5 Replies - 736 Views - Last Post: 24 June 2020 - 06:03 AM Rate Topic: -----

#1 pythonhelp   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 30
  • Joined: 20-January 19

Prepared statement with a SELECT query - Fatal Error

Posted 03 June 2020 - 11:15 AM

Hi, I am new to PHP and trying out prepared statements to avoid sql injections, before prepared statements the script displayed the records from table, however, after playing around with prepared statements, I am getting a fatal error *which might be due to a simple mistake or omission which I cant seem to figure.

Fatal error: Uncaught exception 'mysqli_sql_exception' with message 'You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '?' at line 1'



$subject = trim(($_POST['subject']));

	
	$sel_query=("SELECT course_id, course_name, subject, course_level FROM Courses where subject =?");
	$stmt = $conn->prepare($sel_query); 

	
	$result = mysqli_query($conn,$sel_query);
	$stmt->bind_param("s", $subject);
	$stmt->execute();
	$result = $stmt->get_result(); // get the mysqli result
	$user = $result->fetch_assoc(); // fetch data   
    while ($row = $stmt->fetch_assoc($result))  { ?>


Is This A Good Question/Topic? 0
  • +

Replies To: Prepared statement with a SELECT query - Fatal Error

#2 astonecipher   User is offline

  • Enterprise Software Architect
  • member icon

Reputation: 3151
  • View blog
  • Posts: 11,956
  • Joined: 03-December 12

Re: Prepared statement with a SELECT query - Fatal Error

Posted 03 June 2020 - 11:22 AM

You are wrapping a string in parentheses to start with
Was This Post Helpful? 1
  • +
  • -

#3 ArtificialSoldier   User is offline

  • D.I.C Lover
  • member icon

Reputation: 2768
  • View blog
  • Posts: 8,077
  • Joined: 15-January 14

Re: Prepared statement with a SELECT query - Fatal Error

Posted 03 June 2020 - 11:27 AM

You call mysql_query before binding the parameter, so the query you're actually running has the question mark in it. I don't think you use mysqli_query at all in this case, just execute.
Was This Post Helpful? 1
  • +
  • -

#4 pythonhelp   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 30
  • Joined: 20-January 19

Re: Prepared statement with a SELECT query - Fatal Error

Posted 04 June 2020 - 12:19 AM

View PostArtificialSoldier, on 03 June 2020 - 11:27 AM, said:

You call mysql_query before binding the parameter, so the query you're actually running has the question mark in it. I don't think you use mysqli_query at all in this case, just execute.


Thanks,I removed the mysqli query and the parentheis, however, the issue now is:
Fatal error: Call to undefined method mysqli_stmt::fetch_assoc() in \\143FF240DC.STORAGE-
I removed fetch_assoc($result)

This post has been edited by pythonhelp: 04 June 2020 - 12:22 AM

Was This Post Helpful? 0
  • +
  • -

#5 pythonhelp   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 30
  • Joined: 20-January 19

Re: Prepared statement with a SELECT query - Fatal Error

Posted 04 June 2020 - 01:10 AM

Problem solved, thank you!
Was This Post Helpful? 0
  • +
  • -

#6 nicephotog   User is offline

  • New D.I.C Head

Reputation: -1
  • View blog
  • Posts: 36
  • Joined: 06-June 20

Re: Prepared statement with a SELECT query - Fatal Error

Posted 24 June 2020 - 06:03 AM

MariaDB does not use ? the way MySQL paramatizes queries.
PREPARE and SELECT INTO are the onlyones ableto contain ? for that purpose.
see https://mariadb.com/...ers-in-prepare/
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1