mysqli bind_param not updating table in database

Question

I'm trying to update a table from a database with this code, but it keeps returning a fatal error

        $stmt = $mysqli->prepare("UPDATE $tbl_name SET cart = ? WHERE username = $myUsername");
        $stmt->bind_param('s', $chosenParts2);
        $stmt->execute(); 
        $stmt->close();

Fatal error: Call to a member function bind_param() on a non-object in /home/jeffgogu/public_html/RaptorCPU/pages/cart.php on line 178 — Jeff, Mar 01 '16 at 13:58
Possible duplicate of [How can I prevent SQL-injection in PHP?](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) — Your Common Sense, Mar 01 '16 at 14:21

Kordi · Answer 1 · 2016-03-01T18:51:55.603

0

Your SQL Statement is wrong. So evtl. Table or field isn't existing. So just debug

UPDATE $tbl_name SET cart = ? WHERE username = $myUsername

Just add the following could after $mysqli->prepare

echo $mysqli->error;

and it should be clear why you got this error. The error unknown column is because $myUsername is not escaped, you just bind this variable too.

$stmt = $mysqli->prepare("UPDATE $tbl_name SET cart = ? WHERE username = ?");
$stmt->bind_param('ss', $chosenParts2, $myUsername);
$stmt->execute(); 
$stmt->close();

edited Mar 01 '16 at 18:51

answered Mar 01 '16 at 14:03

Kordi

2,405
1
14
13

it returns Unknown column 'jeff' in 'where clause' – Jeff Mar 01 '16 at 15:57

mysqli bind_param not updating table in database

1 Answers1