Fetch result from database using prepared statement

Hello there,
I am trying to fetch data from database using prepared statement.

here’s code.

 if ($stmt2 = $this->conn->prepare("SELECT `user_email` FROM `users` WHERE `user_email` = ? ")) {
                    $stmt2->bind_param("s", $request['user_email']);
                    /* execute statement */
                    /* bind result variables */
                      while ($stmt2->fetch()) {
                     echo "email is:".$email;

But I didn’t get any value.Please help what I am doing wrong.

Maybe there is none?

might be worth putting some error checking in there to see if and where it is failing… i do it like this (which i mostly copied from an example from the web)

``$sql = “SELECT user_email FROM users WHERE user_email = ?”;
if (!($stmt = $mysqli->prepare($sql))) {
echo “Prepare failed: (” . $mysqli->errno . ") " . $mysqli->error;

    // Prepared statement, stage 2: bind and execute
    if (!$stmt->bind_param("s", $request['user_email'])) {
        echo "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error;

    if (!$stmt->execute()) {
        echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;

    // Store the result (to get properties)
    // Get the number of rows
    $stmtrow_num = $stmt->num_rows;``

This should give you more information if it fails and also you can echo $stmtrow_num to see how many rows were returned. You can then do other things like if $stmtrow_num is greater than 0 you can print the results or if less than print a message saying no results found etc. you’ll need to add in binding the result variables


FYI, How to report errors in PHP.

In a nutshell, you never ever echo an error message out.It makes your site insecure and look shamefully unprofessional, not to mention it bloats the hell of your code.

Where has $request['user_email'] come from, and should it be $_REQUEST['user_email'], or a $_POST or $_GET variable?

yeah thanks buddy for pointing out.
there is no value in the table.I figured it out & matter resolved.

"on a dev server they have to be shown on-screen; " from the link…

OP did not say this was a live page on their site and i never said to leave the messages after finding the problem. Although i also did not say to only use it for testing/checking the problem so thank you for flagging that.

This is another delusion of yours. There should be no such thing like a distinction between “a code for a live site” and “a code for testing/checking”. It would be just insane to keep two versions of code or constantly rewriting your cod when moving from test to production and back. There ought to be just a single version which behavior have to defined by the environment it runs in.

1 Like

Dude take a chill pill. So far you have called me unprofessional, delusional and insane. All because i suggested some code to output errors to help the op.

Where was the first delusion? i gave some code which will output errors. That is not a delusion. It does what i said it would do. If i said ‘use this code it is the most professional code ever written and will cure all of your problems’ i would agree with your assertion. As for professional perhaps you should check your spelling before replying as i am unlikely to have to rewrite my cod anytime soon.

If you don’t agree with the way i have done it you can suggest another way that you believe is better and give your reasons. There is no reason to be rude about it.

This is.
A code that manually outputs error messages is deliberately wrong.
Your quote is incomplete. What I said is

you never ever echo an error message out.

And not a single line from the linked article contradicts with it.
Making your code to show errors by itself is one thing and adding echo statements all over the place is another.

Now stop falsely accusing me for calling you names personally. Nowhere I addressed your self. All I was talking about is code practices.

Showing errors on-screen on a live site IS unprofessional.
Having two codebases, one for a live site and one for the dev server IS insane.
Wrapping each single statement in a distinct condition instead of setting warning/exception mode once for all IS a long-time mass delusion for PHP folks.
Echoing error messages right out IS a long-time mass delusion for PHP folks.

When you respond to my post and say

It is implied that anyone who does that is ‘shamefully unprofessional’ which one would assume includes the person suggesting it i.e. me.

Perhaps something along these lines would have been better

‘you should never echo an error message out. This is not considered to be the best practice as it causes security holes, can be confusing for the web users seeing error messages, and adds unnecessary code. The above link is a more appropriate way of checking errors’

As this is far less likely to cause offense whilst still giving the same message. Perhaps we can both learn something today.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.