2

Changing my codes to prepared statements from mysqli procedural wherein it shows this error after submitting to my php file.

Fatal error: Cannot pass parameter 8 by reference

Here is my php code.

I've just copied this code from my insert data to db without arrays but this php code gets arrays.

<?php  
include 'admin/db/database_configuration.php';
if(isset($_POST['submit'])){
    if (empty($_POST['title'])){$job_title = 'NULL'; } else{ $job_title ="'". mysqli_real_escape_string($conn, $_POST['title']) . "'";}
    if (empty($_POST['desc'])){$job_desc = 'NULL'; } else{ $job_desc ="'". mysqli_real_escape_string($conn, $_POST['desc']) . "'";}

    $qualifications ="";
        if(isset($_POST["quali"]) && is_array($_POST["quali"])){
        $qualifications = implode("\n", $_POST["quali"]); 
        }
    if (empty($_POST['name_cont'])){$name_contact = 'NULL'; } else{ $name_contact ="'". mysqli_real_escape_string($conn, $_POST['name_cont']) . "'";} 
    if (empty($_POST['contact'])){$contact_num = 'NULL'; } else{ $contact_num ="'". mysqli_real_escape_string($conn, $_POST['contact']) . "'";}
    if (empty($_POST['email_add'])){$email_cont = 'NULL'; } else{ $email_cont ="'". mysqli_real_escape_string($conn, $_POST['email_add']) . "'";}

    $stmt = $conn->prepare("INSERT INTO `tbljoba` (job_title, job_desc, job_qualifications, cont_name, contact_info, employer_email, job_status) VALUES(?,?,?,?,?,?,?)") or die(mysqli_error($conn));
    $stmt->bind_param("sssssss", $job_title, $job_desc, $qualifications, $name_contact, $contact_num, $email_cont, 'pending'); //bind to param

    if($stmt->execute()){
        $stmt->close();
        $conn->close();
        echo '<script>alert("Successfully Sent")</script>';
        echo '<script>window.location = "employer_contact_us.php"</script>';
    }else{
        echo '<script>alert("Error")</script>';
    }
}
$conn->close();
?>

In this line that I've got an error

$stmt->bind_param("sssssss", $job_title, $job_desc, $qualifications, $name_contact, $contact_num, $email_cont, 'pending'); //bind to param
sauce
  • 285
  • 2
  • 4
  • 15
  • 1
    Would you care to post the _full_ error message and tell us which line that is? Thanks! – arkascha Mar 04 '17 at 10:13
  • The issue is that you are trying to pass a literal string to `$stmt->bind_param()` which cannot be handled as a reference. You need to pass a variable. – arkascha Mar 04 '17 at 10:14
  • @arkascha in this line $stmt->bind_param("sssssss", $job_title, $job_desc, $qualifications, $name_contact, $contact_num, $email_cont, 'pending'); – sauce Mar 04 '17 at 10:14
  • Sure, that was obvious. ;-) I only made the first comment as a hint for you for further questions: _be precise_ in your questions, state _full_ error messages and make it easy for others to follow your thoughts. – arkascha Mar 04 '17 at 10:15
  • okay I've edited my question. Ty @arkascha – sauce Mar 04 '17 at 10:18
  • added the line error maybe not edited @arkascha – sauce Mar 04 '17 at 10:19
  • All fine, thanks. You _did_ read my second comment above? – arkascha Mar 04 '17 at 10:20
  • You either need to place that string `'pending'` into a variable, or, much easier, to place it into the query as a literal part instead of handling it as a dynamic parameter, which it is not. – arkascha Mar 04 '17 at 10:21

1 Answers1

3

The error is with 'pending' in the bind_param call.

All parameters to bind_param must be passed by reference. A string is a primitive value, and cannot be passed by reference.

You can fix this by creating a variable and passing that as a parameter instead: 

$status = 'pending';
$stmt->bind_param("sssssss", $job_title, $job_desc, $qualifications, $name_contact, $contact_num, $email_cont, $status); //bind to param

Alternatively, if the status is always pending, you can hard-code it into the query. 

// add 'pending' into the VALUES part of the query
$stmt = $conn->prepare("INSERT INTO `tbljoba` (job_title, job_desc, job_qualifications, cont_name, contact_info, employer_email, status) VALUES(?, ?, ?, ?, ?, 'pending')") or die(mysqli_error($conn));
// no need to bind 'pending'
$stmt->bind_param("ssssss", $job_title, $job_desc, $qualifications, $name_contact, $contact_num, $email_cont); //bind to param
clinton3141
  • 4,751
  • 3
  • 33
  • 46