PHP prepared Update statement fail

Question

I just started working with mysqli prepared statements. I am still trying to master it when I ran into an issue with a prepared UPDATE statement.

After searching SO, I found this question.

But it was unanswered; the question closely resembles my issue:

<?php

  $pin = '12345' // spaceballs reference
  $email = 'somebody@email.com';
  $update = "UPDATE users SET sec_pin = ? WHERE email = ?;";

  $stmt = $dbc->prepare($update);

  $stmt->bing_param("is", $rand, $dbuseremail);
  $stmt->execute();

?>

I am returning a 500 Internal Error. How can I fix this?

Wow...just wow...I did not even see that. So sorry. Thank you both. Upvotes for all. — John Beasley, May 11 '18 at 17:48

score 1 · Accepted Answer · answered May 11 '18 at 18:56

You can find some great examples for prepared statements in the php documentation for mysqli_stmt::bind_param.

Now the specific reasons for your code sample:

You are missing a semicolon on line 3 ($pin = '12345';).
As already mentioned in comments to your question you have misspelled the $stmt->bind_param(...) function.
You are using different variables in your $stmt->bind_param(...) function then the ones you have defined earlier in your code. The variable $rand should be replaced with $pin and $dbuseremail with $email.

A working sample would be:

<?php

    $dbc = new mysqli('127.0.0.1', 'db_user', 'db_password', 'db_name');

    $pin = '12345'; // spaceballs reference
    $email = 'somebody@email.com';
    $update = "UPDATE users SET sec_pin = ? WHERE email = ?;";

    $stmt = $dbc->prepare($update);

    $stmt->bind_param("is", $pin, $email);
    $stmt->execute();

?>

Debugging in PHP

You may find these resources helpful while trying to debug your php code:

Statik Stasis · Answer 2 · 2018-05-11T19:07:56.470

Misspelled bind_param() as bing_param().

Also don't worry about using i for integer in your bind_param parameters, just use s for string on all variables you're passing; prevents unwanted errors and works the same without having to worry about which variable you're passing.

Just going to clean your code up some too as well as fix some suspected variable name errors.

<?php

$pin = '12345'; // spaceballs reference
$email = 'somebody@email.com';
$update = "
    UPDATE 
        users 
    SET 
        sec_pin = ? 
    WHERE 
        email = ?";

$stmt = $dbc->prepare($update);

$stmt->bind_param("ss", $pin, $email);
$stmt->execute();

?> //If all of your PHP file is only PHP, then leave this closing tag off.

PHP prepared Update statement fail

2 Answers2