skyer2000 Posted February 25, 2009 Share Posted February 25, 2009 Trying to work with MySQLi prepared statements. I figure I could use it for all my INSERT/UPDATE queries (no matter how small) as it seems to be the best way to prevent injection attacks (am I right believing this?). I have the following code that is not working with my UPDATE statement... $sql = 'UPDATE people SET firstname = ?, lastname = ?'; $stmt = mysqli_stmt_init($connect); if (mysqli_stmt_prepare($stmt, $sql)) { mysqli_stmt_bind_result($stmt, $postarray['firstname'], $postarray['lastname']); mysqli_stmt_execute($stmt); } It is throwing the error: Warning: mysqli_stmt_bind_result() [function.mysqli-stmt-bind-result]: Number of bind variables doesn't match number of fields in prepared statement in on line 44 (mysqli_stmt_bind_result($stmt, $postarray['firstname'], $postarray['lastname']) A similar SELECT query works fine. I only have two ?'s and two binded variables, I can't figure out why it's not liking that. Link to comment https://forums.phpfreaks.com/topic/146809-update-prepared-statement-problem/ Share on other sites More sharing options...
corbin Posted February 25, 2009 Share Posted February 25, 2009 Uhhhhh..... _bind_result is for use when you're doing a SELECT (or sometimes other things, but generally a SELECT). Give http://php.net/mysqli_stmt::prepare a read. Edit: In short, you're looking for mysqli_stmt_bind_param. Link to comment https://forums.phpfreaks.com/topic/146809-update-prepared-statement-problem/#findComment-770783 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.