-1

I am trying to search a table for specific items using a prepared statement in PHP. I am getting no errors, but also getting no record. Here is my code:

$items = [];
$search = "john";
if ($stmt = $this->con->prepare("SELECT * FROM phptest WHERE search = ?")) { //'john'";
    $stmt->bind_param("s",$search);
    $stmt->execute();
    while ($row = mysqli_fetch_array($stmt)) {
        $item = [];
        $item['id'] = $row['id'];
        $item['first'] = $row['search'];
        $item['last'] = $row['data'];
        array_push($items, $item);
    }
}
return $items;

Now, when I don't use a prepared statement, and just SELECT * FROM phptest I get all the results in the table (including the item where search = 'john'). Furthermore, if I use the query SELECT * FROM phptest WHERE search = 'john' I get the one record where search = 'john'

But as soon as I turn it into the prepared statement, I get zero errors but zero records. I do get a warning:

mysqli_fetch_array() expects parameter 1 to be mysqli_result, boolean given

Which made me think my bind_param or execute() was returning FALSE, but when I check, it does not appear to be returning false.

I started off my adventure working through the tutorial https://www.simplifiedcoding.net/android-mysql-tutorial-to-perform-basic-crud-operation/, which I thought I understood fully but ran into my error when trying to make my own PHP API.

I then went to the manual http://php.net/manual/fr/mysqli.prepare.php, but still cannot find my error.

Though it has been closed as "off-topic," I have reviewed PHP bind_param not working and found nothing applicable to my situation.

Likewise, I am not finding the error in PHP bind_param not defined nor php bind_param is not working.

mickmackusa
  • 43,625
  • 12
  • 83
  • 136
John Summers
  • 9
  • 2
  • I am confused now, because you have object oriented setup of statements, then you use procedural style for the mysqli_fetch_array... – IncredibleHat Nov 01 '17 at 21:31

1 Answers1

3

You're very close. mysqli_fetch_array() expects to be passed a result object, not the statement object itself:

$stmt = $conn->prepare(...);
$stmt->bind_param(...);
$stmt->execute();
$result = $stmt->get_result();
while ($row = mysqli_fetch_array($result)) {

Or, in the fully OO manner:

while ($row = $result->fetch_array()) {
Alex Howansky
  • 50,515
  • 8
  • 78
  • 98
  • Yeah, when he had tested directly by changing `$this->con->prepare` to `$this->con->query ` ... it would have made $stmt be the result object, and not the prepared object. – IncredibleHat Nov 01 '17 at 21:26
  • `execute` returns a boolean, not a `mysqli_result`. – Barmar Nov 01 '17 at 21:29
  • Is this mysqli? I thought it was PDO lol ... oh, hmm. Well then! – IncredibleHat Nov 01 '17 at 21:30
  • @Randall Heh yeah, brain fart on my part. I'm writing PDO thinking, oh that's easy, not realizing it's been forever since I wrote mysqli and I didn't remember how it worked... – Alex Howansky Nov 01 '17 at 21:41
  • Thank you, Alex. This is EXACTLY what my problem was ... the missing $result = $stmt->get_result(); I don't doubt my mixing object oriented and procedural style also created a problem, which happened because I'm new to php and have looked at over a dozen different examples trying to fix my problem. May I also suggest that, though the answer was available in the link supplied by whomever marked this question as a duplicate, that question does not initially appear to be about my problem, nor is the solution nearly as clear as Alex's comment. – John Summers Nov 02 '17 at 03:07