skyer2000 Posted February 25, 2009 Share Posted February 25, 2009 Trying to work with MySQLi prepared statements. I figure I could use it for all my INSERT/UPDATE queries (no matter how small) as it seems to be the best way to prevent injection attacks (am I right believing this?). I have the following code that is not working with my UPDATE statement... $sql = 'UPDATE people SET firstname = ?, lastname = ?'; $stmt = mysqli_stmt_init($connect); if (mysqli_stmt_prepare($stmt, $sql)) { mysqli_stmt_bind_result($stmt, $postarray['firstname'], $postarray['lastname']); mysqli_stmt_execute($stmt); } It is throwing the error: Warning: mysqli_stmt_bind_result() [function.mysqli-stmt-bind-result]: Number of bind variables doesn't match number of fields in prepared statement in on line 44 (mysqli_stmt_bind_result($stmt, $postarray['firstname'], $postarray['lastname']) A similar SELECT query works fine. I only have two ?'s and two binded variables, I can't figure out why it's not liking that. Quote Link to comment Share on other sites More sharing options...
corbin Posted February 25, 2009 Share Posted February 25, 2009 Uhhhhh..... _bind_result is for use when you're doing a SELECT (or sometimes other things, but generally a SELECT). Give http://php.net/mysqli_stmt::prepare a read. Edit: In short, you're looking for mysqli_stmt_bind_param. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.