Prepare and Bind

Hey all,

I am having problems figuring out the prepare and bind statements.

It’s a simple login in form with a space for a username and password. I have verified that the $sql, $value_str and $types variables contain what they should when it’s passed to the class for processing…

$sql='SELECT id from users where username=? and password=?';    
$value_arr=array($_POST['username'], $_POST['password']); 
$value_str=implode($value_arr);
$types="ss";
if ($CMS->queryDB($sql, $value_str, $types))
	{
		print ('returned');
	}

class:

$this->connection = new mysqli($this->server, $this->user, $this->password, $this->dbase);

public function queryDB($sql, $value_str, $types)
	{
		
		if(!$this->stmt = $this->connection->prepare($sql) ) 
			{
				throw new Exception('Query Error: ' . mysqli_error($this->connection));
			}
		else
			{
				$this->stmt->bind_param($types, $value_str);
				$this->stmt->execute();
				$this->stmt->close();
			}
		return true;
	}

I get this error when I run it…

Warning: mysqli_stmt::bind_param() [mysqli-stmt.bind-param]: Number of elements in type definition string doesn’t match number of bind variables in C:\xampp\htdocs\CMS
ew\cms.php on line 66

Line 66 refers to the bind_param line.

Can anyone see what I have incorrect?

You are passing an array of the fields instead of a comma separated list.

I apologize for not getting back to you quicker…

The $value_str variable that was passed was a string “$value_str=implode($value_arr)”. One problem I found was that it wasn’t comma separated just one long string of characters. After fixing it with this “$value_str=implode(”, “, $value_arr);” I still get the same error.