Setting up and executing a prepared statement (using mysqli)

Question

I'm running into a problem when trying to run this mysql query / prepared statement.

  <?php

  if (!empty($_POST['var1'])&&!empty($_POST['var2'])
    &&!empty($_POST['var3'])&&isset($_POST['var4'], 
    $_POST['var5'], $_POST['var6'])) {

  require_once 'connect.inc.php'; 

  $query = "INSERT INTO tablename (var1, var2, var3, var4, var5, var6)
  VALUES (?,?,?,?,?,?)";

  $stmt = mysqli_prepare($link, $query);

  mysqli_stmt_bind_param($stmt, "ssssss", $var1, $var2, $var3, $var4, $var5, $var6);

  $var1 = $_POST['var1'];
  $var2 = $_POST['var2'];
  $var3 = $_POST['var3'];
  $var4 = $_POST['var4'];
  $var5 = $_POST['var5'];
  $var6 = $_POST['var6'];

  mysqli_stmt_execute($stmt);

   if (mysqli_stmt_affected_rows($stmt)==1) {
   echo 'Thank you for your submission.';
      } else {
      mysqli_stmt_close($stmt);
      mysqli_close($link);  }

 } else {
echo 'We were unable to process your information. Please ensure all required fields 
        were filled out.'.mysqli_stmt_error($stmt);
} 

?>

When I run the code, I get the following error message:

 Notice: Undefined variable: stmt in ...on line 62
  Warning: mysqli_stmt_error() expects parameter 1 to be mysqli_stmt, null given in ... on        line 62

Line 62 is the row containing mysqli_stmt_error($stmt) at the end. As far as I can tell, I've set up $stmt properly. ($link comes from the connect.inc.php page.) I'm not sure why I get the message null given since I do have $stmt as parameter 1.

Does anyone know what I'm doing wrong?

Answer 1

You are trying to capture a query error but are using it at the place where your $_POST var errors are shown. See improved code:

  <?php

  if (!empty($_POST['var1'])&&!empty($_POST['var2'])
    &&!empty($_POST['var3'])&&isset($_POST['var4'], 
    $_POST['var5'], $_POST['var6'])) {

    require_once 'connect.inc.php'; 

    $query = "INSERT INTO tablename (var1, var2, var3, var4, var5, var6)
    VALUES (?,?,?,?,?,?)";

    $stmt = mysqli_prepare($link, $query);

    $var1 = $_POST['var1'];
    $var2 = $_POST['var2'];
    $var3 = $_POST['var3'];
    $var4 = $_POST['var4'];
    $var5 = $_POST['var5'];
    $var6 = $_POST['var6'];

    mysqli_stmt_bind_param($stmt, "ssssss", $var1, $var2, $var3, $var4, $var5, $var6);
    mysqli_stmt_execute($stmt);

     if (mysqli_stmt_affected_rows($stmt)==1) {
          echo 'Thank you for your submission.';
        } else {
          mysqli_stmt_close($stmt);
          mysqli_close($link);  

          // do something with your statement error
          echo mysqli_stmt_error($stmt);
        }

} else {
  echo 'We were unable to process your information. Please ensure all required fields were filled out.';
} 
?>