0

I'm trying to create an advanced search in php. The inputs are not required, users can decide if they want to search for a manufacturer or just set the minimum price, etc. I'm trying to save the "s" and "i" for the bind_param in an array, and the variables in another array, then implode them in the bind_param part. This is where I got the problem. The $params implode works fine, but when I'm trying to implode the $vars array, I get the error message that says "Only variables should be passed by reference". It's because if I push a variable to my array, it stores it's value and not the variable itself. I've tried to push them as strings, like '$example', but in this case, when I implode it, got the same message because it's a string. So, how should I store them in the array to be able to use them in the bind_param?

In this example I show only 2 inputs, but ofc I have a lot more.

if ($_SERVER['REQUEST_METHOD'] == 'GET' && isset($_GET['search_button'])) {
    $params[] = "i";
    $vars[] = '$status';
    $sql_search = 'SELECT m.*, u.premium, u.avatar FROM motorcycles m INNER JOIN users u ON u.id = m.userid WHERE status = ?';

    if (isset($_GET['manufacturer_search']) && $_GET['manufacturer_search'] !== "") {
        $manufacturer_search = $_GET['manufacturer_search'];
        $sql_search .= " AND manufacturer LIKE ?";
        array_push($params, 's');
        array_push($vars, '$manufacturer_search');
    }

    if (isset($_GET['min_price']) && $_GET['min_price'] !== "") {
        $min_price = $_GET['min_price'];
        $sql_search .= " AND price >= ?";
        array_push($params, 'i');
        array_push($vars, '$min_price');
    }

    $sql_search .= " ORDER BY u.premium DESC LIMIT ?, ?";
    array_push($params, 'ii');
    array_push($vars, '$this_page_first_result', '$results_per_page');


    $stmt_search = $link->prepare($sql_search);
    $stmt_search->bind_param(implode("", $params), implode(",", $vars));
    $stmt_search->execute();
    $result = $stmt_search->get_result();
}
Improve this question
3
  • 1
    Unless I'm mistaken, you are supposed to provide the variables you want prepared in your statement when calling bind_param, implode however creates a string. Try the following; $stmt_search->bind_param(implode("", $params), ...$vars ); Commented Apr 2, 2021 at 8:41
  • Yes, but the problem is that we don't know how many parameters will the user use in the search, so I can't just put all my variables there. Sometimes the user will use only 1 input, but sometimes 4. I'm trying to make it dynamic, but don't know how to put the variables there. Commented Apr 2, 2021 at 8:44
  • Your edit really solved the problem. Thank you so much. If you write it as an answer, I can accept it. :D Commented Apr 2, 2021 at 8:45

1 Answer 1

Reset to default
1

You should provide the variables you want separately as the last parameter of bind_params, what you are doing is creating a string of all your variables and passing that.

Change

$stmt_search->bind_param(implode("", $params), implode(",", $vars));

To

$stmt_search->bind_param(implode("", $params), ...$vars );

And PHP will take all entries inside your $vars array and pass them as separate parameters of the function.

For more information on this see the Documentation of bind_param, PHP's introduction of the splat operator here and here and some extra information on stack overflow.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.