tags:

views:

74

answers:

2
Q: 

Why is my PHP prepared statement for MySQL not working?

I'm currently learning PHP and MySQL. I'm just wrote a class that handles all the MySQL traffic, but I'm encountering some errors.

function table_exists($tablename){
    // check if table exists
    $stmt = $this->db->prepare("SHOW TABLES LIKE '?'");
    $stmt->bind_param("s", $tablename); //This is line 24.
    $stmt->execute();
    $ar = $stmt->affected_rows;
    $stmt->close();
    if ($ar > 0){
        return true;
    } else {
        return false;
    }
}

This is the code with the problem, and the error i'm getting is

Generates Warning: mysqli_stmt::bind_param() [mysqli-stmt.bind-param]: Number of variables doesn't match number of parameters in prepared statement in C:\xampp\htdocs\mail\datahandler.php on line 24

Ideas?

Thanks

+2  A: 

No need to use quotes when working with prepared statements.

$stmt = $this->db->prepare("SHOW TABLES LIKE ?");

Also, instead of SHOW TABLES, you might want to use information_schema views, which give you a bit more flexibility.

Mchl  2010-10-11 17:05:59
Does that mean if i do this, i won't need the quote either?$query = "DELETE FROM maillist WHERE id='?' AND" . "password='PASSWORD(?)'";
ultimatebuster  2010-10-11 17:20:35
After using your code, i'm getting You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?' at line 1
ultimatebuster  2010-10-11 17:25:42
Maybe SHOW TABLES does not support prepared statements in LIKE clause... Try `SELECT TABLE_NAME FROM information_schema.TABLES WHERE TABLE_SCHEMA = ? AND TABLE_NAME = ?` where `TABLE_SCHEMA` is name of your database, and `TABLE_NAME` is name of your table.
Mchl  2010-10-12 05:44:25
+2  A: 

You also have to use a number as first parameter for bind_param()

$stmt->bind_param(1, $tablename);

See here: http://php.net/manual/pdostatement.bindparam.php

For strings you can also just pass an array into execute().

DanMan  2010-10-11 18:38:17
My $stmt is http://php.net/manual/en/mysqli-stmt.bind-param.php I'm pretty sure.
ultimatebuster  2010-10-11 19:52:56
Ok, I didn't realize you're using MySQLi, i assumed you were using PDO - which I highly recommend btw.
DanMan  2010-10-11 20:09:48

related questions

Remove Quotes and Commas from a String in MySQL
What's the best way of converting a mysql database to a sqlite one?
How do you manage databases in development, test, and production?
Multiple foreign keys?
Add 1 to a field (MySQL)
Issues using MS Access as a front-end to a MySQL database back-end?
Bigger than a char but smaller than a blob
How do I retrieve my MySQL username and password?
Long-time LAMP Developer moving to VB.NET
How do I Concatenate entire result sets in MySQL?
Full complete MySQL database replication? Ideas? What do people do?
SQL: Distribution of table in time
SQLite vs MySQL
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Multiple Updates in MySQL
MySQL/Apache Error in PHP MySQL query
What all do I need to escape when sending a (My)SQL query?
Auto Generate Database Diagram MySQL
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
Python and MySQL
SQL Server 2005 implementation of MySQL REPLACE INTO?
How to export data from SQL Server 2005 to MySQL
Throw Error In MySQL Trigger
Binary Data in MySQL