5

This is how I'm binding my params:

$Con = mysqli_connect(...);
$Statement = mysqli_stmt_init($Con);

mysqli_stmt_prepare($Statement,"select * from users where name=? and email=?");
mysqli_stmt_bind_param("s",$Username);
mysqli_stmt_bind_param("s",$Email); <-- it fails here

But it works fine in the other case when I replace the 2 calls to mysqli_stmt_bind_param with:

mysql_stmt_bind_param("ss",$Username,$Email)

The problem is that I have an array of params; I have to bind them one by one coz I don't know the number of params

jondinham
  • 8,271
  • 17
  • 80
  • 137

3 Answers3

5

Your approach does not work because the right way to use the mysqli_stmt_bind_param is precisely follow:

mysql_stmt_bind_param("ss",$Username,$Email)

refs: http://php.net/manual/en/mysqli-stmt.bind-param.php

to know the number of parameters makes a count() array.

JellyBelly
  • 2,451
  • 2
  • 21
  • 41
4

MySQLi's statement binding really isn't suited to variable numbers of parameters.

I highly recommend switching to PDO

$stmt = $pdo->prepare('select * from users where name=? and email=?');
$stmt->execute($numericArrayOfParameters);
Phil
  • 157,677
  • 23
  • 242
  • 245
-2

A bit offtopic but I find it important enough.

A very recent user comment in the manual page for mysql_stmt_bind_param contains the exact answer to this very question.

You see, this site, although encourage laziness, not always answer your question better than good old google and manual can.

Your Common Sense
  • 156,878
  • 40
  • 214
  • 345
  • 1
    i thinking of generating php code for binding then call 'eval', but call_user_func_array really solves the problem much better, tks col – jondinham Nov 02 '11 at 14:51
  • there doesn't even exist a function `mysql_stmt_bind_param`. [this one](http://us3.php.net/manual/en/mysqli-stmt.bind-param.php) does. – eis Nov 23 '13 at 20:50
  • Sorry but I disagree - I always go for the SO answer over the manual because of the feedback. – Enigma Plus Mar 31 '17 at 13:48