mysqli_stmt::bind_param() variable doesn't match

Question

What's going wrong in this script it is giving me error for bind_param

if(isset($_GET['ID'])){

$page_id = $_GET['ID'];

      $page_id = mysqli_real_escape_string($con, $page_id);



$select_query = $con->prepare("select * from save_data where ID='$page_id'")
    or die(mysqli_error($con)); 

$select_query->bind_param('i', $page_id);

$select_query->execute();

$result = $select_query->get_result();

Getting this error

Warning: mysqli_stmt::bind_param(): Number of elements in type definition string doesn't match number of bind variables in C:\\xampp\\htdocs\\mysql_login\\pictures.php on line 23

Answer 1

You are not using a placeholder in your query. You inadvertently put the variable you wish to replace it with instead:

$select_query = $con->prepare("select * from save_data where ID='$page_id'")

should be:

$select_query = $con->prepare("select * from save_data where ID=?")

Answer 2

You want this instead of the line you have:

$select_query = $con->prepare("select * from save_data where ID=?");

In the code you posted you don't use parameter binding at all - you interpolate the variable directly into the SQL string. For parameter binding you need to insert a ? placeholder instead!

Also, please don't use or die(mysqli_error($con) for debugging. That's extremely hacky. Either just let it fail with an exception (mysqli does have an option for this, right?) or write custom wrapper that handles error properly without requiring you repeat the same code every time you perform a query!