I'm doing SQL queries in prepared statements(MySQLi)
This is the query
$register = $friend_zone->prepare("INSERT INTO users (name, username, password, email, security_answer, date, user_level, security_question) VALUES(?, ?, ?, ?, ?, ?, ?, ?)");
$register->bind_param($name, $username, $password, $email, $security_answer, $date, $user_level, $security_question);
$register->execute();
Im getting a warning
Warning: mysqli_stmt::bind_param(): Number of elements in type definition string doesn't match number of bind variables in /var/www/includes/functions.php on line 152 Notice: Undefined variable: result in /var/www/includes/functions.php on line 159
Can someone help?
You are using the bind_param() function wrong. The first parameter is a string containing the data types. For example:
$register->bind_param('ssssssis', $name, $username, $password, $email, $security_answer, $date, $user_level, $security_question);
Each letter corresponds to it's respective variable. s is for strings and i is for integers. There are some other ones available too.
Try:
$register = $friend_zone->prepare("INSERT INTO users (name, username, password, email, security_answer, date, user_level, security_question) VALUES(?, ?, ?, ?, ?, ?, ?, ?)");
$register->execute( array($name, $username, $password, $email, $security_answer, $date, $user_level, $security_question) );
Related
This is my current statement. Everything was working fine until I added the key
Key is just a generated hash for the user to activate the account.
$stmt = $mysqli->prepare("INSERT INTO Account (accountUsername,accountPassword,accountEmail,accountActivate,accountKey) VALUES (?, ?, ?,?,?)");
$stmt->bind_param('sssiss', $username, $newPassword, $email,0,$key,time());
When I'm doing this code I'm getting an error.
Cannot pass parameter 5 by reference
Do you know what could be the issue?
Thanks!
Edit Code:
$stmt = $mysqli->prepare("INSERT INTO Account (accountUsername,accountPassword,accountEmail,accountActivate,accountKey,accountCreated) VALUES (?, ?, ?,?,?,?)");
$stmt->bind_param('sssisi', $username, $newPassword, $email,0,$key,$time);
http://i.stack.imgur.com/Th5tl.png
If you use bind_param that 0 needs to be in a variable since bind_param passes by reference.
$somevar=0;
$stmt = $mysqli->prepare("INSERT INTO Account (accountUsername,accountPassword,accountEmail,accountActivate,accountKey) VALUES (?, ?, ?, ?,?,?)");
$stmt->bind_param('sssiss', $username, $newPassword, $email,$somevar,$key,$time);
I'm trying out using prepared statements for the first time and running into the following issue with the below code
Error :
Warning: mysqli_stmt_bind_param() expects parameter 1 to be
mysqli_stmt, boolean given
Code :
$stmt = mysqli_prepare($db, "INSERT INTO fragrances(name, description, essentialoils, topnotes, middlenotes, basenotes, reference, year, type, price, fragrancehouse, triangle, extractname, extractreference, extractprice, extractfragrancehouse, disccolour, collarcolour, actuatorcolour)
VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
mysqli_stmt_bind_param($stmt, 'sssssssssssssssssss', $name, $description, $essentialoils, $topnotes, $middlenotes, $basenotes, $reference, $year, $type, $price, $fragrancehouse, $triangle, $extractname, $extractreference, $extractprice, $extractfragrancehouse, $disccolour, $collarcolour, $actuatorcolour);
mysqli_stmt_execute($stmt);
I've looked at many different questions on here and none of their solutions seem to apply for my problem, does anyone know what the issue is?
$stmt becomes a boolean only when mysqli_prepare returns false.
When this happens it means it failed to prepare the query therefore you need to check for errors:
$stmt = mysqli_stmt_init($db);
if (mysqli_stmt_prepare($stmt, 'INSERT INTO fragrances VALUES...')) {
//it's all good bind and execute here
}else{
//we have a problem
printf("Errormessage: %s\n", mysqli_error($db));
}
The error message means your mysqli_prepare returned a boolean (and for your case, it returned false).
You need to replace all your field name by the character ? to make your prepared statement. This is how it works.
See example in the official documentation
EDIT See also mysqli_error , which will detail your error. In fact, you should always check a variable before using it:
$stmt = mysqli_prepare($db, "....");
if(!$stmt)
echo mysqli_error($db); // display error only for debug. Avoid this in production
It means your SQL was invalid because the prepare is returning false;
Your SQL should be;
$stmt = mysqli_prepare($db, "INSERT INTO fragrances VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? )");
Each ? is to show where each parameter needs to be bound respectively.
Your INSERT statement is invalid: VALUES clause must be with ? in parantheses (and after field names in parentheses). Also good practice is to check $stmt after assigning:
$stmt = mysqli_prepare($db,
"INSERT INTO fragrances (name, description, essentialoils, topnotes, middlenotes, basenotes, reference, year, type, price, fragrancehouse, triangle, extractname, extractreference, extractprice, extractfragrancehouse, disccolour, collarcolour, actuatorcolour)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
if ($stmt) {
mysqli_stmt_bind_param($stmt, 'sssssssssssssssssss', $name, $description, $essentialoils, $topnotes, $middlenotes, $basenotes, $reference, $year, $type, $price, $fragrancehouse, $triangle, $extractname, $extractreference, $extractprice, $extractfragrancehouse, $disccolour, $collarcolour, $actuatorcolour);
mysqli_stmt_execute($stmt);
// ...
} else
printf("Error: %s\n", mysqli_error($db));
I was always using normal querys for inserting data into the database but now I want to make it with prepared statements. I'm already using statements to select data in all my files but insert never worked... And now I ran out of ideas again. Maybe someone can see what I did wrong.
$animeId = $_POST['animeId'];
$username = $_POST['username'];
$rating = $_POST['rating'];
$story = $_POST['story'];
$genre = $_POST['genre'];
$animation = $_POST['animation'];
$characters = $_POST['characters'];
$music = $_POST['music'];
//Datum auslesen
$date = date("Y-m-d H:i:s");
if($insertRating = $con->prepare("INSERT INTO anime_rating (animeId, rating, story, genre, animation, characters, music, user, date) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?"))
{
$insertRating->bind_param("iiiiiiiss", $animeId, $rating, $story, $genre, $animation, $characters, $music, $username, $date);
$insertRating->execute();
$insertRating->close();
}
You have an errant comma in your query:
music, user,) VALUES (?, ?, ?, ?, ?, ?, ?
^^^
HERE
It should be
music, user) VALUES (?, ?, ?, ?, ?, ?, ?
In the statement:
INSERT INTO anime_rating (
animeId,
rating,
story,
genre,
animation,
characters,
music,
user /* 8 columns */)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?") /* 10 parameters */
There are 8 columns listed to insert values into and 10 parameters specified in the values section. Also as pointed out there is the extra comma in the list of values.
The number of columns must match the number of parameters and the number of parameters binding in the following statement:
`$insertRating->bind_param("iiiiiiiss", $animeId, $rating, $story, $genre, $animation, $characters, $music, $username, $date);`
Two errors in the statement:
INSERT INTO anime_rating (animeId, rating, story, genre, animation, characters, music, user,) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?"
^ here and ^ ^
remove the comma
add a closing parentheses before the end of the string.
remove one ,?
Furthermore you should chop one is from the binding:
$insertRating->bind_param("iiiiiiss", $animeId, $rating, $story, $genre, $animation, $characters, $music, $username, $date);
if($insertRating = $con->prepare("INSERT INTO anime_rating (animeId, rating, story, genre, animation, characters, music, user, date) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?"))
The last (") should be placed after the first ) at the end
New code:
if($insertRating = $con->prepare("INSERT INTO anime_rating (animeId, rating, story, genre, animation, characters, music, user, date) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)")
I have tried several ways to use parameterized statements but I still keep having issues.
At first I tried parameterized statements:
$dbc = new PDO("mysql:host=localhost;dbname=the_name", 'the_login', 'the_pass');
$query = $dbc->prepare('INSERT INTO req_form (lname, fname, email, address, city, state, zip, phone, affiliation, role, ip_address, abc, ace, carr, ema, tuac, olatc_temp) values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)');
$query->execute(array($lname, $fname, $email, $addr, $city, $state, $zip, $phone, $affiliation, $prof_role, $_SERVER['REMOTE_ADDR'], enum($abc), enum($ace), enum($carr), enum($ema), enum($tuac), enum($last)));
but got "PHP Fatal error: Call to a member function prepare() on a non-object"
Now I've tried:
$conn = new mysqli('localhost', 'the_login', 'the_password', 'the_name');
$sql = 'INSERT INTO req_form (lname, fname, email, address, city, state, zip, phone, affiliation, role, ip_address, abc, ace, carr, ema, tuac, olatc_temp) values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)';
$query = $conn->prepare($sql);
$query->bind_param('ssssssissssssssss', $lname, $fname, $email, $addr, $city, $state, $zip, $phone, $affiliation, $prof_role, $_SERVER['REMOTE_ADDR'], enum($abc), enum($ace), enum($carr), enum($ema), enum($tuac), enum($last));
$query->execute();
I still get the error, am I possibly using a reserve name in my insert statement?
EDIT (added the enum function):
function enum($ar){
if(count($ar)>1)
return 'BOTH';
else
return $ar;
}
EDIT (output of mysqli section of phpinfo():
mysqli
MysqlI Support enabled
Client API library version mysqlnd 5.0.8-dev - 20102224 - $Id: SOME_VALUE_WAS_HERE $
Active Persistent Links 0
Inactive Persistent Links 0
Active Links 0
Directive Local Value Master Value
mysqli.allow_local_infile On On
mysqli.allow_persistent On On
mysqli.default_host no value no value
mysqli.default_port 3306 3306
mysqli.default_pw no value no value
mysqli.default_socket no value no value
mysqli.default_user no value no value
mysqli.max_links Unlimited Unlimited
mysqli.max_persistent Unlimited Unlimited
mysqli.reconnect Off Off
When I put var_dump($conn) right after the first line it prints stuff out, if I put it right above the $conn->prepare it displays NULL
I'm trying to perform a mysql insert operation but for some reasons I get the ugly error:
Call to a member function bind_param() on a non-object in info.php on line 59
the code is:
<?php
$db_usag_down = new mysqli("127.0.0.1","user","XXXXXXXX","down");
$db_usag_full = new mysqli("127.0.0.1","user","XXXXXXXXXX","full");
$insert_query = $db_usag_down->prepare("INSERT INTO Applicant VALUES(?, ?, ?, ?, ?, ?)");
$insert_query->bind_param('issssi', $account_id, $first_name, $last_name, $email, $country, $full_status);
$insert_query->execute();
if ($insert_query->errno) {
echo "FAILURE!!! " . $insert_query->error();
?>
Sample values:
23232, Michael K, Boli Gnawaboli#example.com, Cote D'Ivoire (ivory Coast), 1
Two things I see:
First, and actual error, your INSERT syntax is incorrect. It needs to include a column list and/or VALUES before (?, ?, ...).
Second, your parameter count for bind_param() is incorrect based on your query.
Your mysqli statement object was not correctly created, because the INSERT statement is invalid. You're missing the VALUES keyword:
$insert_query = $db_usag_down->prepare("INSERT INTO Applicant VALUES (?, ?, ?, ?, ?, ?)");
//
Check the error status of your `mysqli` object with `mysqli->error();`
if (!$insert_query) {
echo $db_usag_down->error();
}
You will have other problems too. You have more data types listed in your bind_param than you have variables to bind.
// You have six params, so you should have only six characters in the data types:
// Assumes $full_status is an integer
$insert_query->bind_param('issssi', $account_id, $first_name, $last_name, $email, $country, $full_status);