bind_param getting an error (seems illogical to me)

bind_param getting an error (seems illogical to me) - php

This doesn't seem to make sense to me. Is this ACTUALLY wrong??? I've looked at other people's work, and they have that same type of bind_param as me, like in this example:
php, mysqli-stmt.bind-param]: Number of elements in type definition string doesn't match number of bind variables
I have 23 here, AND 23 values (yes, I counted individually, even pressing enter on dreamweaver to make sure). And to be safe, I even tried with 46:
$stmt= $con->prepare("INSERT INTO form_corpo_test (compagnie, telephone, site_web, texte_fr, texte_en, categories, profil_exposant, stands_du_manufacturier, pourcentage_quebec, pourcentage_canada, pourcentage_usa, pourcentage_autre, exporte, exporte_souhaite, produits_vert, nouveau_produits, nom, courriel, telephone_ressource, personne_ressource_c_toi, autre_personne_ressource, autre_courriel, autre_telephone)
VALUES
('$_POST[company]','$_POST[phone]','$_POST[website]','$_POST[messagefr]','$_POST[messageen]','$str','$_POST[profession]','$_POST[manufacturiers_stand]','$_POST[percent_quebec]','$_POST[percent_canada]','$_POST[percent_usa]','$_POST[percent_autre]','$_POST[bt_export]','$_POST[bt_export_souhaite]','$_POST[bt_prod_verts]','$_POST[bt_new_prod]','$_POST[name]','$_POST[email]','$_POST[resource_phone]','$_POST[personne_ressource]','$_POST[backup_name]','$_POST[backup_email]','$_POST[backup_phone]')");
$stmt->bind_param("sssssssssssssssssssssss", $compagnie, $telephone, $site_web, $texte_fr, $texte_en, $categories, $profil_exposant, $stands_du_manufacturier, $pourcentage_quebec, $pourcentage_canada, $pourcentage_usa, $pourcentage_autre, $exporte, $exporte_souhaite, $produits_vert, $nouveau_produits, $nom, $courriel, $telephone_ressource, $personne_ressource_c_toi, $autre_personne_ressource, $autre_courriel, $autre_telephone);
And then I tried this (since phone numbers are integers)
sissssssiiiissssssisssi
Both outputs THIS error:
Warning: mysqli_stmt::bind_param() [mysqli-stmt.bind-param]: Number of
variables doesn't match number of parameters in prepared statement in
/home/product/public_html/sidim.com/formulaires/processForm-test.php
on line 77
EDIT 3
I have this at the moment:
$con->query("INSERT INTO form_corpo_test SELECT * FROM *");
$stmt = $con->prepare("INSERT INTO form_corpo_test VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)");
$stmt->bind_param('sissssssiiiissssssisssi', $compagnie, $telephone, $site_web, $texte_fr, $texte_en, $categories, $profil_exposant, $stands_du_manufacturier, $pourcentage_quebec, $pourcentage_canada, $pourcentage_usa, $pourcentage_autre, $exporte, $exporte_souhaite, $produits_vert, $nouveau_produits, $nom, $courriel, $telephone_ressource, $personne_ressource_c_toi, $autre_personne_ressource, $autre_courriel, $autre_telephone); // bind $compagnie etc. to the parameter
This still errors this outputs
Fatal error: Call to a member function bind_param() on a non-object in
/home/product/public_html/******/*******/processForm-test.php on line
83
This refers to this:
$stmt->bind_param('sissssssiiiissssssisssi', $compagnie, $telephone, $site_web, $texte_fr, $texte_en, $categories, $profil_exposant, $stands_du_manufacturier, $pourcentage_quebec, $pourcentage_canada, $pourcentage_usa, $pourcentage_autre, $exporte, $exporte_souhaite, $produits_vert, $nouveau_produits, $nom, $courriel, $telephone_ressource, $personne_ressource_c_toi, $autre_personne_ressource, $autre_courriel, $autre_telephone); // bind $compagnie etc. to the parameter
If there is anything wrong so far, lemme know by all means. I will check out u_mulder's posts more in depth now.

In php manual it is shown how to bind params:
$stmt = mysqli_prepare($link, "INSERT INTO CountryLanguage VALUES (?, ?, ?, ?)");
mysqli_stmt_bind_param($stmt, 'sssd', $code, $language, $official, $percent);
See that question marks? Every question mark will be replaced with a parameter from bind_param. So, your query should look like:
$stmt= $con->prepare("INSERT INTO form_corpo_test (compagnie,... autre_telephone) VALUES (?, ?, ?, ?, ?, ?, ?, ....."); // 26 ?-signs
$stmt->bind_param("sssssssssssssssssssssss", $compagnie, $telephone.. ); // your params here

Related

mySql and php add to database

I've been stuck on this for hours. I have to manipulate a database with a website using php. I'm trying to add data from a form to my database but it gives me :
PDOStatement::execute(): SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens in...
This is what's creating the problem.
$sqlQuery = 'INSERT INTO succursale(adresse, ouverture, fermeture, ouvert_raison) VALUES (:adresse, :ouverture, :fermeture, :ouvert_raison)';
$req = $conn->prepare($sqlQuery);
$req-> execute(array($_POST['adresse'], $_POST['ouverture'], $_POST['fermeture'], $_POST['ouvert_raison']));;
I've looked for people with a similar problem but the answers given do not match with my situation.

You are using named placeholder in your prepared statement. This means you'll need to pass those as an associative index. Otherwise the statement will not know which value to bind to the placeholder
$req-> execute(array(
':adresse' => $_POST['adresse'],
':ouverture' => $_POST['ouverture'],
':fermeture' => $_POST['fermeture'],
':ouvert_raison' => $_POST['ouvert_raison'],
));
If you don't want to do this, you can change the named placeholders to a ?
$sqlQuery = 'INSERT INTO succursale(adresse, ouverture, fermeture, ouvert_raison) VALUES (?, ?, ?, ?)';

My php program is inserting 0 instead of a string in one of the fields

Im making an Api in PHP to make a crud in android studio, and I need to insert or update 4 fields in the database, but one of them is always inserting 0 instead of the string I pass (One of the fields is varchar, and the other 3 are texts, and just one of the texts is inserting 0)
Code in php:
function createComponente($nome, $descricao, $riscos, $descarte){
$stmt = $this->con->prepare("INSERT INTO componente (nome, descricao, riscos, descarte) VALUES (?, ?, ?, ?)");
$stmt->bind_param("ssis", $nome, $descricao, $riscos, $descarte);
if($stmt->execute())
return true;
return false;
}
Code in the Api that calls the function:
$result = $db->createComponente(
$_POST['nome'],
$_POST['descricao'],
$_POST['riscos'],
$_POST['descarte']
);
The program returns everything right, and inserts right, but the third field(riscos) always comes with a 0 instead of the string I pass.
(nome is varchar and the rest is text)

you were binding one value as an integer, when you actually wanted a string, so php had cast it to 0
$stmt->bind_param("ssis", $nome, $descricao, $riscos, $descarte);
needs to be
$stmt->bind_param("ssss", $nome, $descricao, $riscos, $descarte);

What am I missing that is causing: Commands out of sync; you can't run this command now?

The $recruitcheck/$badgecheck actually works, and it returns correctly, and it provides the verified echo, but I assume I am doing something incorrect with the store/bind/close stuff, as I am having some trouble figuring out exactly how it works.
The problem arises with the $emailcheck/$namecheck because it does not accurately return the query, and it sort of ends up bypassing to the $register phase where it returns the error echo, so $emailcheck/$namecheck are always false/0.
I had it working before, but I am trying to implement some security features, thus I added prepared statements, and I barely knew what I was doing before adding those, so I apologize if this question is not appropriate, or it is not enough information. If you comment, I will edit the post to be more relevant. Please, give me chance.
$recruitcheck = mysqli_prepare($maindb, "SELECT aurapass, recruitbadge FROM auras WHERE auraname = ?");
mysqli_stmt_bind_param($recruitcheck, "s", $recruitername);
mysqli_stmt_execute($recruitcheck);
mysqli_stmt_bind_result($recruitcheck, $passcheck, $badgecheck);
mysqli_stmt_fetch($recruitcheck);
if($passcheck == $recruitpass){
if($badgecheck == "valid"){
mysqli_close($recruitcheck);
echo "<script>alert('Recruiter badge verified.')</script>";
$emailcheck = mysqli_prepare($maindb, "SELECT * FROM auras WHERE email = ?");
mysqli_stmt_bind_param($emailcheck, "s", $email);
mysqli_stmt_execute($emailcheck);
mysqli_stmt_fetch($emailcheck);
$namecheck = mysqli_prepare($maindb, "SELECT * FROM auras WHERE auraname = ?");
mysqli_stmt_bind_param($namecheck, "s", $auraname);
mysqli_stmt_execute($namecheck);
mysqli_stmt_fetch($namecheck);
if(mysqli_num_rows($emailcheck)>0 || mysqli_num_rows($namecheck)>0){
die("<script>alert('New auraname/email is already taken.')</script>");
}
else{
mysqli_close($emailcheck);
mysqli_close($namecheck);
if($email == $emailconfirm){
$register = mysqli_prepare($maindb, "INSERT INTO auras (recruitername, recruitmethod, email, birthday, country, gender, auraname) VALUES (?, ?, ?, ?, ?, ?, ?)");
mysqli_stmt_bind_param($register, "sssisss", $recruitername, $recruitmethod, $email, $birthday, $country, $gender, $auraname);
mysqli_stmt_execute($register);
mysqli_close($register);
if(!$register) {
echo mysqli_error($maindb);
die("<script>alert('Error returned during registration: See bottom of page.')</script>");
}
else{
die("<script>alert('New aura registered successfully!')</script>");
$passcheck/$badgecheck are simply bind variables, and the only places they are called is where you see them here. Otherwise:
$recruitpass = cleaninput($_POST["recruitpass"]);
and
function cleaninput($info) {
$info = trim($info);
$info = stripslashes($info);
$info = htmlspecialchars($info);
return $info;}
The recruitcheck actually works, as it changes with incorrect versus correct input, but the code does not properly move on to the next checks.

You call mysqli_close() for $emailcheck and $namecheck queries before you call mysqli_num_rows() on them.

"Object of class mysqli could not be converted to string" error in php insert

When I run this code I get the error "Object of class mysqli could not be converted to string" on the line where I declare a new mysqli object. I can't find the error no matter how many times I read it over.
if(isset($_SESSION['username']))
{
echo $_POST['course'],
$mysqli = new mysqli("localhost","sec_user","Uzg82t=u%#bNgPJw","GPA_Tracker");
$user = $_SESSION['username'];
$stmt = $mysqli->prepare("INSERT into assessment_type (username, courseID, assessment, percentage) VALUES (?, ?, ?, ?)");
$stmt->bind_param('ssss', $user, $_POST['course'], $_POST['assesment'], $_POST['percentage']);
$stmt->execute();
}

As noted in the comments, this is where you have the problem:
echo $_POST['course'], //notice the comma, rather than a semi-colon ";"
$mysqli = new mysqli("localhost","sec_user","Uzg82t=u%#bNgPJw","GPA_Tracker");
The echo statement/construct accepts a comma-separated list of statements, hence coming across the , it thinks the next statement following it is also to be echoed. As it turns out, that next statement is an object-creation statement, whereas echo accepts only strings.
To fix the error, properly close your echo $_POST['course'] with a semicolon like below:
echo $_POST['course'];

Insert_id is null when used directly in next prepared statement

Finally getting around to learning prepared statements. I'm getting a maddening error when trying to run a pair of simple inserts:
$p_stmt = $mysqli->prepare("INSERT INTO ww_pages (page_key) VALUES (?)");
$p_stmt->bind_param('s', $page_key);
$p_stmt->execute();
$pv_stmt = $mysqli->prepare("INSERT INTO ww_page_versions (page_id, page_title, page_content, version_notes, version_timestamp) VALUES (?, ?, ?, ?, ?)");
$pv_stmt->bind_param('issss', $p_stmt->insert_id, $page_title, trim($_POST["page_content"]), trim($_POST["version_notes"]), date("Y-m-d H:i:s"));
$pv_stmt->execute();
echo $pv_stmt->error;
The echo $pv_stmt->error; gives this error: Column 'page_id' cannot be null
As I'm sure you can interpret, I'm trying to assign page_id the insert_id of the first statement. I'm 100% sure that this value is non-null, and returns an integer value. I tested it directly with this:
echo "NEW ID: ".$p_stmt->insert_id."::".is_int($p_stmt->insert_id);
The output? NEW ID: 13::1
What am I doing wrong? Why am I getting "column cannot be null" when the column isn't null? The only solutions I can find online are involving unexpectedly null values.

The solution to this problem is to save the value of the property $p_stmt->insert_id in a variable and bind that variable instead. You have to do the same for trim() and date() anyway, albeit for different reasons.
$insert_id = $p_stmt->insert_id;
$page_content = trim($_POST["page_content"]);
$version_notes = trim($_POST["version_notes"]);
$date = date("Y-m-d H:i:s");
$pv_stmt->bind_param('issss', $insert_id, $page_title, $page_content, $version_notes, $date);
As of PHP 8.1, you can also bind by value when you pass all values as an array to execute(). No temporary variables are needed.
$pv_stmt = $mysqli->prepare("INSERT INTO ww_page_versions (page_id, page_title, page_content, version_notes, version_timestamp) VALUES (?, ?, ?, ?, ?)");
$pv_stmt->execute([$p_stmt->insert_id, $page_title, trim($_POST["page_content"]), trim($_POST["version_notes"]), date("Y-m-d H:i:s")]);
Explanation of why binding insert_id doesn't work
The reason why binding mysqli_stmt::insert_id results in a value NULL becomes a little bit more clear on PHP 8.1. Since this version, PHP has added property types to most of built-in classes, even for properties that aren't true properties but are __get() calls instead. With PHP 8.1 you get the following error:
Fatal error: Uncaught Error: Cannot access uninitialized non-nullable property mysqli_stmt::$insert_id by reference
PHP claims that the property is uninitialized and you can't have a reference to an uninitialized property. You can mimick the same behaviour with this code:
class A {
public int $insert_id;
}
$a = new A();
$stmt = $mysqli->prepare('SELECT ?');
$stmt->bind_param('s', $a->insert_id);
$stmt->execute();
For the same reason, assignment by reference to a variable would not work:
$foo =& $p_stmt->insert_id;
But you might ask, how can the property be uninitialized when you can read its value without any issue. The answer is because internally these properties are implemented using function calls in PHP, similar to __get() magic method. The value is read from the internal memory of mysqlnd, not from the property itself. Properties of mysqli are just a facade to the underlying client library mysqlnd.

Put the value of insert_id into a temporary variable and bind that variable instead.
$p_stmt = $mysqli->prepare("INSERT INTO ww_pages (page_key) VALUES (?)");
$p_stmt->bind_param('s', $page_key);
$p_stmt->execute();
$insert_id = $p_stmt->insert_id;
$pv_stmt = $mysqli->prepare("INSERT INTO ww_page_versions (page_id, page_title, page_content, version_notes, version_timestamp) VALUES (?, ?, ?, ?, ?)");
$pv_stmt->bind_param('issss', $insert_id, $page_title, trim($_POST["page_content"]), trim($_POST["version_notes"]), date("Y-m-d H:i:s"));
$pv_stmt->execute();

We Keep Coding

PHP, A popular general-purpose scripting language that is especially suited to web development.

bind_param getting an error (seems illogical to me) - php

Related

mySql and php add to database

My php program is inserting 0 instead of a string in one of the fields

What am I missing that is causing: Commands out of sync; you can't run this command now?

"Object of class mysqli could not be converted to string" error in php insert

Insert_id is null when used directly in next prepared statement

Categories

Resources