bind_param number of elements doesn't match number of element array

Question

hello i've got a question about bind_param every code is works but not this one...probably dumb question..

$key = "`".implode("`, `",array_keys($notifikasi))."`";
echo $value = "'".implode("', '",array_values($notifikasi))."'";
$query = $dbcon->prepare("INSERT INTO `notifikasi` ($key) VALUES ($value)");
$query->bind_param("iiiis",$value);
$query->execute();

i've echo the value :

'1','1','2','3','profile.php?confirm=33'

i've put any number on bind_param still got this error:

mysqli_stmt::bind_param(): Number of elements in type definition string doesn't match number of bind variables

anyone can answer my misunderstanding?

[EDIT] nevermind, i've found the solution :
use call_user_func_array()

mysqli bind_param for array of strings

thanks

You're not binding parameters correctly. The query string should contain placeholders like `?` or `:foo`, and not your actual values. See the docs for `bind_param` for examples. — Alex Howansky, Jun 13 '17 at 18:59
i've read the doc yes it should put ?
so i put it on the prepare state (?,?,?,?,?) bind_param (iiiis,$value).
my question does array have something to do with it? it's still error — faddi, Jun 13 '17 at 19:15

score 0 · Answer 1 · answered Jun 13 '17 at 19:27

The problem is you are trying to bind parameters when you didn't add any placeholder for them.

You should never trust user's input so I would suggest you not to populate column names from the input. I would fix column names in query:

$notifikasi = [1, 2, 'profile'];
$query = $dbcon->prepare("INSERT INTO `notifikasi` (col1, col2, col3) VALUES (?, ?, ?)");
$query->bind_param("iis", $notifikasi);

bind_param number of elements doesn't match number of element array

1 Answers1