This question already has an answer here:
Closed 10 years ago.
Possible Duplicate:
Cannot use call_user_func_array on mysqli_stmt object
I have a piece of mysqli code which is outputting a warning in this line of code:
if (!$stmt = $mysqli->prepare($questionquery)) {
die("Error preparing statement: $mysqli->error");
}
The warning is:
Warning: Wrong parameter count for mysqli_stmt::bind_param() in ... line 80
Below is main code:
// Make the referenced array
$referencedArray = make_values_referenced(array_merge(
array(str_repeat("ss", $numTerms)), // types
$termArray, // where
$termArray // order by
));
// ...or die() is evil in production but I shall assume we are debuggin so I won't complain
if (!$stmt = $mysqli->prepare($questionquery)) {
die("Error preparing statement: $mysqli->error");
}
// Bind parameters
if (!$stmt->bind_param($referencedArray)) {
die("Error binding parameters: $stmt->error");
}
You can call the method directly:
$stmt->bind_param($referencedArray);
EDIT: Actually I'm mistaken. You need call_user_func_array for variable number of parameters. See this answer for a solution: https://stackoverflow.com/a/5108167/163024
Related
This question already has an answer here:
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
Closed 5 years ago.
I am working on the below code. Why am I not able to run the query properly? I already check the database connection and it is fine
<?php
$sql = "SELECT dt, events, eventtype FROM events";
$stmt = $mysqli->prepare($sql);
$stmt->execute();
$stmt->bind_result($dt,$events,$eventtype);
$stmt->store_result();
if($stmt->num_rows >0) {
$stmt->fetch();
}
else {
echo "Cant Find The data!";
}
$stmt->close();
$mysqli->close();
echo $dt;
echo $events;
echo $eventtype;
?>
getting this error
Fatal error : Call to a member function execute() on boolean in
/srv/disk1/2555378/www/domain.net/index.php on line 113
This means that the variable $mysqli contains a boolean value, probably false.
According to the php docs, http://php.net/manual/en/mysqli.prepare.php, the function mysqli::prepare will return false in case of an error.
You should use the error variable to get more information, like here: http://php.net/manual/en/mysqli.error.php
This question already has an answer here:
Can I use a PDO prepared statement to bind an identifier (a table or field name) or a syntax keyword?
(1 answer)
Closed 5 years ago.
I'm failing to see the problem why I'm getting a pdo error, I'm not missing a simple : or a parameter (since there are only 2)
public function does_stringid_excist($strTable, $strColumn, $strValue)
{
$sql = "SELECT count(1) AS count FROM tblemployer WHERE :strColumn = :strValue";
$this->objDatabase->query($sql); //Makes a prepare with the given sql
// $this->objDatabase->bind_column(':strTable', $strTable);
$this->objDatabase->bind_column(':strColumn', $strColumn); // Uses the `bindColumn()` from PDO
$this->objDatabase->bind_value(':strValue', $strValue); // Uses the `bindValue()` from PDO
$result = $this->objDatabase->single();
return $result['count'];
}
SELECT count(1) AS count FROM `tblemployer` WHERE `employerID` = :strValue" works just fine so the error isn't with the value.
A column is not the same as a table. Youre using bindColumn to bind a table, which does not work.
See: http://php.net/manual/en/pdostatement.bindcolumn.php
This question already has answers here:
Creating default object from empty value in PHP?
(18 answers)
Closed 8 years ago.
I am stuck. I have spent two days looking thru all the references I can find and I can’t figure out why this will not work! I get the error: "Creating default object from empty value." Bellow is my SQL statement and my parameters array.
$sql_insert = "
INSERT INTO vrm_vrd_submission_tbl (vrm_vrd_nmbr_id, vrm_vrd_sub_type_id, vrm_vrd_sub_date, vrm_vrd_min_form_date, vrm_vrd_sub_quantity, county_id, pers_emp_pre_id, election_general_info_id ,vrm_vrd_sub_submitter_name, vrm_vrd_compliance_rules_id)
VALUES(:vrm_vrd_nmbr_id,
:vrm_vrd_sub_type_id,
:vrm_vrd_sub_date,
:vrm_vrd_min_form_date,
:vrm_vrd_sub_quantity,
:county_id,
:pers_emp_pre_id,
:election_general_info_id,
:vrm_vrd_sub_submitter_name,
:vrm_vrd_compliance_rules_id)
";
$sql_parms=array(":vrm_vrd_nmbr_id"=>$vrm_vrd_nmbr_id, ":vrm_vrd_sub_type_id
"=>$data['vrm_vrd_sub_type_id'],
":vrm_vrd_sub_date"=>trim($data['vrm_vrd_sub_date']),
":vrm_vrd_min_form_date"=>trim($data['vrm_vrd_min_form_date']),
":vrm_vrd_sub_quantity"=>trim($data['vrm_vrd_sub_quantity']), ":county_id
"=>$data['county_id'],":pers_emp_pre_id "=>$data['pers_emp_pre_id'],
":election_general_info_id"=>$election_general_info_id,
":vrm_vrd_sub_submitter_name"=>$vrm_vrd_sub_submitter_name,
":vrm_vrd_compliance_rules_id"=> $vrm_vrd_compliance_rules_id);
$ret_val=$db->db_bound_query($sql_insert, $sql_parms);
Method being called in my database class:
public function db_bound_query($qry_str, $parms_array){
$log = new error_log_class;
$db_conn = self::_connect();
if(!$exec_str= $db_conn->prepare($qry_str)){
$log->save_to_log($qry_str,__LINE__,__FILE__,"Failed to perpare.");
}
$val="";
foreach($parms_array as $parm ->$val){
$exec_str->bindParam($parm,$val);
}
$res=$exec_str->execute();
$results= $exec_str->fetchAll(PDO::FETCH_ASSOC);
}
EDIT:
I changed this method to the following as suggensted by #iamsleepy and #MrCode. But I am getting the error I was originally chasing which is "Invalid Parameter number".
public function db_bound_query($qry_str, $parms_array){
$log = new error_log_class;
$db_conn = self::_connect();
if(!$exec_str= $db_conn->prepare($qry_str)){
$log->save_to_log($qry_str,__LINE__,__FILE__,"Failed to perpare.");
}
$res=$exec_str->execute($parms_array );
$results= $exec_str->fetchAll(PDO::FETCH_ASSOC);
return $results;
}
You have a space at the end of this parameter name:
":pers_emp_pre_id "=>$data['pers_emp_pre_id']
^ here
Should be:
":pers_emp_pre_id"=>$data['pers_emp_pre_id']
This question already has answers here:
Reference: What is variable scope, which variables are accessible from where and what are "undefined variable" errors?
(3 answers)
Closed 9 years ago.
The following function is not working and i cannot see why.
function nuevoContacto($_POST) {
try {
include('func/usarBases.php');
$mensaje="INSERT INTO `t_contactos`(`id_c`, `nombre`, `telefono`, `telefono2`, `corto`, `celular1`, `celular2`, `email`, `puesto`, `id_a`) VALUES (NULL,'$_POST[nombre]','$_POST[tel1]','$_POST[tel2]','$_POST[corto]','$_POST[cel1]','$_POST[cel2]','$_POST[email]','$_POST[puesto]','$_POST[id_a]')";
$hacerConsulta = $base->prepare($mensaje);
$hacerConsulta->execute();
}
catch( PDOException $e) {
echo "<p>Error Connection: " .$e->getMessage()."</p>";
}
$hacerConsulta=null;
}
Once it is called the code breaks and nothing further is executed.
but when you use it inside the main code it works
Sorry i reedited the source and then is still not working, in the include usarBases.php is the conector pdo called $base
What it have to be
function nuevoContacto($base)
{
$sql = "INSERT INTO t_contactos VALUES (NULL,?,?,?,?,?,?,?,?,?)";
$data = array(
$_POST['nombre'],
$_POST['tel1'],
$_POST['tel2'],
$_POST['corto'],
$_POST['cel1'],
$_POST['cel2'],
$_POST['email'],
$_POST['puesto'],
$_POST['id_a']
);
$stmt = $base->prepare($sql);
$stmt->execute($data);
}
have to be called with $base as a parameter instead of $_POST
You're lacking a database connection in your function. Add the following to the very beginning of your function:
global $base;
When you add global $base to your function you'll be able to use it within your function without having to re-write the whole thing.
Unrelated note, but worth mentioning.
You are open to SQL injections and you're not using prepared statements as you should. You should be using placeholders and binding them later instead of passing they directly into your query.
And a tip for next time:
State in your question what isn't working. What your expectation is and what actually happens.
This question already has answers here:
How can I prevent SQL injection in PHP?
(27 answers)
Closed 9 years ago.
I have links on my webpage like this: http://test.com/index.php?function=news&id=88
So whenever I put a ' after 88, I get the following error: Warning: mysql_fetch_row() expects parameter 1 to be resource, boolean given in ... line 588
So I read about mysql_real_escape_string(), but I'm getting the ID not posting and I have no clue how should I prevent getting this error.
function news()
{
$query = mysql_query("SELECT * FROM news WHERE id=".$_GET['id']."");
while($news = mysql_fetch_row($query))
{
...
}
}
The easy way is to cast the id to integer, if the id is an integer that is:
$id = (int)$_GET['id'];
But it's strongly recomended to use pdo or mysqli with prepared statements:
http://php.net/manual/en/book.pdo.php
http://php.net/manual/en/book.mysqli.php
You can do a redirect whenever mysql_fetch_row() don't return anything (i.e. because there is no id 89)
Something like:
if (!$row = mysql_fetch_row($result)) {
header(Your error page);
}
Warning: mysql_fetch_row() expects parameter 1 to be resource
This means the the $result = mysql_query(....); call you made before the mysql_fetch_row() failed and resulted FALSE instead of a Resource ( i.e. a handle to the query result );
Look at the query, post it if possible, that is where your problem is.
Your code assumes that the query was successful without checking. For debugging purposes, add an 'or die(mysql_error())' line to the end of the mysql_query() statement.
$query = mysql_query("SELECT * FROM news WHERE id=".$_GET['id']."") or die( mysql_query() );
For more robust error handling in production applications, check the value of $query and log an error if it is false.
if (false === $query ) {
// Log error and/or notify an administrator
}
else {
while($news = mysql_fetch_row($query)) ...
As pointed out in other answers, you should ensure that the value of the id parameter is an integer since your query assumes that it will be. You can do this by casting:
(int)$_GET['id']
or via more robust type checking
if ( !is_numeric( $_GET['id'] ) ) {
// Take appropriate action
}
else {
// Create and execute the query