PHP mysqli prepared statement for stored procedure with out parameter

Question

I have a stored procedure IsUserPresent like:

DELIMITER $$
CREATE PROCEDURE IsUserPresent(
    in userid varchar (150),
    out isPresent bit
)
BEGIN
    SET isPresent=0;
    SELECT COUNT(*)
    INTO isPresent
    FROM users_table
    WHERE users_table.userid=userid;
END$$

and I want to call it from PHP using mysqli prepared statement. I am doing it following code snippet but it gives me warning.

$connect=&ConnectDB();
$stmt=$connect->prepare("CALL IsUserPresent(?,?)");
$stmt->bind_param('si',$uid,$userCount);
$stmt->execute();
$toRet = $userCount!=0;
Disconnect($connect);
return $toRet;

Warnings are as follow:

Premature end of data (mysqlnd_wireprotocol.c:1112)
Warning: mysqli_stmt::execute(): RSET_HEADER packet 1 bytes shorter than expected
Warning: mysqli_stmt::execute(): Error reading result set's header

Answer 1

The way stored procedures work with prepared statements is a bit more complicated. PHP manual states that you've got to use session variables (MySQL sessions, not PHP)

INOUT/OUT parameter

The values of INOUT/OUT parameters are accessed using session variables.

So you could do it with

$connect=&ConnectDB();
// bind the first parameter to the session variable @uid
$stmt = $connect->prepare('SET @uid := ?');
$stmt->bind_param('s', $uid);
$stmt->execute();

// bind the second parameter to the session variable @userCount
$stmt = $connect->prepare('SET @userCount := ?');
$stmt->bind_param('i', $userCount);
$stmt->execute();

// execute the stored Procedure
$result = $connect->query('call IsUserPresent(@uid, @userCount)');

// getting the value of the OUT parameter
$r = $connect->query('SELECT @userCount as userCount');
$row = $r->fetch_assoc();               

$toRet = ($row['userCount'] != 0);

Remark:

I recommend to rewrite this procedure as a function with one IN parameter that returns INT.

Answer 2

Should be a comment, but due to code formatting posting as answer.

Can't comment on the PHP code, I'm no programmer, but your procedure should be more like this:

DELIMITER $$
CREATE PROCEDURE IsUserPresent(
    in p_userId varchar (150),
    out p_isPresent bit
)
BEGIN

    SELECT EXISTS (SELECT 1 FROM users_table WHERE user_table.userid = p_userId) 
    INTO p_isPresent;

END$$

Use exists() , since it stops as soon as an entry is found. count() continues to look for records, although this isn't necessary.

And you named a parameter the same as your column name. This is confusing for MySQL and should be avoided at all costs. Good practice is, to prefix parameters with p_ and variables with v_ and/or some indications of what type the variable or parameter is.

For better readability I also changed the paramter names to camel case.

Oh, and finally always include error messages in questions.