Home / Questions / 349333
Accepted
Fernando Iam
Asked: 2020-04-26 00:25:34 +0800 CST 2020-04-26 00:25:34 +0800 CST

It does not accept the parameterized query

  • 772

Good Morning. I have the following error: Fatal error: Uncaught Error: Call to a member function bind_param()

I am trying to use a prepared statement for a SELECT, but they do not accept it, instead if I do it I do it using variables, if it accepts it and I get the expected result.

The data that I want to parameterize is an integer.

The statement is correct, since if it were not correct, it would not work out well for me, not even putting the variable instead of the ?

public function mostrarPerfil($nia){

            $sql = "SELECT * FROM usuario WHERE nia = ?";

            $result = $this->conn->query($sql);

            $result->bind_param('i',$nia);
            $result->execute();
                if ($result->num_rows > 0) {

                    $usuario = $result->fetch_all(MYSQLI_ASSOC);

                    return $usuario;
                }

                $result->close();
                $this->conn->close();
             }
php

1 Answers

  1. Best Answer

    It sounds like you're mixing prepared and unprepared query methods. I give you two options:

    not ready

        $sql = "SELECT * FROM usuario WHERE nia = ".$nia;
    $result = $this->conn->query($sql);
    if ($result->num_rows > 0) {
        $usuario = $result->fetch_all(MYSQLI_ASSOC);
        print_r($usuario);
    }
    $this->conn->close();

    ready

        $sql = "SELECT nombre FROM usuario WHERE nia = ?";
    $result = $this->conn->prepare($sql);
    $result->bind_param('i',$nia);
    $result->execute();
    $result->bind_result($nombre);
    $result->fetch();
    echo $nombre;
    $result->close();
    $this->conn->close();

    Note that the query()'equivalent' to prepare(), bind_param()and execute(), you need to declare in which variable you are going to save the result with bind_result()and, in each fetch(), you are updating the value of the variable $nombre.

    It is more laborious, but safer.

    In php.net you have the details:

    https://www.php.net/manual/en/class.mysqli.php

    https://www.php.net/manual/en/mysqli.prepare.php

    Prepared with more fields

        $sql = "SELECT nombre,apellido FROM usuario WHERE nia = ?";
    $result = $this->conn->prepare($sql);
    $result->bind_param('i',$nia);
    $result->execute();
    $result->bind_result($r[0],$r[1]);
    $result->fetch();
    echo $r[0].' '.$r[1];
    $result->close();
    $this->conn->close();
    return $r;
    • 1