Geek Answers Handbook

Prepared SQL Statements

Welcome to the stackoverflow.com community.

I am trying to study prepared statements, but I get an error message that I cannot solve. I know what a mistake is, obviously, but I don't know how to solve it.

Error message: Warning: mysqli_stmt :: bind_result (): The number of bind variables does not match the number of fields in the prepared statement on line 69

<?php
if(isset($_POST["submit"])){
    //Connect
$mysqli = new mysqli("localhost", "member", "xxxxxx", "websecurity");

if($mysqli->connect_errno) {
  die("Connect failed: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error);
}
//Submitt pushed
if(!empty($_POST['user']) && !empty($_POST['pass'])) {
    $user= strip_tags($_POST['user']);
    $pass= strip_tags($_POST['pass']);

$user = $mysqli->real_escape_string($user);
$pass = $mysqli->real_escape_string($pass);


// Prepare
    $sql = "SELECT * FROM login WHERE username = ? AND password = ?";
    $stmt = $mysqli->prepare($sql);

if(!$stmt) {
    die("Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error);
}

//Prepared statements

$bind_result = $stmt->bind_param("ss", $user, $pass);
if(!$bind_result) {
echo "Bind failed: (" . $stmt->errno . ") " . $stmt->error;
    }


//Lets execute this

//Give a value to statements
    $user =0;
    $pass ='';

                $execute_result = $stmt->execute();
                if(!$execute_result) {
                     echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
                }

        // This line->      $stmt->bind_result($user, $pass);



                $success = mysqli_query($connectt, $sql) or die (mysqli_error($connectt));
                if (mysqli_num_rows($success) === 1){
                    mysqli_query($connectt, $sql) or die (mysqli_error($connectt));
                    mysqli_close ($connectt);

                    header("Location: index.php");
                }
                else {
                    echo "Wrong name!";
                }



        $stmt->free_result();
        $stmt->close();
        }
        }
    ?>

This is a journal form, as you can tell. Html is not relevant, so I will not publish it, but I will send the connection file. I hope someone more educated than me can find errors that I don’t see, and if I missed something important.

Include:

<?php
$connectt = mysqli_connect("localhost","member","xxxxxx","websecurity");

// Check connection
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }

  ?>

Happy friday!

+4
source share
1

:

:

<?php  
if(isset($_POST["submit"])){
    //Connect
    $mysqli = new mysqli("localhost", "member", "xxxxxx", "websecurity");

    if($mysqli->connect_errno) {
        die("Connect failed: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error);
    }
    //Submitt pushed
    if(!empty($_POST['username']) && !empty($_POST['password'])) {
        $username= strip_tags($_POST['username']);
        $password= strip_tags($_POST['password']);

        $username = $mysqli->real_escape_string($username);
        $password = $mysqli->real_escape_string($password);


        // Prepare
        $sql = "SELECT username,password FROM login WHERE username = ? AND password = ?";
        $stmt = $mysqli->prepare($sql);
        $bind_result = $stmt->bind_param("ss", $username, $password);
        $stmt->execute();
        $stmt->store_result();
        if ($stmt->num_rows === 1){
            header("Location: index.php");
        }
        else {
            echo "Wrong name!";
        }


        $stmt->free_result();
        $stmt->close();
    }
}
?>


<?php
if(isset($_POST["submit"])){
    //Connect
    $mysqli = new mysqli("localhost", "member", "xxxxxx", "websecurity");

    if($mysqli->connect_errno) {
        die("Connect failed: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error);
    }
    //Submitt pushed
    if(!empty($_POST['username']) && !empty($_POST['password'])) {
        $username= strip_tags($_POST['username']);
        $password= strip_tags($_POST['password']);

        $username = $mysqli->real_escape_string($username);
        $password = $mysqli->real_escape_string($password);


        // Prepare
        $sql = "SELECT username,password FROM login WHERE username = ? AND password = ?";
        $stmt = $mysqli->prepare($sql);

        if(!$stmt) {
            die("Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error);
        }

        //Prepared statements

        $bind_result = $stmt->bind_param("ss", $username, $password);
        if(!$bind_result) {
            echo "Bind failed: (" . $stmt->errno . ") " . $stmt->error;
        }


        //Lets execute this

        //Give a value to statements
        $username =0;
        $password ='';

        $execute_result = $stmt->execute();
        if(!$execute_result) {
            echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
        }

        $stmt->bind_result($username, $password);



        $success = mysqli_query($connectt, $sql) or die (mysqli_error($connectt));
        if (mysqli_num_rows($success) === 1){
            mysqli_query($connectt, $sql) or die (mysqli_error($connectt));
            mysqli_close ($connectt);

            header("Location: index.php");
        }
        else {
            echo "Wrong name!";
        }



        $stmt->free_result();
        $stmt->close();
    }
}
?>
+1

More articles:


All Articles