-2

I am well aware this question has been asked before and I am really sorry for asking again, but the others didn't answer it for my situation. I have no idea what could be wrong with this bind_param. Here is the code for my PHP:

<?php
$db = new mysqli("localhost", "HIDDEN", "HIDDEN", "HIDDEN");
if ($db->connect_error) {
   die("Sorry, there was a problem connecting to our database.");
}

$username = stripslashes(htmlspecialchars($_GET['username']));

$result = $db->prepare("SELECT * FROM messages");
$result->bind_param("s", $username);
$result->execute();

$result = $result->get_result();
while ($r = $result->fetch_row()) {
   echo $r[1];
   echo "\\";
   echo $r[2];
   echo "\n";
}

What could be wrong with this bind_param? Sorry to bother again and thanks for the help.

Optimistic
  • 35
  • 1
  • 10

2 Answers2

3

You should use placeholders (question marks, ?) in your prepare statement, and the number of parameters for bind_param method should be 1+num of ? symbols.

first argument represent the data type of the arguments, followed by the bind parameter values.

In your example you are passing 2 params to your bind_param method (first param, s represents string and 2nd param, $username represents the value.), but there is no placeholder ? in your query.

Venkat Papana
  • 4,757
  • 13
  • 52
  • 74
1

That's because you are trying to bind variable s here $result->bind_param("s", $username);.

Problem is that you are not using it in your query.

Elon Than
  • 9,603
  • 4
  • 27
  • 37
  • Sorry but I still don't understand what I am supposed to do here. Do I get rid of the "s"? I am very confused. – Optimistic Sep 15 '15 at 01:30