PHP 警告：mysqli_stmt::bind_param()：变量数与准备好的语句中的参数数不匹配

Question

Not sure why I'm getting this PHP warning message. It appears there are four parameters in the prepared statement, and also four variables in bind_param(). Thanks for any help!

  if($stmt = $mysqli -> prepare("SELECT url, month, year, cover_image FROM back_issues ORDER BY year DESC, month DESC")) {
   $stmt -> bind_param("ssis", $url, $month, $year, $cover_image);

   $stmt -> execute();

   $stmt -> bind_result($url, $month, $year, $cover_image);

   $stmt -> fetch();

   while ($stmt->fetch()) {
     echo "<li class='item'><a href='$url'><img src='$cover_image' alt='$cover_image' width='' height='' /></a><br /><span class='monthIssue'>$month $year</span></li>";
   }

   $stmt -> close();
   $mysqli -> close();

 }

Answer 1

if($stmt = $mysqli -> prepare("SELECT url, month, year, cover_image FROM back_issues ORDER BY year DESC, month DESC")) {
   $stmt -> bind_param("ssis", $url, $month, $year, $cover_image);
   [...]
}

These lines don't make any sense! If you want to use parameters, you have to use them into a where condition or similar, pretty much like:

$mysqli->prepare("SELECT * FROM back_issues WHERE url =? AND month =? AND year =? and cover_image = ?");
$stmt->bind_param("ssis", $url, $month, $year, $cover_image);

If you don't have any placeholder to bind with parameters, bind_param() method will produce the error you're running through. Moreover, what that IF statement supposed to do? If you want to verify if that query produces any result, you have first to run it and, then, to verify.

Answer 2

You do not need to bind parameters in this case. Placeholders are used for the values in an INSERT statement, or in a WHERE clause. (Note that placeholders are not allowed for identifiers, such as the column names in your statement.) A valid, simplified statement with placeholders would look like:

"SELECT url, cover_image FROM back_issues WHERE month = ? and year = ?"