Php mysqli prepared statement data for specific user session and ticket id
This is the error I was referring to. For a prepared statement, you need to pass in a variable (or a reference to a variable, really) for each placeholder in your query. A placeholder in mysqli is a ? symbol. In your query here:
$stmt = $mysqli->prepare("SELECT ticket_id,
DATE_FORMAT(created_at,'%d/%m/%Y \at\ %H:%i')
AS created_at,
DATE_FORMAT(ticket_timestamp,'%d/%m/%Y %H:%i')
AS ticket_timestamp,
user_name
FROM support_tickets
WHERE ticket_id = ? AND user_name = ?");
you can see that you have two placeholders, for
ticket_id and
user_name selection, in your WHERE clause. In your
bind_param() call, it needs to supply values for those two values, but you’re sending four values, so
bind_param() throws a warning and does not execute. Thus, your
bind_param() needs to read:
$stmt->bind_param("is", $ticket_id, $username);
and when you execute the query, those values will be passed in, whatever they are at the time of execution.
You don’t need to pass in
created_at or
ticket_timestamp because those are values that are coming out of your query, along with
ticket_id and
username - as you passed those last two values in, there’s no real need to retrieve them at all, since you already know what they are. You can test that by dropping the WHERE clause completely, not calling
bind_param() at all, and executing the query. You will (if the query is valid) still get results.
I believe this one is coming in because the first
bind_param() didn’t execute, because you have the wrong number of parameters in it. This is one of the “follow-on” errors that @mabismad referred to - because you don’t check to see if the
prepare() or the
bind_param() worked, and just carry on to the next statement, you get cascading error messages. I think that if you fix the
bind_param() mismatch issue, this one will go away too.
I think it will drop into place if you persevere with it. The error message quantity isn’t necessarily indicative of having lots of errors, because perhaps one (in this case your
bind_param() mistake) is causing the rest of them. Mainly what you’ve done is turn on error reporting, so you can now see them.
There are few things nicer than changing one line of code and seeing it remove a load of error messages.
I understand it bit more but still getting issues
I amended the bind_param line so it’s just got the two variables in it and it just returns no rows so tried amending the where clause line for the user_name = ? to be for the user session but I then end up with the number of variables not matching error again
The original code is below
$stmt = $mysqli->prepare("SELECT ticket_id, DATE_FORMAT(created_at,'%d/%m/%Y \at\ %H:%i') AS created_at, DATE_FORMAT(ticket_timestamp,'%d/%m/%Y %H:%i') AS ticket_timestamp, user_name FROM support_tickets WHERE ticket_id = ? AND user_name = ?");
$stmt->bind_param("is", $ticket_id, $username);
So tried amending it to the following
$stmt = $mysqli->prepare("SELECT ticket_id, DATE_FORMAT(created_at,'%d/%m/%Y \at\ %H:%i') AS created_at, DATE_FORMAT(ticket_timestamp,'%d/%m/%Y %H:%i') AS ticket_timestamp, user_name FROM support_tickets WHERE ticket_id = ? AND user_name = '".$_SESSION['user_name']."'");
$stmt->bind_param("is", $ticket_id, $username);
but with the amended lines, I get the following errors
Warning : mysqli_stmt::bind_param(): Number of variables doesn’t match number of parameters in prepared statement in /home/itdonerightco/public_html/account/view-support-ticket.php on line 168
Fatal error : Uncaught mysqli_sql_exception: No data supplied for parameters in prepared statement in /home/itdonerightco/public_html/account/view-support-ticket.php:170 Stack trace: #0 /home/itdonerightco/public_html/account/view-support-ticket.php(170): mysqli_stmt->execute() #1 {main} thrown in /home/itdonerightco/public_html/account/view-support-ticket.php on line 170
Well, you will do. You’ve gone back to a situation where you’ve got one placeholder ‘?’, but send two parameters to it. That is never going to work.
Your first version is correct. If it is returning no rows, display the values for the two variables that you are passing in to the
bind_param() call and check that they are correct. Then run the query, using those two values, in something like phpMyAdmin and see if it does the same. If it does, you have an issue with the values. If it does not, and returns some rows, then perhaps you could paste some values and some sample data and we can go from there.
What’s the difference between the
$username variable, and the
$_SESSION['user_name'] variable? Do they contain the same thing? Why use the former when doing a prepared statement, but the latter when concatenating it into the query?
Ahh ok, I understand it bit more now, sorry I thought placeholders were not just the ? but also the next one after the AND but understand it now that the placeholders are just the placeholders so if got just ticket_id = ?. That’s one placeholder and the bind_param should then just have the one variable in it.
I have amended it now to the following and it says no rows
$stmt = $mysqli->prepare("SELECT ticket_id, DATE_FORMAT(created_at,'%d/%m/%Y \at\ %H:%i') AS created_at, DATE_FORMAT(ticket_timestamp,'%d/%m/%Y %H:%i') AS ticket_timestamp, user_name FROM support_tickets WHERE ticket_id = ? AND user_name = '".$_SESSION['user_name']."'");
$stmt->bind_param("i", $ticket_id);
Just need to work out now why it’s saying no rows as I would like it to return the created_at value and ticket_timestamp like the following format
Submitted at: created_at value from database table for the specific ticket_id and user_name
Last updated: ticket_timestamp value from database table for the specific ticket_id and user_name
Don’t think there is any difference between username and _SESSION[‘user_name’]. It should be the same thing
I just done the following to try and output the values but still says no rows
$stmt = $mysqli->prepare("SELECT ticket_id, DATE_FORMAT(created_at,'%d/%m/%Y \at\ %H:%i') AS created_at, DATE_FORMAT(ticket_timestamp,'%d/%m/%Y %H:%i') AS ticket_timestamp, user_name FROM support_tickets WHERE ticket_id = ? AND user_name = ?");
$stmt->bind_param("is", $ticket_id, $username);
$stmt->execute();
$result = $stmt->get_result();
if($result->num_rows === 0) exit('No rows');
$row = $result->fetch_assoc();
echo $ticket_id;
echo $username;
In phpmyadmin, I just ran the query below and it’s returned the data I need to
SELECT ticket_id, DATE_FORMAT(created_at,'%d/%m/%Y \at\ %H:%i') AS created_at, DATE_FORMAT(ticket_timestamp,'%d/%m/%Y %H:%i') AS ticket_timestamp, user_name FROM support_tickets WHERE ticket_id = '58' AND user_name = 'ianhaney35new'
I just need to get it outputting in php now for the data specific to the ticket_id and user_name
So, you know the query is OK. That means that either
$ticket_id,
$username or
$_SESSION['user_name'] doesn’t have the correct value in it.
The fact that you have put quotes around the value for
ticket_id in the working query suggests that you are storing it as a string, so you could perhaps try your
bind_param() call with ‘s’ instead of ‘i’ for that parameter. Or try the query in phpMyAdmin without the quotes around ‘58’ and see if it still works.
But you should check whether they are, not presume they “should be”. If they’re the same, why have two variables?
var_dump() or
echo() will tell you for sure.
From a database point of view, you’d be better off using the user-id instead of the name to link the various tables.
I got the correct data showing now by amending the code to the following
<?php
$ticket_id = '';
$username = '';
$stmt = $mysqli->prepare("SELECT ticket_id, DATE_FORMAT(created_at,'%d/%m/%Y \at\ %H:%i') AS created_at, DATE_FORMAT(ticket_timestamp,'%d/%m/%Y %H:%i') AS ticket_timestamp, user_name FROM support_tickets WHERE ticket_id = '58' AND user_name = 'ianhaney35new'");
//$stmt->bind_param();
$stmt->execute();
$result = $stmt->get_result();
if($result->num_rows === 0) exit('No rows');
$row = $result->fetch_assoc();
?>
So now just need to amend it back with a placeholder and leave the single quotes around the ? and put a s in the bind_param line.
In phpmyadmin it does work still without the single quotes around the 58.
Regarding the username and $_SESSION[‘user_name’]. Where should I put the var_dump() or echo ().
If I use user_id instead of _user_name, does that mean I need to change all pages to be for user_id instead of user_name and the support_ticket related db tables or just the support_ticket pages?
Hopefully that makes sense, I just want to say thank you as am beginning to get to grips with the placeholders and prepared statements very slowly
Just before you use the variables, so in this case you’d want them just before your call to
bind_param(). You need to see what the value is when it is being used. (Technically that’s when you call
execute(), but as that’s right after in this case it’s the same).
No, don’t put quotes around the placeholder. One of the good things about prepared statements is you don’t need to worry about quotes, embedded quotes, it’s all handled for you.
Anywhere that you use the name should really use the id. It doesn’t matter for now, it’s just a more usual way of linking things. “Normalisation” is the term.
I put var_dump(); before bind_param but got a error saying Warning : var_dump() expects at least 1 parameter, 0 given in /home/itdonerightco/public_html/account/view-support-ticket.php on line 167
Is it because I have commented out bind_param line?
I’m back to not really understanding the query line again and getting the data for the specific ticket_id and user_name
I keep getting no rows, I amended the query and bind_param to the following
$ticket_id = '';
$username = '';
$stmt = $mysqli->prepare("SELECT ticket_id, DATE_FORMAT(created_at,'%d/%m/%Y \at\ %H:%i') AS created_at, DATE_FORMAT(ticket_timestamp,'%d/%m/%Y %H:%i') AS ticket_timestamp, user_name FROM support_tickets WHERE ticket_id = ? AND user_name = 'ianhaney35new'");
$stmt->bind_param("s", $ticket_id);
Think I am getting somewhere as sorted the errors on the page with the first query. The updated code I got is below
<?php
if(isset($_GET['user_name'])){
$username =$_GET['user_name'];
}
if(isset($_GET['ticket_id'])){
$ticket_id =$_GET['ticket_id'];
}
$stmt = $mysqli->prepare("SELECT ticket_id, DATE_FORMAT(created_at,'%d/%m/%Y \at\ %H:%i') AS created_at, DATE_FORMAT(ticket_timestamp,'%d/%m/%Y %H:%i') AS ticket_timestamp, user_name FROM support_tickets WHERE ticket_id = '$ticket_id' AND user_name = '$username'");
$stmt->execute();
$result = $stmt->get_result();
if($result->num_rows === 0) exit('No rows');
$row = $result->fetch_assoc();
?>
I am just working the second query now that will retrieve the file_name of each file uploaded to the db table and display the file_name. I am able to get the data but I think it’s not getting the file_names for the specific ticket_id
It’s getting the file_name for all tickets and not just the file_names for the specific ticket_id, the code for that query is below
<?php
if(isset($_GET['user_name'])){
$username =$_GET['user_name'];
}
if(isset($_GET['ticket_id'])){
$ticket_id =$_GET['ticket_id'];
}
if(isset($_GET['file_name'])){
$filename =$_GET['file_name'];
}
?>
<?php
$stmt = $mysqli->prepare("SELECT support_tickets.ticket_id, support_ticket_files.file_name, support_tickets.user_name FROM support_tickets INNER JOIN support_ticket_files ON support_tickets.user_name=support_ticket_files.user_name
WHERE support_tickets.ticket_id = '$ticket_id' AND support_tickets.user_name = '$username'");
$stmt->execute();
$stmt -> store_result();
$stmt -> bind_result($ticket_id, $filename, $username);
while ($stmt->fetch()) {
?>
<ul class="nav">
<li><a href="support-ticket-images/<?php echo $filename; ?>" class="noline" download="download"><?php echo $filename; ?></a></li>
</ul>
<?php
}
?>
No, it’s because you gave
var_dump() zero parameters instead of one, exactly as the error message tells you. You need to put:
var_dump($username);
var_dump($ticket_id);
and I suspect you’ve just put
var_dump();
for some reason. You may not be familiar with the function, but you must be aware of
echo, and you will be aware you can go on php.net and find all the documentation for these functions.
That may work, but you’ve reverted to not using prepared statements - I know you call
prepare(), but while you concatenate the strings into the query, especially without doing any kind of checking, it has no real effect. So you need to get your
bind_param() working again.
Your query does an inner join based on the username, not the ticket id, so I would presume it would get all files for that user.
Ahh ok I’ll concentrate on the first query again and get that right first. I have just amended the coding to the following
$stmt = $mysqli->prepare("SELECT ticket_id, DATE_FORMAT(created_at,'%d/%m/%Y \at\ %H:%i') AS created_at, DATE_FORMAT(ticket_timestamp,'%d/%m/%Y %H:%i') AS ticket_timestamp, user_name FROM support_tickets WHERE ticket_id = ? AND user_name = ?");
$stmt->bind_param("is", $ticket_id, $username);
$stmt->execute();
$result = $stmt->get_result();
if($result->num_rows === 0) exit('No rows');
$row = $result->fetch_assoc();
It does seem to be working still and outputting the correct data for that specific ticket_id
Does that query and code look ok or have I still missed something?
Just working on the second query again and have amended it but it’s just outputting no rows. I put the following query in phpmyadmin and it’s outputting the right data
SELECT support_tickets.ticket_id, support_ticket_files.file_name FROM support_ticket_files INNER JOIN support_tickets ON support_ticket_files.ticket_id=support_tickets.ticket_id WHERE support_tickets.ticket_id = '58' AND support_ticket_files.file_name = 'customer-agreement-may-2018.docx'
So in php, I amended the code to be the following
<?php
if(isset($_GET['ticket_id'])){
$ticket_id =$_GET['ticket_id'];
}
if(isset($_GET['file_name'])){
$filename =$_GET['file_name'];
}
?>
<?php
$stmt = $mysqli->prepare("SELECT support_tickets.ticket_id, support_ticket_files.file_name FROM support_ticket_files INNER JOIN support_tickets ON support_ticket_files.ticket_id=support_tickets.ticket_id
WHERE support_tickets.ticket_id = ? AND support_ticket_files.file_name = ?");
$stmt->bind_param("is", $ticket_id, $filename);
$stmt->execute();
$result = $stmt->get_result();
if($result->num_rows === 0) exit('No rows');
$row = $result->fetch_assoc();
?>
<ul class="nav">
<li><a href="support-ticket-images/<?php echo $row['file_name']; ?>" class="noline" download="download"><?php echo $row['file_name']; ?></a></li>
</ul>
Do I need to alter the code slightly as will be outputting multiple rows as could be more than one file uploaded for the specific ticket_ids
It looks OK, and if it recovers the data that it should, then it must be good. I am not a mysqli expert, though, so I can’t say whether there are other things. But if it’s working, that’s good.
On the second query, isn’t it better to retrieve the filename based on the ticket_id rather than the name? Retrieve all files for that ticket, then loop through the results to display them?
ok not 100% on how to do that to be honest. I have amended the query to be the following
SELECT support_ticket_files.file_name FROM support_ticket_files INNER JOIN support_tickets ON support_ticket_files.ticket_id=support_tickets.ticket_id
WHERE support_tickets.ticket_id = ?
Think I got it sorted now kind of, if there are files for the specific ticket_id, it shows the correct file_name but if there are not any files for the specific ticket_id, it shows no rows and no footer etc.
I think this is where I need to do the loop through the results as mentioned but not 100% on how to do it, the amended code is below
<?php
if(isset($_GET['ticket_id'])){
$ticket_id =$_GET['ticket_id'];
}
if(isset($_GET['file_name'])){
$filename =$_GET['file_name'];
}
?>
<?php
$stmt = $mysqli->prepare("SELECT file_name FROM support_ticket_files WHERE ticket_id = ?");
$stmt->bind_param("i", $ticket_id);
$stmt->execute();
$result = $stmt->get_result();
if($result->num_rows === 0) exit('No rows');
$row = $result->fetch_assoc();
?>
<ul class="nav">
<li><a href="support-ticket-images/<?php echo $row['file_name']; ?>" class="noline" download="download"><?php echo $row['file_name']; ?></a></li>
</ul>
Also do I still need to do a JOIN still for retrieval of the data of the file_name for the specific ticket_id or when the front end user opens a new support ticket, do I need to amend the code so the ticket_id is added to the support_ticket_files db table as well?
A simple
while() loop would suffice:
while $row = $result->fetch_assoc() {
?>
<ul class="nav">
<li><a href="support-ticket-images/<?php echo $row['file_name']; ?>" class="noline" download="download"><?php echo $row['file_name']; ?></a></li>
</ul>
<?php
}
Not sure what you’re driving at in the last paragraph. When the user opens a new support ticket, you (or MySQL, presumably) assign it a new unique id. When they upload a file to it, that’s when you stick it in the support_ticket_files table.
Thank you, I managed to add the while loop in earlier today and will be testing it tonight and hopefully the support ticket will add to the support_tickets db table and the files will be added to the support_tickets_files and are added by a unique id