-1

This has been resolved thanks to raina77ow. The from and to were messing the prepared statement up.

I have looked over this for the past 6 hours and I can not get this parametrized statement to work. However i have other parametrized statements that are working which look exactly like this. I know there is something wrong with my prepared statement but I cant seem to find the error. Can someone with a pair of fresh eyes help me?

function insert_event($post_id, $title, $location, $from, $to, $description)
 {
//open connection to database
$mysqli = db_connect();

//insert
$stmt = $mysqli->prepare("INSERT INTO Events (".
        "postID, ".
        "title, ".
        "location, ".
        "from, ".
        "to, ".
        "description) ".
        "VALUES (".
        "'$post_id', ".
        "?, ".
        "?, ".
        "?, ".
        "?, ".
        "?)");

$stmt->bind_param("sssss", $title, $location, $from, $to, $description);
$stmt->execute();
$stmt->close();
// close connection
$mysqli->close();
}

I have even tried this

$stmt = $mysqli->prepare("INSERT INTO Events (postID, title, location, from, to, description) VALUES ($post_id, ?, ?, ?, ?, ?)");

sorry if its so easy to see whats wrong

user1536365
  • 25
  • 1
  • 7
  • Apparently there is an error with `prepare` – Explosion Pills May 15 '13 at 15:39
  • 6
    Isn't it because `FROM` and `TO` are [reserved words](https://dev.mysql.com/doc/refman/5.5/en/reserved-words.html) in MySQL, I wonder? Quote these (wrap in ```), and it should work. – raina77ow May 15 '13 at 15:40
  • THANK YOU RAINA77ow!!!!! I changed the from and to and it now works. I just wasted 6 hours of my life. Thanks a lot! – user1536365 May 15 '13 at 15:42
  • 2
    Why do you have `"'$post_id', ".` in a prepared statement? – Mark Baker May 15 '13 at 15:43
  • Duplicate of http://stackoverflow.com/questions/15447133/mysqli-update-throwing-call-to-a-member-function-bind-param-error – Your Common Sense May 15 '13 at 15:45
  • 1
    now let us all go and hunt down and vote up raina answers! – Drew May 15 '13 at 15:47
  • @MarkBaker because the user does not enter the post ID. Is that bad programming practice? – user1536365 May 15 '13 at 15:48
  • 1
    It's inconsistent for a start, but including it as a bind variable alongside the other bind variables would be a lot cleaner, and internally consistent within the scope of the function where you can't see where $post_id comes from – Mark Baker May 15 '13 at 15:53
  • Alright thanks for the suggestion. Still pretty new to PHP and mysql – user1536365 May 15 '13 at 15:56
  • @user1536365 - At least you're starting with prepared statements and bind variables, it's always sensible to learn good practises from the very beginning rather than learning bad practises – Mark Baker May 15 '13 at 16:33
  • possible duplicate of [How can I write SQL for a table that shares the same name as a protected keyword in MySql?](http://stackoverflow.com/questions/10706920/how-can-i-write-sql-for-a-table-that-shares-the-same-name-as-a-protected-keyword) – Jocelyn May 17 '13 at 01:02

1 Answers1

1

There are two reserved keywords in your prepare, they are from and to so just surround them with backtick to let mysql understand they are fields

    "location, ".
    "`from`, ".
    "`to`, ".
    "description) ".
Fabio
  • 23,183
  • 12
  • 55
  • 64
  • or better yet, don't use any reserved words as `select 'from' from mytable` is just going to confuse people further down the line – Anigel May 15 '13 at 15:46