Reputation: 764
bind_param error - Number of elements in type definition string doesn't match number of bind variables
I have an array that I am preparing for a SQL query, so following the steps to make it secure as possible. Attempting the following:
First I implode the array - I want the string result to come out as 'string1','string2','string3' and so on:
$in = "'" . implode("','", array_fill(0, count($finalArray), '?')) . "'";
I make my query:
$query = <<<SQL
UPDATE products SET `Status` = 'Reserved' WHERE `SerialNumber` in ($in);
SQL;
$query = <<<SQL
And prepare the statement variable:
$statement = $mysqli->prepare($query);
Then I attempt a bind_param with str_repeat, and this is where things go wrong:
$statement->bind_param(str_repeat('\'s\',', count($finalArray)), ...$finalArray);
I get:
mysqli_stmt::bind_param(): Number of elements in type definition string doesn't match number of bind variables
Does anyone know why I am getting this and how I can resolve it?
Upvotes: 1
Views: 389
Answers (1)
Reputation: 41885
Looking at your dynamic creating of your placeholders:
$in = "'" . implode("','", array_fill(0, count($finalArray), '?')) . "'";
So seem to have creating them with ' quotations. Placeholders do not need quotations.
$in = implode(',', array_fill(0, count($finalArray), '?'));
$query = "UPDATE products SET Status = 'Reserved' WHERE SerialNumber IN ($in)";
$statement = $mysqli->prepare($query);
Then, in assigning types, you don't need them quoted also:
$statement->bind_param(str_repeat('s', count($finalArray)), $finalArray);
Sidenote: Take note that you'll also having to dynamically call bind_param thru call_user_func_array() since you're going to use an array. This part discusses it thoroughly.
Though I'd suggest/prefer to use PDO's ->execute():
$pdo = new PDO('mysql:host=localhost;dbname=DATABASE NAME', 'username', 'password');
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$in = implode(',', array_fill(0, count($finalArray), '?'));
$query = "UPDATE products SET Status = 'Reserved' WHERE SerialNumber IN ($in)";
$statement = $pdo->prepare($query);
$statement->execute($finalArray);
Another way with using Reflection:
$in = implode(',', array_fill(0, count($finalArray), '?'));
$type = str_repeat('s', count($finalArray));
$query = "UPDATE products SET Status = 'Reserved' WHERE SerialNumber IN ($in)";
$statement = $mysqli->prepare($query);
$ref = new ReflectionClass('mysqli_stmt');
$method = $ref->getMethod('bind_param');
array_unshift($finalArray, $type); // prepend the 'sss' inside
$method->invokeArgs($statement, $finalArray);
$statement->execute();
Upvotes: 1
Related Questions
- mysqli_stmt::bind_param(): Number of elements in type definition string doesn't match number of bind variables
- php, mysqli-stmt.bind-param]: Number of elements in type definition string doesn't match number of bind variables
- mysqli_stmt::bind_param()Number of elements in type definition string doesn't match number
- Why am I receiving a bind parameter issue?
- SQL error :mysqli_stmt::bind_param(): Number of elements in type definition string doesn't match number of bind variables
- mysqli bind parameter error
- mysqli_stmt_bind_param(): Number of variables doesn't match number of parameters in prepared statement in bind param
- mysqli_stmt::bind_param(): Number of elements in type definition string doesn't match number of bind variables warning
- bind_param difficulties
- PHP bind_param error