mysqli prep statement error (bind_param)

Question

This is a dupe of this question, however it wasn't ever answered. So I'm telling my tale!

<?php

include("connect.php");

$keyz = $_GET['id'];

mysqli_real_escape_string($db, $keyz);

if(!empty($_POST)){

    $query = $db->prepare("UPDATE talents SET (firstName,lastName,gender,dob,email,streetAddress,phoneNumber,city,state,country,zip,eyeColor,hairColor,height,weight,chest,waist,hips,dressSize,shoeSize) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) WHERE pk = ?");
    $query->bind_param('sssssssssssssssssssss',$_POST['firstName'],$_POST['lastName'],$_POST['gender'],$_POST['dob'],$_POST['email'],$_POST['streetAddress'],$_POST['phoneNumber'],$_POST['city'],$_POST['state'],$_POST['country'],$_POST['zip'],$_POST['eyeColor'],$_POST['hairColor'],$_POST['height'],$_POST['weight'],$_POST['chest'],$_POST['waist'],$_POST['hips'],$_POST['dressSize'],$_POST['shoeSize'],$keyz);
    $query->execute();
    $db->close();

    print_r($_POST['firstName'] . " " . $_POST['lastName'] . " has been updated.");

}

$query = "SELECT * FROM talents WHERE pk = " . $keyz;

if(!$result = $db->query($query)){
    die('There was an error running the query [' . $db->error . ']');
}

while($row = $result->fetch_assoc()){

?>
.
.
.
On to populate edit form

Connect.php (This is on my local dev machine):

$db = new mysqli('localhost', 'root', '', '[password]');

if($db->connect_errno > 0){
    die('Unable to connect to database [' . $db->connect_error . ']');
}

And I get the error:

Fatal error: Call to a member function bind_param() on a non-object in C:\Program Files (x86)\EasyPHP-DevServer-13.1VC9\data\localweb\FuseTalent\editTalent.php on line 80

I've tried what danzan suggested in the other question and var_dump the $query, but all it returns is bool(false).

What am I doing wrong? I copied/pasted/tweaked the code from another working page.

I's actually a dupe of [this one](http://stackoverflow.com/a/15447204/285587) — Your Common Sense, Jun 21 '13 at 08:40
`I copied/pasted/tweaked the code from another working page.` Yeah, that's the main problem. — Your Common Sense, Jun 21 '13 at 08:43

score 2 · Accepted Answer · answered Jun 21 '13 at 08:28

2

mysqli->prepare() returns FALSE if something went wrong. That would lead to {FALSE}->bindParam(...); being invoked, which would explain the error message call to a member function ... on a non-object.
Add more error handling to your script

$query = $db->prepare("UPDATE talents SET ...");
if ( !$query ) {
    // something went wrong
    // $db->errno and $db->error should contain more information about the error
    // see http://docs.php.net/manual/en/mysqli.error.php
    ...
}

also take a look at the UPDATE syntax of MySQL. It's

UPDATE talents SET
firstName=?,
lastName=?,
...
WHERE
...

answered Jun 21 '13 at 08:28

VolkerK

95,432
20
163
226

Returns a syntax error. You can't bundle the values like insert?? – Christopher Jun 21 '13 at 08:36
Tediously redoing the sql did the trick. Word to the *unwise, **don't bundle values for update!!** – Christopher Jun 21 '13 at 08:41
Both your MySQL server and the documentation say "no", so apparently you can't ;-) – VolkerK Jun 21 '13 at 08:41

mysqli prep statement error (bind_param)

1 Answers1