I have this line of code to enter data into a database using binding:
$mysql = "INSERT INTO Orders (`Name`, `Recipient`, `Destination`, `Room`, `Message`, `Anonymous`, `OffCampus`, `OffCampusAddress`) VALUES (?, ?, ?, ?, ?, ?, ?, ?)";
$stmt = mysqli_prepare($con,$mysql);
Oddly enough, this error only occurs when a value for the column Recipient is entered in the html form. When nothing is entered in the field it works. The error is:
mysqli error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '0' at line 1
Could anyone tell me why entering a value for the parameter would cause a MySQL syntax error? Thanks in advance, and sorry if it's obvious, I'm new to web development.
Here is my binding:
mysqli_stmt_bind_param($stmt, 'ssssssss', $name, $recipient, $destination, $room, $message, $anonymous, $offcampus, $offcampusaddress);
I think you should do like this as in my below code.
$mysqli = new mysqli('localhost', 'root', '', 'DBNAME');
/* check connection */
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
$stmt = $mysqli->prepare("INSERT INTO Orders (`Name`, `Recipient`, `Destination`, `Room`, `Message`, `Anonymous`, `OffCampus`, `OffCampusAddress`) VALUES (?, ?, ?, ?, ?, ?, ?, ?)");
$stmt->bind_param("sssdssss", $Name, $Recipient, $Destination, $Room, $Message, $Anonymous, $OffCampus, $OffCampusAddress);
$Name= 'DEU';
$Recipient= 'Bavarian';
$Destination= "XYZ";
$Room= 15;
$Message= 'May I help you';
$Anonymous= 'i do not know';
$OffCampus= "YY";
$OffCampusAddress= "Known Street";
/* execute prepared statement */
$stmt->execute();
printf("%d Row inserted.\n", $stmt->affected_rows);
/* close statement and connection */
$stmt->close();
In bind parameters (sssdssss) means the the type of parameter as you given as input. s for string value, and d for decimal value.
I keep sssdssss because, d is decimal i.e. no: of rooms and this type comes first, if in your db, you keep it varchar so you may convert d to s.
you have write wrong syntax in you question i.e.
mysqli_stmt_bind_param($stmt, 'ssssssss', $name, $recipient, $destination, $room, $message, $anonymous, $offcampus, $offcampusaddress);
Hope it will help you.
Thanks
Related
I'm trying to insert some value into my database, but I got no result, but the code got no error, and the result label said it is succeed. My database connection working. How to check the issue here, I confused.
My Code Here
// insert new data to menu table
$sql_query = "INSERT INTO tbl_jadwal (Nama_Lokasi, Category_ID, Longitude, Latitude, Phone, Email, Menu_image, Description)
VALUES(?, ?, ?, ?, ?, ?, ?, ?)";
$upload_image = 'upload/images/' . $menu_image;
$stmt = $connect->stmt_init();
if ($stmt->prepare($sql_query))
{
// Bind your variables to replace the ?s
$stmt->bind_param('sssssss',
$nama_lokasi,
$category_ID,
$longitude,
$latitude,
$phone,
$email,
$upload_image,
$description
);
// Execute query
$stmt->execute();
// store result
$result = $stmt->store_result();
$stmt->close();
}
This should do, you were missing one s in the param string
$stmt->bind_param('ssssssss',
$nama_lokasi,
$category_ID,
$longitude,
$latitude,
$phone,
$email,
$upload_image,
$description
And you have way too much code. Only a very little part of it is relevant
I am getting issues with the bind_param function. I will post all the information below.
Error:
Fatal error: Call to a member function bind_param() on a non-object in /home4/lunar/public_html/casino/blogpost.php on line 88
MySQL Error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ':user, :title, :message, :image, :category, NOW())' at line 1
Query:
$user = $_COOKIE['user'];
$title = $_POST['title'];
$message = $_POST['message'];
$image = $_POST['image'];
$category = $_POST['category'];
$stmt = $mysqli->prepare("INSERT INTO `lunar_casino`.`posts` (`id`, `by`, `title`, `message`, `image`, `category`, `date`) VALUES(NULL, :user, :title, :message, :image, :category, NOW())");
echo $mysqli->error;
$stmt->bind_param(":user", $user);
$stmt->bind_param(":title", $title);
$stmt->bind_param(":message", $message);
$stmt->bind_param(":image", $image);
$stmt->bind_param(":category", $category);
$stmt->execute();
if(!$stmt){
echo "<font color='red'><b>There has been an error with our database! Please contact the website administrator!</b></font><br /><br />";
echo $mysqli->error;
} else {
echo "<font color='green'><b>You have successfully added a blog post!</b></font><br /><br />";
}
Any ideas why its like this?
As Rocket Hazmat mentioned you can only use question marks as bind parameter place holder.
You should do something similar:
$stmt = $mysqli->prepare("INSERT INTO `lunar_casino`.`posts` (`id`, `by`, `title`, `message`, `image`, `category`, `date`) VALUES(NULL, ?, ?, ?, ?, ?, NOW())");
$stmt->bind_param("sssss", $user, $title, $message, $image, $category);
More details: http://www.php.net/manual/en/mysqli-stmt.bind-param.php
$stmt->bind_param("sssss", $user, $title, $message, $image, $category);
on the first argument the s = string and i = integer. You need to specify which type of value you want to add to the database. If you want to add 5 values that are strings to the database then write 'sssss' if you want to insert 5 integers then write 'iiiii' if you have some integers values and some string values then you can adjust accordingly.
//so if your values are all strings then this would be correct :
$stmt->bind_param("sssss", $user, $title, $message, $image, $category);
//so if your values are all integers then this would be correct :
$stmt->bind_param("iiiii", $user, $title, $message, $image, $category);
//if the first 2 are integers and the other 3 strings then this would be correct :
$stmt->bind_param("iisss", $user, $title, $message, $image, $category);
and so on.
I'm new to SQL so i'm probably missing something. Apparently I have a syntax error on this line:
$mysql = 'INSERT INTO Orders (Name, Recipient, Destination, Room, Message, Anonymous, OffCampus, OffCampusAddress) VALUES (?, ?, ?, ?, ?, ?, ?, ?)';
Could anyone help me identify what I am doing wrong? Thanks in advance
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?, ?, ?, ?, ?, ?, ?, ?)' at line 1
Here is my parameter binding:
mysqli_stmt_bind_param($stmt, 'ssssssss', $name, $recipient, $destination, $room, $message, $anonymous, $offcampus, $offcampusaddress);
It should look like this:
$link = mysqli_connect('localhost', 'my_user', 'my_password', 'world');
$mysql = "INSERT INTO Orders\n" +
"(Name, Recipient, Destination, Room, Message, Anonymous, OffCampus, OffCampusAddress)\n" +
"VALUES\n" +
"(?, ?, ?, ?, ?, ?, ?, ?)";
$stmt = mysqli_prepare($link, $mysql);
mysqli_stmt_bind_param($stmt, 'ssssssss', $name, $recipient, $destination, $room, $message, $anonymous, $offcampus, $offcampusaddress);
mysqli_stmt_execute($stmt);
Try to add ` for column names and ' for values. it may work
I've been sitting on the same small problem now for over 10 hours, so it's time to ask stackoverflow! I'm connected to the database but when calling mysqli_stmt_bind_param I get "invalid object or resource".
I've tried the insert statement in the console and it works fine..
<?php
$con=mysqli_connect("127.0.0.1:3306", "myUsername", "password");
mysqli_select_db($con, "webshop");
if (mysqli_connect_errno($con))
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$query= mysqli_stmt_init($con);
mysqli_stmt_prepare($query, "INSERT INTO user (name, email, hash, address, tel) VALUES (?, ?, ?, ?, ?)");
mysqli_stmt_bind_param($query, "ssssi", $name, $email, $hash, $address, $tel);
if(mysqli_stmt_execute($query))
{
mysqli_close($con);
}
?>
Thankful for any help at all!
You have to use the statement object returned by mysqli_stmt_prepare()
$stmt = mysqli_stmt_prepare($con, "INSERT INTO user (name, email, hash, address, tel) VALUES (?, ?, ?, ?, ?)");
mysqli_stmt_bind_param($stmt, "ssssi", $name, $email, $hash, $address, $tel);
if(mysqli_stmt_execute($stmt))
Also, the mysqli_stmt_init($con) call is not needed (I think).
mysqli_stmt_init is needed as you are accessing mysqli using the procedural style.
This returns an object of type mysqli_stmt, which then acts as a container for the query you are building. As such, you should pass this as the first parameter to mysqli_stmt_prepare, mysqli_stmt_bind_param and mysqli_stmt_execute.
So your code would look like:
<?php
$con=mysqli_connect("127.0.0.1:3306", "myUsername", "password");
mysqli_select_db($con, "webshop");
if (mysqli_connect_errno($con))
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$stmt = mysqli_stmt_init($con);
$query = "INSERT INTO user (name, email, hash, address, tel) VALUES (?, ?, ?, ?, ?)";
mysqli_stmt_prepare($stmt, $query);
mysqli_stmt_bind_param($stmt, "ssssi", $name, $email, $hash, $address, $tel);
if(mysqli_stmt_execute($stmt))
{
mysqli_close($stmt);
}
?>
One, unrelated point - you appear to be requiring that your tel field (which I presume to be a telephone number) is an integer. This might be a bad idea if you have to handle telephone numbers starting with 0 (common in the UK for example) at any point.
I'm trying to perform a mysql insert operation but for some reasons I get the ugly error:
Call to a member function bind_param() on a non-object in info.php on line 59
the code is:
<?php
$db_usag_down = new mysqli("127.0.0.1","user","XXXXXXXX","down");
$db_usag_full = new mysqli("127.0.0.1","user","XXXXXXXXXX","full");
$insert_query = $db_usag_down->prepare("INSERT INTO Applicant VALUES(?, ?, ?, ?, ?, ?)");
$insert_query->bind_param('issssi', $account_id, $first_name, $last_name, $email, $country, $full_status);
$insert_query->execute();
if ($insert_query->errno) {
echo "FAILURE!!! " . $insert_query->error();
?>
Sample values:
23232, Michael K, Boli Gnawaboli#example.com, Cote D'Ivoire (ivory Coast), 1
Two things I see:
First, and actual error, your INSERT syntax is incorrect. It needs to include a column list and/or VALUES before (?, ?, ...).
Second, your parameter count for bind_param() is incorrect based on your query.
Your mysqli statement object was not correctly created, because the INSERT statement is invalid. You're missing the VALUES keyword:
$insert_query = $db_usag_down->prepare("INSERT INTO Applicant VALUES (?, ?, ?, ?, ?, ?)");
//
Check the error status of your `mysqli` object with `mysqli->error();`
if (!$insert_query) {
echo $db_usag_down->error();
}
You will have other problems too. You have more data types listed in your bind_param than you have variables to bind.
// You have six params, so you should have only six characters in the data types:
// Assumes $full_status is an integer
$insert_query->bind_param('issssi', $account_id, $first_name, $last_name, $email, $country, $full_status);