18

I am trying to make a function which will check update and insert some data but I am having an issue in the first step where the $stmt->bind_param is saying that is not passing parameters by reference or something like that.

I have attached below the function code:

public function killTarget($killerid,$victimiid,$victimcode)
    {

        if ($this->checkUsercode($victimcode,$victimiid))
        {
            $stmt = $this->_db->prepare("UPDATE users SET status =? WHERE user_id =?");
            $stmt->bind_param("ii",0,$victimiid);

            if ($stmt->execute())
            {
                $stmt->store_result();
                $stmt->fetch();

                $stmt = $this->_db->prepare("SELECT victim_id FROM target WHERE killer_id = ?");
                $stmt->bind_param("i",$victimiid);

                if ($stmt->execute())
                {
                    $stmt->store_result();
                    $stmt->bind_result($targetid);
                    $stmt->fetch();

                    $stmt = $this->_db->prepare("INSERT INTO target (killer_id, victim_id) VALUES (?,?)");
                    $stmt->bind_param("ii",$killerid,$targetid);

                    if ($stmt->execute())
                    {
                        $stmt->store_result();
                        $stmt->fetch();
                        $stmt->close();
                    }
                }
            }
            else
            {
                Main::setMessage("targets.php",$this->_db->error,"alert-error");
            }
        }

    }
Dharman
  • 30,962
  • 25
  • 85
  • 135
Sadi Qevani
  • 189
  • 1
  • 1
  • 3
  • I forgot to mention that the issue is happening in the first lines of the function here: $stmt->bind_param("ii",0,$victimiid); – Sadi Qevani Jan 28 '13 at 16:50
  • I would recommend using the PDO object, in which case you could do `$stmt->execute(array(0, $victimiid));` instead of having to bind params with `bind_param` – crush Jan 28 '13 at 16:51
  • 2
    Or something like that? Next time pay more attention to exact error messages and post them here when applicable. Those messages are there to help you, not just to annoy. – Álvaro González Jan 28 '13 at 16:52

3 Answers3

45

You cannot do this in mysqli:

$stmt->bind_param("ii",0,$victimiid);

The 0 needs to be a variable.

Try this:

$zero = 0;
$stmt->bind_param("ii",$zero,$victimiid);
Naftali
  • 144,921
  • 39
  • 244
  • 303
  • I also want to add that global variables like define('global_string', 'test'); need to be converted as well. – Marc Alexander Oct 06 '20 at 08:56
  • Instead of creating a variable, it should be hard coded in the query itself. `$stmt = $this->_db->prepare("UPDATE users SET status = 0 WHERE user_id =?");` – Whip Mar 06 '22 at 14:45
15

Watch out! mysqli_stmt::bind_param accepts a reference to a variable, not a constant value. Therefore you have to create a variable to hold that 0 and then reference that variable instead.

$i = 0;
$stmt->bind_param("ii", $i, $victimiid);
Shoe
  • 74,840
  • 36
  • 166
  • 272
11

Make 0 a variable or include it directly in your query.

$zero = 0;
$stmt->bind_param("ii", $zero, $victimiid);
David Harris
  • 2,697
  • 15
  • 27