Uncaught exception 'mysqli_sql_exception' with message 'No data supplied for parameters in prepared statement'

Question

I am trying to write a query using a prepared statement.

mysqli_report(MYSQLI_REPORT_ALL);

    $query = $conn->prepare("INSERT INTO notification(MessageId,TopicArn,Subject,Message,Timestamp,SignatureVersion,Signature,SigningCertURL,UnsubscribeURL,topicid) 
                VALUES (?, ?, ?, ?, ?,?, ?, ?, ?, ?)");

This throws the following exception

Fatal error: Uncaught exception 'mysqli_sql_exception' with message 'No data supplied for parameters in prepared statement'

Where as the following query works

$query = $conn->prepare("INSERT INTO notification(MessageId,TopicArn,Subject,Message,Timestamp,SignatureVersion,Signature,SigningCertURL,UnsubscribeURL,topicid) 
        VALUES (".$message['MessageId'].", '".$message['TopicArn']."', '".$message['Subject']."', '".$message['Message']."', '".$message['Timestamp']."',".$message['SignatureVersion'].", '".$message['Signature']."', '".$message['SigningCertURL']."', '".$message['UnsubscribeURL']."', ".$topic.")");

I want to use prepared statement with bind_param() function. What is wrong with first query? Please help.

Answer 1

You can bind the data like below.

$stmt = $conn->prepare( $sql );
if( $stmt ){ 
    $stmt->bind_param('issssssssi', $message['MessageId'], $message['TopicArn'],
        $message['Subject'], $message['Message'], $message['Timestamp'],
        $message['SignatureVersion'], $message['Signature'],   $message['SigningCertURL'],
        $message['UnsubscribeURL'] ,$message['UnsubscribeURL']  );
}

You just forgot to add $ infront of the sql please add that and try again.

Answer 2

As I suggested - you need to bind parameters to values before you can execute the sql ~ like this perhaps:

mysqli_report(MYSQLI_REPORT_ALL);
$sql='insert into notification
    (messageid,topicarn,subject,message,timestamp,signatureversion,signature,signingcerturl,unsubscribeurl,topicid) 
    values
    (?, ?, ?, ?, ?,?, ?, ?, ?, ?)';

$stmt = $conn->prepare( sql );
if( $stmt ){
    /* assumed mainly strings other than those with `id` in column name */
    $stmt->bind_param('issssssssi',
        $message['MessageId'],
        $message['TopicArn'],
        $message['Subject'],
        $message['Message'],
        $message['Timestamp'],
        $message['SignatureVersion'],
        $message['Signature'],
        $message['SigningCertURL'],
        $message['UnsubscribeURL'],
        $topic
    );
    $result=$stmt->execute();

    /* Other code */

} else {
    /* investigate why "prepare" method failed */
    echo "Error:";
}