I am preparing the query using mysqli prepare but this is giving an error
check the manual that corresponds to your MySQL server version for the right syntax to use near '? ) AND ( user_fullname ? )'
$query="DELETE FROM table WHERE ( quiz_answer ? ) AND ( user_fullname ? )";
$stmt = $mysqli->prepare($query);
$stmt->bind_param('ss',array('IS NULL','IS NULL'));
$stmt->execute();
Please help me finding the problem in query Thanks in advance
If we assume, that $answer and $fullname are your quiz_answer and user_fullname params. This might work:
$answerString = 'IS NULL';
$userString = 'IS NULL';
if ( trim( $answer ) && $answer != 'null' ) $answerString = '= ?';
if ( trim( $user ) && $user != 'null') $userString = '= ?';
$query="DELETE FROM table WHERE ( quiz_answer $answerString ) AND ( user_fullname $userString )";
$stmt = $mysqli->prepare($query);
if ( $answer && ! $fullname ) $stmt->bind_param('s',array($answer));
if ( $answer && $fullname ) $stmt->bind_param('ss',array($answer, $fullname));
if ( ! $answer && $fullname ) $stmt->bind_param('s',array($fullname));
$stmt->execute();
But i also suggest additional param validation to be executed before inserting them into sql query, even by parameter-binding.
