Prepared MySQLi statements

Question

I've always used PDO statements, but for some reason I can't persuade the server guy to install PDO for php, but I do have MySQLi, I have no clue what I'm doing wrong, I do not get a connection error and I do not get a query error no matter how I try to output one. Here's what I'm doing.

include 'MySQLiConnect.php';

if($stmt = $mysqli->prepare("SELECT * FROM zipCodeTable WHERE zip_code = ?")){

    $stmt->bind_param("s", '07110');

    $stmt->execute();

    $stmt->bind_result($resultsArray);

    $stmt->fetch();

    foreach($resultsArray as $columnData){

        $matchingZipcode = $columnData['zip_code'];
        $matchingTimezone = $columnData['time_zone'];
    }       

    $stmt->close();


}

echo $matchingZipcode.', '.$matchingTimezone;

This is basically just to confirm a users zipcode, never used MySQLi prepared statements before, I tryed to do it straight from the manual, not sure what I'm doing wrong. Thank you for taking the time to read this.

Answer 1

You're trying to "bind" a literal string. You can't do this. You must bind a variable.

Change

$stmt->bind_param("s", '07110');

To

$string = '07110';

$stmt->bind_param("s", $string);

Also, when you bind a result you must provide a variable for each field returned.

For example:

$stmt->bind_result($zipCode, $timeZone);

This is slightly problematic when using SELECT *. You might be interested in checking out this comment for how you might want to go about it: http://www.php.net/manual/en/mysqli-stmt.bind-result.php#85470