Bind_param致命错误PHP SQL

Question

I am very new to the subject of PHP and SQL working together and I have been fine so far except for updating a database row on my SQL database. I'm using parts of my lecturers code and doing exercises and my own tasks to modify the webpages and behaviour.

The purpose of this code is to update an article that I have set up, so I can edit the title or the code then click confirm but when I do this I get my failed return message telling me that it failed to bind my parameters. I have often had trouble passing parameters in other languages and I have been looking and testing this for hours that I am hoping to receive some information and guidance on the subject.

All I want to do is update the articletext and articletitle fields. On the database there is another 3 fields blogID, blogtime, blogposter which don't need changing.

If you look at RESULT at the bottom you will see that the variables do have information but are not being updated to the database instead the process crashes during the bind_param section.

---

My EDIT ARTICLE code section:

 <?php $db=createConnection(); // get the first two articles $sql = "select blogID,articletitle,articletext,blogtime, blogposter,username,userid from blogarticle join registerdemo on blogposter = userid where blogID=?"; $stmt = $db->prepare($sql); $stmt->bind_param(i,$article); $stmt->execute(); $stmt->store_result(); $stmt->bind_result($articleid,$articletitle,$articletext,$blogtime, $blogposter,$username,$userid); //build article html while($stmt->fetch()) { echo "<article id='a$articleid'> <h1>$articletitle</h1> <p>".nl2br($articletext)."</p> <footer><p>Posted on <time datetime='$blogtime'>$blogtime</time> by <em>$username</em></p></footer>"; // if user is logged in and not suspended add comment button if($currentuser['userlevel']>2 || ($currentuser['userid']==$userid && $currentuser['userlevel']>1)) { ?> <form method='post' action='applychanges.php'> <input type="hidden" name="articleid" id="articleid" size="30" value="<?php echo $articleid; ?>"/><br /> <input type="text" name="articletitle" id="articletitle" size="30" required value="<?php echo $articletitle; ?>"/><br /> <textarea name="articletext" id="articletext" cols="60" rows="5"><?php echo $articletext; ?></textarea></br> <button type="submit">Confirm</button> </form> <?php } echo "</article>"; } $stmt->close(); $db->close(); ?> 

---

My APPLY CHANGES code:

This is where the parameters fail

 <!doctype html> <html lang="en-gb" dir="ltr"> <head> </head> <body> <?php ini_set('display_errors', 'On'); ini_set('html_errors', 0); error_reporting(-1); print_r($_POST); include('php/functions.php'); if(isset($_POST['articleid']) && isset($_POST['articletitle']) && isset($_POST['articletext'])) { $db=createConnection(); $articleid=$_POST['articleid']; $articletitle=$_POST['articletitle']; $articletext=$_POST['articletext']; $updatesql = "UPDATE blogarticle SET articletitle=?, articletext=? WHERE articleid=?"; $doupdate=$db->prepare($updatesql); $doupdate->bind_param("ssi",$articletitle, $articletext, $articleid); $doupdate->execute(); $doupdate->close(); $db->close(); header("location: index.php"); } else { echo "<p>Some parameters are missing, cannot update database</p>"; print_r($_POST); } ?> </body> </html> 

---

Result:

Fatal error: Call to a member function bind_param() on boolean in /home/16018142/public_html/Assessment/applychanges.php on line 18

when I use print_r($_POST) it displays these -

Array ( [articleid] => 9 
        [articletitle] => THIS IS A TEST 
        [articletext] => Test Test Test Test Test Test Test Test Test Test Test Test Test Test Test Test Test Test Test Test Test Test Test Test Test Test Test Test Test Test Test Test Test Test Test Test Test Test ).

Answer 1

According to http://php.net/manual/en/mysqli-stmt.prepare.php you should put your parameters as ? .

So, line

     $updatesql="UPDATE blogarticle SET articletitle='$articletitle', articletext='$articletext' WHERE articleid='$articleid'";

should become

 $updatesql="UPDATE blogarticle SET articletitle=?, articletext=? WHERE articleid=?";

UPDATE Also the error may depend on your query. Check the return value of

    $db->prepare

as discussed in

Fatal error: Call to a member function bind_param() on boolean

Answer 2

You still dont appear to be setting a value for $article before using it to replace the ? in the query using bind_param()

Also the datatype parameter in bind_param need to be in quotes

Also some error checking would be good.

<?php
$db=createConnection();
// get the first two articles
$sql = "select blogID,articletitle,articletext,
                blogtime,blogposter,username,userid 
        from blogarticle 
            join registerdemo on blogposter = userid 
        where blogID=?";

$stmt = $db->prepare($sql);
if (!$stmt) {
    echo $stmt->error;
    exit;
}

// need to give $article a value before you try and use it
// also the datatype parameter need to be in quotes
$stmt->bind_param('i',$article);

$stmt->execute();
if (!$stmt) {
    echo $stmt->error;
    exit;
}

Also add some error checking in this code, basically if the bind is failing with boolean error the prepare failed, so you probably have a SQL syntax error

<?php
// set full debugability on for testing
ini_set('display_errors', 1); 
ini_set('log_errors',1); 
error_reporting(E_ALL); 
// next line makes MYSQLI generate exceptions on error
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);

print_r($_POST);

include('php/functions.php');
if( isset($_POST['articleid']) && 
    isset($_POST['articletitle']) && 
    isset($_POST['articletext'])) 
{
    $db=createConnection();

    $updatesql = "UPDATE blogarticle 
                    SET articletitle=?, articletext=? 
                  WHERE articleid=?";

    $doupdate=$db->prepare($updatesql);
    if (!$doupdate) {
        echo $doupdate->error;
        exit;
    }

    $doupdate->bind_param("ssi",$_POST['articletitle'],
                                $_POST['articletext']
                                $_POST['articleid']);
    $doupdate->execute();
    if (!$doupdate) {
        echo $doupdate->error;
        exit;
    }

    header("location: index.php");
    // exit after a header as header does no stop
    // the script processing it just send a HTTP header
    exit;       
} else {
    echo "<p>Some parameters are missing, cannot update database</p>";
    print_r($_POST);
}

Answer 3

Call to a member function bind_param() on boolean

I am guessing that line 18 is this:

$doupdate->bind_param("ssi",$articletitle, $articletext, $articleid);

Which means that $doupdate is boolean. Its value is set in the preceding line:

$doupdate=$db->prepare($updatesql);

The code you ave presented reveals nothing about the the database integration, nor have you provided any explanation in your code, but the method names look like mysqli, hence you might want to insert:

if ($db->error) {
    die ($db->error);
}

The error might be a bad password, network issue, or due to not selecting a DB / specifying it in the query.

Answer 4

Thanks to everyone for posting. This was eventually figured this out by the recommendations of everyone that posted to look at how values were set and passed.

Please also note that this would have been resolved earlier by users if I posted more details and information about the database I was using.

I was looking at $articleid and passing it back to the database as this variable but $articleid has a set value from blogID from the database. articleid does not exist as a column on the database.

To resolve this I simply added the following two lines of code:

$blogID=$_POST['blogID'];
$blogID=$articleid;

Then changed:

'WHERE articleid=?;' to 'WHERE blogID=?;'.