PHP Prepared statement error "Number of bind parameters do not match number of number of fields in prepared statement

Question

Im trying to use a prepared statement for a query. The code is as follows

<?php
$studentrollno=1;
$studentclass=10;
$studentsection='A';
$host="localhost";
$dbName="school_election_db"
    $conn=new mysqli_connect($host,dbName); 
    if(conn->connect_error())
    {
        echo "error occured";
    }
    else
    {
        $stmt="SELECT * FROM voting_details where studentrollno=? and 
    studentclass=? and studentsection=?";
    $conn->bind_param($studentrollno,$studentclass,$studentsection);
    $result=$conn->execute();
    if(result==true)
    {
    echo "login succesfull";
    }
    else
    {
    echo "Please try again";
    }
    ?>

The error is around the mysqli query but i'm not able to figure out the error.It work properly when i used normal statements with procedural PHP.But i read that the normal way to do it was using OOP and prepared statements. The error i'm getting is "mysqli_bind_param():: The number of elements in the statement does not match the number of bound parameters".

Answer 1

You should use prepare

$dbName="school_election_db"
$conn=new mysqli_connect($host,dbName); 
if(conn->connect_error())
{
    echo "error occured";
}
else
{
    $stmt=  $conn->prepare("SELECT * 
        FROM voting_details 
        where studentrollno = ? 
        and  studentclass = ?
      and studentsection = ? ") ;
$stmt->bind_param('iis',$studentrollno,$studentclass, $studentsection);
$result=$stmt->execute();
if($result==true)
{
echo "login succesfull";
}
else
{
echo "Please try again";
}
?>