0

I've been stuck on this error , please help me this is my code PHP Fatal error: Call to a member function bind_param()

$statement= $db->prepare("insert into uploaddetails(idnum,title,desc,author,tags,title) values(?,?,?,?,?,?)");


     $id='NULL';
    $title=$_POST['title'];
    $description=$_POST['description'];
     $author=$_POST['author'];
     $tags=$_POST['tags'];
     $file= basename($_FILES["fileToUpload"]["name"]);


    $statement->bind_param( 'isssss', $id,$title, $description,$author,$tags,$file);
    $statement->execute();

    $db->close();
    $statement->close();
timrau
  • 22,578
  • 4
  • 51
  • 64
Chadwick Nagka-Gahi Comeros
  • 5
  • 1
  • 1
  • 3

4 Answers4

7

Since nobody else has spotted the issue, I'll post it for you. The reason you're prepare() is failing is because you're trying to use a MySQL Reserved Word. The word desc is a reserved word in MYSQL, which means you need to wrap it in backticks like this:

$statement= $db->prepare("insert into uploaddetails(idnum,title,`desc`,author,tags,file) values(?,?,?,?,?,?)");

It also helps to use proper practice when inserting into a database/using prepared statements.

$statement= $db->prepare("insert into uploaddetails(idnum,title,`desc`,author,tags,title) values(?,?,?,?,?,?)");

if($statement !== FALSE) {
    // do the binds...etc
}

Notes

file is also a reserved word, I don't know what your actual file columns name is, so keep that in mind.

Darren
  • 13,050
  • 4
  • 41
  • 79
  • This is reasonable, I checked for title as a reserved keyword but missed desc. Good catch. – KAD Aug 13 '15 at 05:33
  • Cheers @KAD, I thought the `desc` looked a little too cosy sitting there. :P – Darren Aug 13 '15 at 05:42
  • @Darren I found the Q&A here from a Google search for the similar error. `FILE` is not reserved, it is just a keyword, per https://dev.mysql.com/doc/refman/5.5/en/keywords.html#keywords-5-5-detailed-F - Notice that there is no `(R)` next to it. – Funk Forty Niner Dec 01 '19 at 19:21
1

Your prepare statement is failing because of the query, what you need to do is to make sure the statement is not false in order to execute bind_param, otherwise view the prepare query error as follows :

//Make sure the statement is not false
if($statement !== FALSE)
{
    $statement->bind_param( 'isssss', $id,$title, $description,$author,$tags,$file);
    $statement->execute();

    $db->close();
    $statement->close();
}
//Otherwise check why the prepare statement failed
else
{
    die('prepare() failed: ' . htmlspecialchars($db->error));

}
KAD
  • 10,972
  • 4
  • 31
  • 73
  • prepare() failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'desc,author,tags,title) values(?,?,?,?,?,?)' at line 1 ,,, thanks this is very help ful but i still dont get it. – Chadwick Nagka-Gahi Comeros Aug 13 '15 at 05:13
  • It seems as @Darren said you have title twice in the query, this could be the problem. It would be a good practice to test your query in phpMyAdmin before writing your query in mysqli and manually binding the parameters to make sure of the syntax at least. – KAD Aug 13 '15 at 05:17
  • oh my god, i use the word "DESC" as a column name and mysql interpreted as a some kind of function.. THANKS GUYS.. REALLY BY HEA – Chadwick Nagka-Gahi Comeros Aug 13 '15 at 05:32
0
  • Try this. your code is modified.
$statement= $db->prepare("INSERT INTO uploaddetails (title,desc,author,tags,file) VALUES(?,?,?,?,?)");


 //$id='NULL';
$title=$_POST['title'];
$description=$_POST['description'];
 $author=$_POST['author'];
 $tags=$_POST['tags'];
 $file= $_FILES["fileToUpload"]["name"];


$statement->bind_param( 'isssss',$title, $description,$author,$tags,$file);
$statement->execute();

$db->close();
$statement->close();

//---- Move the file to desired location...

-ID is not required because it is auto increment and mysql will take care of it, -and you had wrong field name for file, which was title and I change it to file(correct it if you have any other name instead).

Muhammad Sadiq
  • 1,147
  • 11
  • 13
  • prepare() failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'desc,author,tags,filename) values(?,?,?,?,?)' at line 1 , OH MAN,, still got the same errors, i changed the field name file to , filename same as my db column name – Chadwick Nagka-Gahi Comeros Aug 13 '15 at 05:25
  • oh my god, i use the word "DESC" as a column name and mysql interpreted as a some kind of function.. THANKS GUYS.. REALLY BIG HELP – Chadwick Nagka-Gahi Comeros Aug 13 '15 at 05:32
0

possible errors

1)column count in the table is different from your query. 2)although it shows the error in the bind_param line, the error may occur in the prepare statement line(in your case line 1) 3)you can put echo statement before and after these lines and caught the error (in my case I repeated the same field name twice in the prepared statement)

fetch following code with your requirements and tryout

$stmt = $conn->prepare("INSERT INTO SalesReturn(CRDNUMBER, CRDDATE, REFERENCE,CUSTOMER,ITEM,QTYRETURN,UNITPRICE,TIAMOUNT1,TIAMOUNT2,EXTCRDMISC,TAMOUNT1,TAMOUNT2,CRDSUBTOT,CRDNET,CRDETAXTOT,CRDNETNOTX,CRDNETWTX,TransactionType) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)"); echo "after prepare"; $stmt->bind_param("ssssssssssssssssss",$CRDNUMBER,$CRDDATE,$REFERENCE,$CUSTOMER,$ITEM,$QTYRETURN,$UNITPRICE,$TIAMOUNT1,$TIAMOUNT2,$EXTCRDMISC,$TAMOUNT1,$TAMOUNT2,$CRDSUBTOT,$CRDNET,$CRDETAXTOT,$CRDNETNOTX,$CRDNETWTX,$TransactionType); echo "after bind_param statement";

Naveen S
  • 101
  • 1
  • 3