0

I'm running this within an html file (with a .php extension), yet when I inspect element, the iframe doesn't appear. Error reporting shows a problem with va5 and bind_param. When I call this php, I don't always have a variable5. How could I fix this?

<?php

  $va1 = $_GET['variable1'];
  $va2 = $_GET['variable2'];
  $va3 = $_GET['variable3'];
  $redetails = NULL;
  $redetails2 = NULL;
  $redetails = $_GET['rdetails'];
  $redetails2 = $_GET['redetails2'];

  $stmt = $mysqli->prepare("SELECT id FROM idlist WHERE var1 = ? && var2 = ? && var3 = ? && var4 = ? && var5 = ?");

  //failing
  $stmt->bind_param('sssss', $va1, $va2, $va3, $va4, $va5);

  $stmt->execute();
  $result = $stmt->get_result();

  //failing
  echo $result[0];

  //failing
  echo '<iframe src="https://drive.google.com/file/d/' . $result[0] . '/preview" width="850" height="1150"></iframe>';
?>
p1083997
  • 11
  • 4
  • What is file extension? *.php? What do you use to launch php -- Apache? Nginx? Cli? – mochalygin Apr 18 '17 at 06:33
  • @mochalygin Yes, its a .php and i'm using Apache – p1083997 Apr 18 '17 at 06:33
  • 2
    There might be an error in your `//some calculations`. Switch on error reporting in PHP to see them: http://stackoverflow.com/questions/1053424/how-do-i-get-php-errors-to-display Note: You will probably not see syntax errors this way. – KIKO Software Apr 18 '17 at 06:33
  • @KIKOSoftware It looks like you're right. I have updated it to include more code. – p1083997 Apr 18 '17 at 06:38
  • Please post your complete code – Ria Sen Apr 18 '17 at 06:39
  • @Learner I have – p1083997 Apr 18 '17 at 06:43
  • 1
    Do you have error reporting enabled? As you are binding parameters after defining them. Try moving the `$va1 = $_GET['variable1']` etc above your `$stmt`. When a fatal error occurs, it stops executing code, hence your data isn't being echo'd. – WesselV Apr 18 '17 at 06:45
  • @WesselV above the prepare? – p1083997 Apr 18 '17 at 06:47
  • Yes, indeed. You can also add error_reporting(E_ALL); to the top of your document (but within PHP tags) to enable error reporting for debugging. – WesselV Apr 18 '17 at 06:48
  • ^ and use `ini_set('display_errors', 'On');` – DarkBee Apr 18 '17 at 06:48
  • @WesselV the error reporting is saying there is a fatal call to the bind-param, what could be wrong with it? It is also saying va5 has a problem; in some calls to this, I do not have a va5, and in some I do. Could this be the problem, and if so, how would I fix it? – p1083997 Apr 18 '17 at 06:52
  • If you don't have 5 variables, why do bind them then? Remove the 5th one in your query, `$mysqli->prepare("SELECT id FROM idlist WHERE var1 = ? && var2 = ? && var3 = ? && var4 = ?");` – DarkBee Apr 18 '17 at 07:02
  • Please check you query. Fix it and then there will be no problem. I tried removing the query and everything works fine. – Ria Sen Apr 18 '17 at 07:07
  • @DarkBee In some cases I have a 5th var, in some I don't, so I don't pass in NULL. Is there any way to get around this, and have it work despite this? – p1083997 Apr 18 '17 at 07:07
  • @Learner I don't have a 5th var in all situations, I do in some – p1083997 Apr 18 '17 at 07:09
  • Then handle it in cases by if condition where if you have 5th variable then this query else the query with 3 or 4 variables. This is a decent way to handle. – Ria Sen Apr 18 '17 at 07:18

1 Answers1

0

You have to alter your query depending on the amount of variables. A solution could be

<?php
    $parms = array(
        'var1' => $_GET['variable1'],
        'var2' => $_GET['variable2'],
        'var3' => $_GET['variable3'],
    );

    if (isset($_GET['variable4'])) $parms['var4'] = $_GET['var4'];
    if (isset($_GET['variable5'])) $parms['var5'] = $_GET['var5'];

    $stmt = $mysqli->prepare('SELECT id FROM idlist WHERE '. implode(' = ? && ', array_keys($parms)). ' = ?');
    foreach($parms as $value) $stmt->bind_param('s', $value);
DarkBee
  • 16,592
  • 6
  • 46
  • 58