0

What's going wrong in this script it is giving me error for bind_param 

if(isset($_GET['ID'])){

$page_id = $_GET['ID'];

      $page_id = mysqli_real_escape_string($con, $page_id);



$select_query = $con->prepare("select * from save_data where ID='$page_id'")
    or die(mysqli_error($con)); 

$select_query->bind_param('i', $page_id);

$select_query->execute();

$result = $select_query->get_result();

Getting this error

Warning: mysqli_stmt::bind_param(): Number of elements in type definition string doesn't match number of bind variables in C:\xampp\htdocs\mysql_login\pictures.php on line 23

Improve this question
1
  • If you want to use placeholders, then you do NOT escape the data that will be used for that placeholder. it'll effectively double-escape the data and lead to trouble down the road. Commented Dec 23, 2013 at 14:39

2 Answers 2

Reset to default
5

You are not using a placeholder in your query. You inadvertently put the variable you wish to replace it with instead:

$select_query = $con->prepare("select * from save_data where ID='$page_id'")

should be:

$select_query = $con->prepare("select * from save_data where ID=?")
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2

You want this instead of the line you have:

$select_query = $con->prepare("select * from save_data where ID=?");

In the code you posted you don't use parameter binding at all - you interpolate the variable directly into the SQL string. For parameter binding you need to insert a ? placeholder instead!

Also, please don't use or die(mysqli_error($con) for debugging. That's extremely hacky. Either just let it fail with an exception (mysqli does have an option for this, right?) or write custom wrapper that handles error properly without requiring you repeat the same code every time you perform a query!

Improve this answer

1 Comment

I'd like to know, too. This answer is both correct and informative.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.