Adamski
Reputation: 6019
php,mysql prepared statements
function addAlbum($album){
$connection = mysqli_connect(HOST,USER,PASS,DATABASE);
$stmt = mysqli_prepare($connection,'INSERT INTO `'.TABLE_ALBUMS.'` (albumName) VALUES (":album")');
mysqli_stmt_bind_param($stmt,':album');
$result = mysqli_stmt_execute($stmt);
if($result){
return true;
} else {
return false;
}
}
i get this error:
mysqli_stmt_bind_param() [function.mysqli-stmt-bind-param]: Number of elements in type definition string doesn't match number of bind variables
any help would be greatly appreciated.
Upvotes: 0
Views: 182
Answers (1)
ajreal
Reputation: 47321
You have mix both procedural style and Object oriented style
So, either use entirely in procedural style or vice versus
$sql = 'INSERT INTO '.TABLE_ALBUMS.' (albumName) VALUES (?)';
$connection = mysqli_connect(HOST,USER,PASS,DATABASE); <- procedural style
$stmt = mysqli_prepare($connection, $sql); <- procedural style
mysqli_stmt_bind_param($stmt, 's', $album); <- procedural style
$result = mysqli_stmt_execute($stmt); <- procedural style
...
Upvotes: 3