You have a placeholder for what you are looking for. It then passes that variable into the query as a string. You bind the variables by place holders, either symbols, ? , or other strings, : name.
$query = "SELECT adminId, email, pass FROM admin WHERE email=? AND pass=?"; $stmt = $mysqli->prepare($query); $stmt->bind_param('iss', $adminId, $email, $pass);
Your placeholders are the TWO ?'s in the statement, not what you are selecting. Here you are binding 3 variables of int, string, string type with only 2 placeholders.