CODEWITHSUNDEEP
phpmysqliprepared-statement
Prakash
Prakash

Reputation: 113

Fatal error: Call to undefined function bind_param()

I want to retrieve student name from database using mysql LIKE, i have following form

  <form action="search.php" method="POST">
        <input type="text" name="search" id="search-input">
        <input type="submit" value="Submit" id="submit">
  </form>

And my search.php

<?php 
        require_once 'db.php';
        if (isset($_POST['search']) && !empty($_POST['search'])) {
            $search_param = trim($_POST['search']);

            $slct_search = $db->prepare("SELECT student_name FROM student_details WHERE student_name LIKE ?") or die($db->error);
            $slct_search = bind_param('s', $search_param);
            $slct_search->execute();        
            $res = $slct_search->get_result();  
            if($res->num_rows) {            
                while ($result = $res->fetch_object()) {
                    echo $result->student_name;
                }
            } else {
                echo 'OOPS we had a problem';
            }   
        }
    ?>

When I click the submit button i am receiving following error

Fatal error: Call to undefined function bind_param() in F:\xampp\htdocs\sel\search.php on line 7

Upvotes: 1

Views: 5812

Answers (2)

Himself
Himself

Reputation: 11

Please use - > for the bind_param

Use this $slct_search - >bind_param

Instead of this $slct_search = bind_param

Upvotes: 1

SuperDJ
SuperDJ

Reputation: 7661

Have you tried: 

$slct_search->bind_param('s', $search_param);

Also note that you might use trim() but it still leaves you open to SQL-injection. Try to do someting like:

$db->real_escape_string( trim( $_POST['search'] ) );

Read about some other escapeing here:

Upvotes: 5

Related Questions