to pass a variable to the method, like this:
// Prepare the statement
$stmt = $dbh->prepare("INSERT INTO messages (message, sender, key) VALUES (:message, :sender, :key)");
// Bind variables to the parameters
$stmt->bindParam(':message', $message);
$stmt->bindParam(':sender', $sender);
$stmt->bindParam(':key', $key);
// Give the bound variables a value
$message = 'The message...';
$sender = 'Smith';
$key = 'Test-Key';
// And then execute the statement
$stmt->execute();
Related
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Why does this PDO statement silently fail?
(2 answers)
Closed 5 years ago.
i'm trying to insert values into a mysql table using inputs from another page using $_POST and a prepared statement. My understanding is that you need to use the bindParam function for each of the variables being inserted because you cant use variables in a mysql query.
My issue is that the bindParam function requires the length of the variable being binded and the variable's value is unknown because it is decided by the user input.
Do I have to create a variable for the string length of the variable I want to assign a Param to?
if(isset($_POST['name_input'])) {
$name = $_POST['name_input'];
$genre = $_POST['genre_input'];
$size = $_POST['size_input'];
$rating = $_POST['rating_input'];
$date = $_POST['date_input'];
}
if(!empty($name)) {
$addedQuery = $db->prepare(
"INSERT INTO `torrent_list` (`movie_name`,
`movie_genre`,`file_size`, `rating`,
`release_date`) VALUES (NULL, ':name', ':genre', ':size', ':rating',
':date')");
$addedQuery->bindValue(':name', $name, PDO::PARAM_STR);
$addedQuery->bindValue(':genre', $genre, PDO::PARAM_STR);
$addedQuery->bindValue(':size', $size, PDO::PARAM_STR);
$addedQuery->bindValue(':rating', $rating, PDO::PARAM_STR);
$addedQuery->bindValue(':date', $date, PDO::PARAM_STR);
$addedQuery->execute(
);
}
Thanks.
This question already has answers here:
Error when preparing a multiple insert query
(5 answers)
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
Closed 5 years ago.
I am very unsure at why I am getting such an error with my code
try {
$stmt = $connection->prepare("INSERT INTO table (path, title, era, information)
VALUES (:path, :title, :era, :information)");
$stmt->bindParam(':path', $fname);
$stmt->bindParam(':title', $Name);
$stmt->bindParam(':era', $Era);
$stmt->bindParam(':descrip', $Description);
// insert row
$stmt->execute();
}
catch(PDOException $e) {
echo $e->getMessage();
}
echo "Upload Successful";
}
I have tried so many different options and I just cant fix the error
$fname=$_FILES["userfile"]["name"];
$Name =$_POST["name"];
$Era =$_POST["era"];
$Description =$_POST["info"];
these are the variables I used if that helps in solving my issue
You define the values ':path, :title, :era, :information' in your prepare statement but try to set a value for the field ':descrip' later on. Because this field is not defined in the prepare call you get that error.
Use ':information' instead of ':descrip'.
This question already has answers here:
Error message "Strict standards: Only variables should be passed by reference"
(6 answers)
Closed 6 years ago.
So my code look like this:
$sql = "INSERT INTO users (email, password) VALUES (:email, :password)";
$stmt = $conn->prepare($sql);
$stmt->bindParam(':email', $_POST['email']);
$stmt->bindParam(':password', sha1($_POST['password']));
if( $stmt->execute() ):
$message = 'Successfully created new user';
else:
$message = 'Sorry there must have been an issue creating your account';
endif;
Where the error is caused by this line:
$stmt->bindParam(':password', sha1($_POST['password']));
Hope someone can help me remove the 'Strict standards: Only variables should be passed by reference' error. Since its still executing everything.
bindParam takes a reference to the second argument instead of the value. This is done so changes to the variable value before executing the statement are recognized or, to rephrase it, so the value of the bound variable at execution time of the query is used, not the value the variable had when binding it.
References only work on variables - you cannot pass a reference to a function call. If you use a function call as second aprameter of bindParam, the value is passed instead of a reference, which is why everything keeps working - but it defeats the purpose of using a reference in the first place.
To fix the error message:
$passSha1 = sha1($_POST['password'])
$stmt->bindParam(':password', $passSha1);
// if you change passSha1 here, the new value will be used later
// in the execution of the statement
if( $stmt->execute() ):
// ...
Have you tried extracting a variable? Something like this:
$passwordHash = sha1($_POST['password']);
$stmt->bindParam(':password', $passwordHash);
This question already has answers here:
Cannot pass parameter 2 by reference - uuid PDO
(4 answers)
Closed 1 year ago.
I am using PHP PDO to insert into a MYSQL database using PHP. I am getting the error:
Fatal error: Cannot pass parameter 2 by reference in
/home/sandyit/public_html/hosting/findibuzz/design2/sign-up.php on
line 200
This is my code:
$ID is an auto incremented integer while the rest are varchar variables filled out as below as an example:
$db = new PDO('mysql:host=localhost;dbname=dbname;charset=utf8', 'dbusername', 'dbpass');
$FULLNAME = "David";
$PW_HASH = "sadsad";
$SALT = "adadad";
$EMAIL_ADDRESS = "david#gmail.com";
$ID=0;
$addrequest = $db->prepare("INSERT INTO FB_USERS (ID,FULL_NAME,PASSWORD,PASSWORD_SALT,EMAIL_ADDRESS) VALUES (:ID,:FULL_NAME,:PASSWORD,:PASSWORD_SALT,:EMAIL_ADDRESS)");
$addrequest->bindParam(':ID',$ID, PDO::PARAM_INT);
$addrequest->bindParam(':FULL_NAME',$FULL_NAME, PDO::PARAM_STR);
$addrequest->bindParam(':PASSWORD',$PW_HASH, PDO::PARAM_STR);
$addrequest->bindParam(':PASSWORD_SALT',$SALT, PDO::PARAM_STR);
$addrequest->bindParam(':EMAIL_ADDRESS',$EMAIL_ADDRESS, PDO::PARAM_STR);
$addrequest->execute();
$addrequest->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
I know i have something wrong, but i cannot spot the error, can i have some advise please?
Thanks
Just for reference. I know this wont help solve your problem, but you could do something like this (see code below) to achieve the same result:
$db = new PDO('mysql:host=localhost;dbname=dbname;charset=utf8', 'dbusername', 'dbpass');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql = "INSERT INTO FB_USERS (FULL_NAME,PASSWORD,PASSWORD_SALT,EMAIL_ADDRESS)
VALUES (:FULL_NAME,:PASSWORD,:PASSWORD_SALT,:EMAIL_ADDRESS)";
$stmt = $db->prepare($sql);
$params = array
(
'FULL_NAME'=>'David',
'PASSWORD'=>'sadsad',
'PASSWORD_SALT'=>'adadad',
'EMAIL_ADDRESS'=>'david#gmail.com'
);
$stmt->execute($params)
I find it easier to work with an array and than to just pass it to the statment.
But I guess its just a mather of taste.
Like I said this is just for reference and wont help you resolve your issue.
Remove quotation marks from '$ID'
$addrequest->bindParam(':ID',$ID, PDO::PARAM_INT);
This question already has an answer here:
PHP mysqli prepare statement not working
(1 answer)
Closed 1 year ago.
I simply want to select a bunch of fields from a data base - as I have done it a lot of times before... But somehow I get this error:
Warning: mysqli_stmt_bind_result(): Number of bind variables doesn't match number of fields in prepared statement
But I count exactly 14 columns, so why when I add 14 variables does it throw this error?
public function get_invitation_fields()
{
$this->fields_db = array();
include('system/mysqli_db.php'); //db connection opens here
$statement="SELECT
invitation_ID,
recipient,
text,
name,
usr_ID,
deleted,
send_date,
resend_date,
last_date,
status,
register_date,
verify_date,
redeem_date
trans_ID
FROM invitations WHERE email=?";
if ($stmt = mysqli_prepare($db, $statement))
{
mysqli_stmt_bind_param($stmt, "s", $this->email);
if(!mysqli_stmt_execute($stmt))
{echo mysqli_stmt_error($stmt); echo mysqli_error($db); }
mysqli_stmt_bind_result($stmt,
$this->fields_db['invitation_ID'],
$this->fields_db['recipient'],
$this->fields_db['text'],
$this->fields_db['name'],
$this->fields_db['usr_ID'],
$this->fields_db['deleted'],
$this->fields_db['send_date'],
$this->fields_db['resend_date'],
$this->fields_db['last_date'],
$this->fields_db['status'],
$this->fields_db['register_date'],
$this->fields_db['verify_date'],
$this->fields_db['redeem_date'],
$this->fields_db['trans_ID']
); //PHP points the error to this line.
mysqli_stmt_fetch($stmt);
$this->invite_fields_db = $this->fields_db;
mysqli_stmt_close($stmt);
}
else
{
echo mysqli_stmt_error($stmt);
echo mysqli_error($db);
}
mysqli_close($db);
}
Can anyone see what's wrong?
Just don't use mysqli with it's bind_result, which indeed makes you ask other people to count your variables.
Either use PDO, which will make your code as short as
public function get_invitation_fields($email)
{
global $pdo; // connection should be opened ONCE at the beginning of the whole app
$sql = "SELECT * FROM invitations WHERE email=?";
$stm = $pdo->prepare($sql);
$stm->execute(array($email));
return $stm->fetch(); // values have to be RETURNED, not assigned
}
or at least use get_result() to get a familiar array from the query, without need of binding every variable manually, though it's not guaranteed to work.