php mysql bind param parameters

Question

I'm trying out using prepared statements for the first time and running into the following issue with the below code

Error :

Warning: mysqli_stmt_bind_param() expects parameter 1 to be mysqli_stmt, boolean given

Code :

$stmt = mysqli_prepare($db, "INSERT INTO fragrances(name, description, essentialoils, topnotes, middlenotes, basenotes, reference, year, type, price, fragrancehouse, triangle, extractname, extractreference, extractprice, extractfragrancehouse, disccolour, collarcolour, actuatorcolour)
    VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"); 
mysqli_stmt_bind_param($stmt, 'sssssssssssssssssss', $name, $description, $essentialoils, $topnotes, $middlenotes, $basenotes, $reference, $year, $type, $price, $fragrancehouse, $triangle, $extractname, $extractreference, $extractprice, $extractfragrancehouse, $disccolour, $collarcolour, $actuatorcolour);

mysqli_stmt_execute($stmt);

I've looked at many different questions on here and none of their solutions seem to apply for my problem, does anyone know what the issue is?

prepare is failing. you need to get the output of `mysqli_error`. You also have no placeholders in your query. Use `?` or named parameters if mysqli supports it (i'm not sure) — Cfreak, Oct 10 '14 at 20:06
Possible duplicate of [mysqli\_fetch\_assoc() expects parameter / Call to a member function bind\_param() errors. How to get the actual mysql error and fix it?](https://stackoverflow.com/questions/22662488/mysqli-fetch-assoc-expects-parameter-call-to-a-member-function-bind-param) — Dharman, Oct 15 '19 at 23:03

meda · Accepted Answer · 2014-10-10T20:41:55.237

4

$stmt becomes a boolean only when mysqli_prepare returns false.

When this happens it means it failed to prepare the query therefore you need to check for errors:

$stmt = mysqli_stmt_init($db);
if (mysqli_stmt_prepare($stmt, 'INSERT INTO fragrances VALUES...')) {
    //it's all good bind and execute here
}else{
   //we have a problem
   printf("Errormessage: %s\n", mysqli_error($db));
}

edited Oct 10 '14 at 20:41

answered Oct 10 '14 at 20:30

meda

45,103
14
92
122

Turned out I had mixed my americanisms up and had a field named collarcolor by mistake! this lead me to the error so is getting the tick, Thanks – Xand94 Oct 10 '14 at 20:35

Asenar · Answer 2 · 2014-10-10T20:34:15.957

2

The error message means your mysqli_prepare returned a boolean (and for your case, it returned false).

You need to replace all your field name by the character ? to make your prepared statement. This is how it works.

See example in the official documentation

EDIT See also mysqli_error , which will detail your error. In fact, you should always check a variable before using it:

$stmt = mysqli_prepare($db, "....");
if(!$stmt)
  echo mysqli_error($db); // display error only for debug. Avoid this in production

edited Oct 10 '14 at 20:34

answered Oct 10 '14 at 20:06

Asenar

6,732
3
36
49

Unfortunately that does not change my error message – Xand94 Oct 10 '14 at 20:29
So you have an other error. Maybe related to `$db`. I edited my answer to help you debugging it. – Asenar Oct 10 '14 at 20:34

Rimas · Answer 3 · 2014-10-29T06:27:09.337

Your INSERT statement is invalid: VALUES clause must be with ? in parantheses (and after field names in parentheses). Also good practice is to check $stmt after assigning:

$stmt = mysqli_prepare($db, 
   "INSERT INTO fragrances (name, description, essentialoils, topnotes, middlenotes, basenotes, reference, year, type, price, fragrancehouse, triangle, extractname, extractreference, extractprice, extractfragrancehouse, disccolour, collarcolour, actuatorcolour)
    VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
if ($stmt) {
    mysqli_stmt_bind_param($stmt, 'sssssssssssssssssss', $name, $description, $essentialoils, $topnotes, $middlenotes, $basenotes, $reference, $year, $type, $price, $fragrancehouse, $triangle, $extractname, $extractreference, $extractprice, $extractfragrancehouse, $disccolour, $collarcolour, $actuatorcolour);

    mysqli_stmt_execute($stmt);
    // ...
} else
    printf("Error: %s\n", mysqli_error($db));

Unfortunately that does still create the same error message (removing the if statement) — Xand94, Oct 10 '14 at 20:29

score 2 · Answer 4 · answered Oct 10 '14 at 20:34

It means your SQL was invalid because the prepare is returning false;

Your SQL should be;

$stmt = mysqli_prepare($db, "INSERT INTO fragrances VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? )");

Each ? is to show where each parameter needs to be bound respectively.

php mysql bind param parameters

4 Answers4