Uncaught TypeError: mysqli_query(): Argument #2 ($query) must be of type string, mysqli_stmt given in PHP

Question

I created a prepared statement in my PHP script but when I submit my form to insert, I get this error, Fatal error: Uncaught TypeError: mysqli_query(): Argument #2 ($query) must be of type string, mysqli_stmt given in C:\xampp\htdocs\7058\insert.php:100 Stack trace: #0 C:\xampp\htdocs\7058\insert.php(100): mysqli_query(Object(mysqli), Object(mysqli_stmt)) #1 {main} thrown in C:\xampp\htdocs\7058\insert.php on line 100.

It is my first time trying prepared SQL statements, so I am not sure what I am doing wrong.

<?php
        session_start();
        // servername => localhost
        // username => root
        // password => empty
        // database name => staff
        $conn = mysqli_connect("localhost", "root", "", "survey");
        // Check connection
        if ($conn === false) {
            die("ERROR: Could not connect. "
                . mysqli_connect_error());
        }
        $name = $_SESSION['name'];
        $paygoid = $_SESSION['paygoid'];
        $product_exist_satisfaction = $_SESSION['product_exist_satisfaction'];
        $system_battery_runout = $_SESSION['system_battery_runout'];
        $rank_appliances = $_POST['rank_appliances'];     //return an array.
        $checkboxvalue = implode(",", $rank_appliances);


        $sql = $conn->prepare("INSERT INTO cus_survey (name,paygoid,product_exist_satisfaction,system_battery_runout,rank_appliances)  VALUES (?, ?, ?, ?, ?)");
        $sql->bind_param("sssss", $name, $paygoid, $product_exist_satisfaction, $system_battery_runout, $checkboxvalue);
        if (mysqli_query($conn, $sql)) { **//this is line 97**
            echo "<h3>Your survey was captured successfully. Thank You!"           
        } else {
            echo "<h3>Sorry, Your ID has already been used. Please enter a valid ID</h3> "
            echo "<h3><a href='/7058/index.php'>Click here to edit your ID</a></h3>";
        }

        // Close connection
        mysqli_close($conn);
        ?>

You need to `prepare` the query and then `execute` it rather than just call `query` — Professor Abronsius, Jan 11 '22 at 11:45
You are 90% of the way there. You have prepared the `prepared statement` and bound the placeholders - you just need to call `$sql->execute();` rather than `mysqli_query($conn, $sql)` — Professor Abronsius, Jan 11 '22 at 11:49
Please do not mix procedural and object-oriented mysqli syntax in your project. — mickmackusa, Jan 11 '22 at 11:55

score 0 · Answer 1 · answered Jan 11 '22 at 11:54

I hope the following will help point you in the right direction. Initially you should make a sanity check that the variables you intend to use are actually available to avoid silly errors and then, using the considerably less verbose OO style of mySQLi, prepare the sql statement, bind the placeholders, execute the statement and then find if it succeeded.

<?php

    session_start();
    
    if( isset(
        $_SESSION['name'],
        $_SESSION['paygoid'],
        $_SESSION['product_exist_satisfaction'],
        $_SESSION['system_battery_runout'],
        $_POST['rank_appliances']
    )){
    
        $conn = new mysqli("localhost", "root", "", "survey");

        $name = $_SESSION['name'];
        $paygoid = $_SESSION['paygoid'];
        $product_exist_satisfaction = $_SESSION['product_exist_satisfaction'];
        $system_battery_runout = $_SESSION['system_battery_runout'];
        $rank_appliances = $_POST['rank_appliances'];
        
        $checkboxvalue = implode(",", $rank_appliances);


        $stmt = $conn->prepare( "INSERT INTO `cus_survey` ( `name`, `paygoid`, `product_exist_satisfaction`, `system_battery_runout`, `rank_appliances` )  VALUES (?, ?, ?, ?, ?)" );
        $stmt->bind_param("sssss", $name, $paygoid, $product_exist_satisfaction, $system_battery_runout, $checkboxvalue );
        $stmt->execute();
        
        
        if ( $stmt->affected_rows==1 ) {
            echo "<h3>Your survey was captured successfully. Thank You!"           
        } else {
            echo "<h3>Sorry, Your ID has already been used. Please enter a valid ID</h3> "
            echo "<h3><a href='/7058/index.php'>Click here to edit your ID</a></h3>";
        }
        
        $stmt->close();
        $conn->close();
        
        exit();
    }
?>

[Is storing a delimited list in a database column really that bad?](https://stackoverflow.com/q/3653462/2943403) — mickmackusa, Jan 11 '22 at 11:56
There is, after all, more than one form of normalisation and it is indeed possible for practically no normalisation - this was intended to address the issue at hand rather than focusing on the minutiae of the data stored which is a design decision that cannot possibly be addressed without much closer examination of the db & the app. There does exist `FIND_IN_SET` in mysql which may or may not be used to process this comma delimited data at a later stage... we simply don't know. — Professor Abronsius, Jan 11 '22 at 12:27
I didn't mean to attack your answer, Rammy. I should have posted under the question. — mickmackusa, Jan 11 '22 at 12:35

Uncaught TypeError: mysqli_query(): Argument #2 ($query) must be of type string, mysqli_stmt given in PHP

1 Answers1