This question already has answers here:
PHP parse/syntax errors; and how to solve them
(20 answers)
Parse error: syntax error, unexpected '[', expecting ')' [duplicate]
(2 answers)
Closed 7 years ago.
I am getting error:
Parse error: syntax error, unexpected ',', expecting '&' or variable (T_VARIABLE) in /root/folder/MySQLDao.php on line 67
However, everything seems fine. The chunk of code is:
public function registerUser($Facebookid, $firstname, $lastname, $FBpictureURL, $Gender, $UserEmail)
{
$sql = "insert into Users set FacebookId=?, firstname=?, lastname=?, FBpictureURL=?, Gender=?, UserEmail=?";
$statement = $this->conn->prepare($sql); // Line 66
// Line 67 is here
if (!$statement) // Line 68
throw new Exception($statement->error);
$statement->bind_param("isssss", $Facebookid, $firstname, $lastname, $FBpictureURL, $Gender, $UserEmail);
$returnValue = $statement->execute();
return $returnValue;
}
Edit: I got lots of criticism about duplicate post, however, none of the answers solved my solution so far. I have of course checked StackOverflow before I post my question. Anyway, the ones still willing to help, I pasted my code in here: http://justpaste.it/phpsql
Note:
Make sure that your given code is in MySQLDao.php file. Because it is hard to believe that it will return such error for that line (67), which is just blank.
Your insert query setup looks okay if your extension supports MySQL
It would look like this in standard form:
$sql = "INSERT INTO Users (FacebookId, firstname, lastname, FBpictureURL, Gender, UserEmail)
VALUES (?,?,?,?,?,?)";
Did you call the function correctly? Make sure that the passed-on variables for your registerUser() function is correctly passed-on from your POST form.
You may call your function like this (this is just an example way to call the function):
registerUser($_POST["Facebookid"],$_POST["firstname"],$_POST["lastname"],$_POST["FBPictureURL"],$_POST["Gender"],$_POST["UserEmail"]);
If the code in your given link is your updated copy, you forgot "SET" in your query.
It should look like this:
"INSERT INTO Users SET FacebookId=?, firstname=?, lastname=?, FBpictureURL=?, Gender=?, UserEmail=?";
in your sql statement there is 6 columns and in your bind_param function you are providing 7 params if there is no need of "issss" then please remove it because i thing it is id and if you have settle it as primary key and auto increment then you don't need to provide this argument
expected code:
$statement->bind_param($Facebookid, $firstname, $lastname, $FBpictureURL, $Gender, $UserEmail);
Related
This question already has answers here:
Error when preparing a multiple insert query
(5 answers)
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
Closed 5 years ago.
I am very unsure at why I am getting such an error with my code
try {
$stmt = $connection->prepare("INSERT INTO table (path, title, era, information)
VALUES (:path, :title, :era, :information)");
$stmt->bindParam(':path', $fname);
$stmt->bindParam(':title', $Name);
$stmt->bindParam(':era', $Era);
$stmt->bindParam(':descrip', $Description);
// insert row
$stmt->execute();
}
catch(PDOException $e) {
echo $e->getMessage();
}
echo "Upload Successful";
}
I have tried so many different options and I just cant fix the error
$fname=$_FILES["userfile"]["name"];
$Name =$_POST["name"];
$Era =$_POST["era"];
$Description =$_POST["info"];
these are the variables I used if that helps in solving my issue
You define the values ':path, :title, :era, :information' in your prepare statement but try to set a value for the field ':descrip' later on. Because this field is not defined in the prepare call you get that error.
Use ':information' instead of ':descrip'.
This question already has answers here:
Error message "Strict standards: Only variables should be passed by reference"
(6 answers)
Closed 6 years ago.
So my code look like this:
$sql = "INSERT INTO users (email, password) VALUES (:email, :password)";
$stmt = $conn->prepare($sql);
$stmt->bindParam(':email', $_POST['email']);
$stmt->bindParam(':password', sha1($_POST['password']));
if( $stmt->execute() ):
$message = 'Successfully created new user';
else:
$message = 'Sorry there must have been an issue creating your account';
endif;
Where the error is caused by this line:
$stmt->bindParam(':password', sha1($_POST['password']));
Hope someone can help me remove the 'Strict standards: Only variables should be passed by reference' error. Since its still executing everything.
bindParam takes a reference to the second argument instead of the value. This is done so changes to the variable value before executing the statement are recognized or, to rephrase it, so the value of the bound variable at execution time of the query is used, not the value the variable had when binding it.
References only work on variables - you cannot pass a reference to a function call. If you use a function call as second aprameter of bindParam, the value is passed instead of a reference, which is why everything keeps working - but it defeats the purpose of using a reference in the first place.
To fix the error message:
$passSha1 = sha1($_POST['password'])
$stmt->bindParam(':password', $passSha1);
// if you change passSha1 here, the new value will be used later
// in the execution of the statement
if( $stmt->execute() ):
// ...
Have you tried extracting a variable? Something like this:
$passwordHash = sha1($_POST['password']);
$stmt->bindParam(':password', $passwordHash);
This question already has answers here:
Cannot pass parameter 2 by reference error in php PDO
(2 answers)
Closed 6 years ago.
I am experiencing this error:
"Cannot pass parameter 2 by reference"
I looked up several threads, not a single solution actually worked for me, it might be a really stupid mistake/type..?
$stmt = $dbh->prepare("INSERT INTO messages (message, sender, key) VALUES (:message, :sender, :key)");
$stmt -> bindParam(':message', $message);
$stmt -> bindParam(':sender', 'Smith');
$stmt -> bindParam(':key', 'Test-Key');
$stmt -> execute();
This is my code.. The error is pointing at line 32, which is the "sender" line... I personally think it's the message line instead.
Thank you for your help! :)
The bindParam() method binds the parameter to a variable. Strings are what are called constants.
In order to make this work you have to pass a variable to the method, like this:
// Prepare the statement
$stmt = $dbh->prepare("INSERT INTO messages (message, sender, key) VALUES (:message, :sender, :key)");
// Bind variables to the parameters
$stmt->bindParam(':message', $message);
$stmt->bindParam(':sender', $sender);
$stmt->bindParam(':key', $key);
// Give the bound variables a value
$message = 'The message...';
$sender = 'Smith';
$key = 'Test-Key';
// And then execute the statement
$stmt->execute();
This question already has answers here:
Call to a member function bind_param() on a non-object [duplicate]
(6 answers)
Closed 7 years ago.
I'm trying to create a simple api which adds views to a table. i've then tried to use prepared statements inorder to avoid SQL injections, but cant seem to make it work. It keep returning following error: (Fatal error: Call to a member function bind_param() on a non-object in)
$con = new mysqli('host','user','pass','db');
$type = $_GET['type'];
$identifier = $_GET['identifier'];
$news = $_GET['newsid'];
$check = $con->prepare("SELECT * FROM news WHERE news.news_id =? OR news.type =? OR news.identifier=?");
$check->bind_param("iss", $news, $type, $identifier);
$check->execute();
if ($check->fetchColumn() > 0) {
$add_view = $con->prepare("INSERT INTO views VALUES (:news_id, :identifier, :type, CURRENT_TIMESTAMP())");
$add_view->bindValue(':news_id', $news);
$add_view->bindValue(':identifier', $identifier);
$add_view->bindValue(':ntype', $type);
$add_view->execute();
}
I think you are mixing mysqli and PDO implementation here. You should use bind_param for mysqli. bindParam and bindValue are PDOs.
Turn on warnings. You have an error somewhere in your syntax. So $con->prepare returns false and issues a warning.
You can find the text of the error in $con->error.
This question already has answers here:
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(2 answers)
Closed 2 years ago.
I have the following code:
$statement = $mysqli->prepare("INSERT INTO `paypal_transactions` (`txn_id`, `payer_email`, `mc_gross`, `mc_currency`, `expires`, `userid`) VALUES (?, ?, ?, ?, " . (time() + 2678400) . ", ?)");
file_put_contents('error.txt', $mysqli->error . mysqli_error($mysqli));
$statement->bind_param('ssdsi', $txn_id, $payer_email, $payment_amount, $payment_currency, $userid);
$statement->execute();
error.txt is blank every single time, and this is what I see in the error_log file:
[02-Jul-2013 09:08:15 America/Denver] PHP Fatal error:
Call to a member function bind_param() on a non-object in /home4/site/public_html/paypal.php on line 96
which is referring to the block of code above.
I am at my wits end with this, I have been trying to fix it for hours and it just won't work. I cannot find any problems with my sql query and I am losing my mind trying to figure out what's wrong.
It seems $statement = $mysqli->prepare(..) give result FALSE so $statement is not object and you can't use $statement->bind_param(..)
$statement = $mysqli->prepare("...");
if( $statement !== FALSE ) {
$statement->bind_param(...);
$statement->execute();
}
PHP - MySQLi - prepare
BTW: Have you test your SQL query directly in database by copy/paste ?
Don't use MYSQL keywords in $mysqli->prepare,for example:from,select etc.
So,your datatables fields name are important!Please checking