CODEWITHSUNDEEP
phpmysqlmysqli
octopusgrabbus
octopusgrabbus

Reputation: 10695

Why does prepared statement cause wrong number of parameters in bind?

I am getting the

mysqli_stmt_bind_param(): Number of variables doesn't match number of parameters

warning

From the following statement:

mysqli_stmt_bind_param($stmt, "ss", $str_addr_no, $str_addr);

I've looked around for where ... like examples, and cannot see what is wrong with my syntax.

$link = mysqli_connect("localhost","fred","password","h2o_amr");

$str_addr_no = $_REQUEST['meter_street_number'];
$str_addr    = $_REQUEST['meter_street_address'];

$stmt = mysqli_stmt_init($link);
mysqli_stmt_prepare($stmt, "select w.* from water w where w.mtr_addr_no like '?%' and w.mtr_addr_str like '?%' "))

mysqli_stmt_bind_param($stmt, "ss", $str_addr_no, $str_addr);

Is there a way to get PHP to reveal or to examine the prepared statement to see how many parameters were actually prepared?

Upvotes: 0

Views: 339

Answers (1)

Marc B
Marc B

Reputation: 360842

You quoted your placeholders: '?%', which turns them into strings, not placeholders. A placeholder must be a BARE ? character:

SELECT ... WHERE foo = ? // OK
SELECT ... WHERE Foo = '?' // no parameters here, just a string

For a wildcarded LIKE query, you have to resort to hacks:

SELECT ... WHERE foo LIKE CONCAT('%', ?)

Upvotes: 4

Related Questions