php - Simple search feature, MySQL prepared statement issue -

-

i'm in process of creating simple search feature website in user able search database events using number of different criteria (from 1 many, varied number) , i'm experiencing issue prepared statement i'm using, bind_param() in particularly.

here relevant php code:

... ... $title = (empty($_post['eventtitle'])) ? null : $_post['eventtitle']; $venue = (empty($_post['venue'])) ? null : $_post['venue']; $catid = (empty($_post['catid'])) ? null : $_post['catid']; $start = (empty($_post['start'])) ? null : $_post['start']; $end = (empty($_post['end'])) ? null : $_post['end']; $price = (empty($_post['price'])) ? null : $_post['price'];  include 'database_conn.php';  $sql = 'select eventid, eventtitle, venueid, catid, eventstartdate,  eventenddate, eventprice te_events 1';  $sqlcondition = '';  $bindfirstarg = '"'; $bindsecondarg = '';  if($title !== null && !empty($title)) {      $sqlcondition = $sqlcondition . " , eventtitle \"%"      . $title . "%\"";  }  if($venue !== null && $venue !== '0') {      $sqlcondition = $sqlcondition . " , venueid=?";     $bindfirstarg = $bindfirstarg . "s";     $bindsecondarg = $bindsecondarg . ", " . $venue;  }  if($catid !== null && $catid !== '0') {      $sqlcondition = $sqlcondition . " , catid=?";     $bindfirstarg = $bindfirstarg . "s";     $bindsecondarg = $bindsecondarg . ", " . $catid;  }  if($start !== null && $start !== '0') {      $sqlcondition = $sqlcondition . " , eventstartdate=?";     $bindfirstarg = $bindfirstarg . "s";     $bindsecondarg = $bindsecondarg . ", " . $start;  }  if($end !== null && $end !== '0') {      $sqlcondition = $sqlcondition . " , eventenddate=?";     $bindfirstarg = $bindfirstarg . "s";     $bindsecondarg = $bindsecondarg . ", " . $end;  }  if($price !== null && !empty($price)) {      $sqlcondition = $sqlcondition . " , eventprice=?";     $bindfirstarg = $bindfirstarg . "i";     $bindsecondarg = $bindsecondarg . ", " . $price;  }  $sql = $sql . $sqlcondition; $bindfirstarg = $bindfirstarg . '"';  $search_stmt = $conn -> prepare($sql);  if (false===$search_stmt) {      die('prepare() failed: ' . htmlspecialchars($conn->error));  }   $search_stmt -> bind_param($bindfirstarg, $bindsecondarg); $search_stmt -> execute(); $search_stmt -> bind_result($eventidres, $eventtitleres, $venueidres,  $catidres, $eventstartres, $eventendres, $eventpriceres);  while ($search_stmt->fetch()) {      printf ("%s %s %s %s %s %s %i\n", $eventidres, $eventtitleres,      $venueidres, $catidres, $eventstartres, $eventendres, $eventpriceres);  }  mysqli_stmt_close($search_stmt);

the error i'm receiving states

warning: mysqli_stmt::bind_param() [mysqli-stmt.bind-param]: number of elements in type definition string doesn't match number of bind variables in /var/www/vhosts/numyspace.co.uk/web_users/home/~unn_w12019212/public_html/webdev/searchresult.php on line 101"

any ideas?

you need pass bind_param separate argument each ? in query, formats first parameter. can't pass comma-separated string, won't work. reads first ? , complains didn't send rest.

also, don't add quotes inside $bindfirstarg string. bind_param wants list of data types (i, d, s, or b) , doesn't want " characters.

what need push values array, call bind_param via call_user_func_array.

$sqlcondition = '';  $bindfirstarg = ''; $bindparams = array();   // need bind $title well, otherwise wide open sql // injection , have thrown out benefits of prepared statements if($title !== null && !empty($title)) {     $sqlcondition .= " , eventtitle ?";     $bindfirstarg .= "s";      // add `%` value, not query     $title = "%{$title}%";    // bind_param wants these references     $bindparams[] =& $title;  }  // change ifs this. // need push $bindparams array if($catid !== null && $catid !== '0') {     $sqlcondition .= " , catid=?";         $bindfirstarg .= "s";      // bind_param wants these references     $bindparams[] =& $catid; }  // etc...  $sql .= $sqlcondition; $search_stmt = $conn->prepare($sql);  // call bind_param correct number of parameters array_unshift($bindparams, $bindfirstarg); // make sure parameters passed correctly. // each variable needs passed separate parameter call_user_func_array(array($search_stmt, 'bind_param'), $bindparams);  $search_stmt->execute(); $search_stmt->bind_result($eventidres, $eventtitleres, $venueidres,      $catidres, $eventstartres, $eventendres, $eventpriceres);  while ($search_stmt->fetch()) {     printf ("%s %s %s %s %s %s %i\n", $eventidres, $eventtitleres,          $venueidres, $catidres, $eventstartres, $eventendres, $eventpriceres); }  $search_stmt->close();

Comments

Post a Comment

Popular posts from this blog

windows - Single EXE to Install Python Standalone Executable for Easy Distribution -

-
i used pyinstaller create standalone exe file pyqt project. did not use single file option because exe created single file option takes long open. therefore, pyinstaller created dist folder contains bunch of files including program.exe file. create setup.exe file place contents of dist folder in program directory , create shortcut in start menu , on desktop. want super simple user. maybe setup.exe files when download program cnet. found inno-setup, looks promising. however, not know if there special considerations because program standalone program create python/pyqt program. thanks! have experience task? there program using task not know about? inno-setup or nsis easiest use. tell them files include , put them , create nice installer you. wrote short tutorial on experiences using innosetup might find helpful: http://www.blog.pythonlibrary.org/2008/08/27/packaging-wxpymail-for-distribution/ note tutorial based around wxpython app wrote, concepts same.
Read more

c# - Access objects in UserControl from MainWindow in WPF -

-
i have simple xaml, how can change text property of textblock in usercontrol1 mainwindow ? <window x:class="refactorxaml.mainwindow" xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation" xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml" xmlns:refactorxaml="clr-namespace:refactorxaml" title="mainwindow" height="350" width="525"> <grid> <grid.rowdefinitions> <rowdefinition height="100"></rowdefinition> <rowdefinition height="100"></rowdefinition> </grid.rowdefinitions> <grid> <refactorxaml:usercontrol1></refactorxaml:usercontrol1> </grid> <grid grid.row="1"> <button>change text</button> </grid> </grid> </window> <usercon...
Read more

javascript - How to name a jQuery function to make a browser's back button work? -

-
i'm trying write function ajaxyfy web site, works perfect, except function button. that's have now: function loading() { if (typeof history.pushstate !== "undefined") { var historycount = 0; $('.menu-item, .logo').on('click','a',function(e){ e.preventdefault(); $(this).data('clicked', true); if ($(this).is('.logo a')) { var homepage = $(this).attr('href'); function1(homepage); history.pushstate(null, null, homepage); } else if ($(this).is('.projects a')) { var projects = $(this).attr('href'); function2(projects); history.pushstate(null, null, projects); } else { var pages = $(this).attr('href'); function3(pages); history.pushstate(null, null, pages); ...
Read more