Reputation: 13
mysqli_stmt::bind_param(): Number of elements in type definition string doesn't match number of bind variables warning
My codes for the prevention of SQL injection isn't working. Can anyone help me?
I'm receiving this warning: Warning: mysqli_stmt::bind_param(): Number of elements in type definition string doesn't match number of bind variables.
Thanks.
$mysqli = new mysqli('localhost', 'root', '', 'Muproj');
$query="INSERT INTO tblmember VALUES (':id', ':uname' , ':passwrd' , ':name' , ':surname' ,':0' )";
$stmt = $mysqli->prepare($query);
$stmt->bind_param(':id', $newid);
$stmt->bind_param(':uname', $C_uname);
$stmt->bind_param(':passwrd', $C_passwrd);
$stmt->bind_param(':name', $C_name);
$stmt->bind_param( ':surname', $C_surname);
$stmt->bind_param(':0', '0');
$stmt->execute();
$result=mysql_query($stmt);
Upvotes: 0
Views: 6418
Answers (1)
Reputation: 22760
you appear to be mixing PDO syntax with MySQLi syntax.
Please read up on http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers
I do not use PDO myself much, but I do use MySQLi, so your references as :something are PDO declarations, but the SQL functions you use are MySQLi.
With a MySQLi bind_param function you need to add all the data into an array-like row (it may actually be an array), but preceeded by a declaration of types, as in String, integer, Double and Blob.
I have rewritten your code in the MySQLi form:
$mysqli = new mysqli('localhost', 'root', '', 'Muproj');
$query="INSERT INTO tblmember VALUES (?, ? , ? , ? , ? ,? )";
$stmt = $mysqli->prepare($query);
$stmt->bind_param("issssi", $newid, $C_uname, $C_passwrd, $C_name, $C_surname, $zero)
$stmt->execute();
//$result=mysqli_query($stmt);
You need to do some serious research as to the differences of approach and formatting and functionality between MySQLi and PDO. Also be careful to maintain ALL your MySQL as MySQLi , as for example your $result was using the deprectated MySQL query statement.
PS: I would also suggest for clarity and forward compatibility that your INSERT statement in the SQL reads as:
INSERT INTO table_name (column_names1, column_name2, column_names3, ...) VALUES (?,?,?, ...)
So you and the SQL can clearly see which values are plugged into which columns.
Upvotes: 3
Related Questions
- mysqli_stmt::bind_param(): Number of elements in type definition string doesn't match number of bind variables
- php, mysqli-stmt.bind-param]: Number of elements in type definition string doesn't match number of bind variables
- mysqli_stmt::bind_param()Number of elements in type definition string doesn't match number
- SQL error :mysqli_stmt::bind_param(): Number of elements in type definition string doesn't match number of bind variables
- mysqli_stmt::bind_param() expects parameter 1 to be string, array given
- PHP Warning: mysqli_stmt::bind_param(): Number of elements in type definition string doesn't match number
- php Error Wrong parameter count for mysqli_stmt::bind_param()
- bind_param error - Number of elements in type definition string doesn't match number of bind variables
- mysqli_stmt_bind_param error - mismatch number of parameters
- mysqli_stmt_bind_param: type mismatch do not raise error