mysqli bind variables

Tags: php mysql mysqli
Question!

I have this partial code:

if ($getRecords = $con->prepare("SELECT * FROM AUCTIONS WHERE ARTICLE_NO = ?"))

{

$getHtml = $con->prepare("SELECT ARTICLE_DESC FROM AUCTIONS WHERE ARTICLE_NO = ?");

$getHtml->bind_param("i", $pk);

$getHtml->execute();

$getHtml->bind_result($ARTICLE_DESC);



$getRecords->bind_param("i", $pk); 

$getRecords->execute(); 

$getRecords->bind_result($ARTICLE_NO, $ARTICLE_NAME, $SUBTITLE, $CURRENT_BID, $START_PRICE, $BID_COUNT, $QUANT_TOTAL, $QUANT_SOLD, $ACCESSSTARTS, $ACCESSENDS, $ACCESSORIGIN_END, $USERNAME, $BEST_BIDDER_ID, $FINISHED, $WATCH, $BUYITNOW_PRICE, $PIC_URL, $PRIVATE_AUCTION, $AUCTION_TYPE, $ACCESSINSERT_DATE, $ACCESSUPDATE_DATE, $CAT_DESC, $CAT_PATH, $COUNTRYCODE, $LOCATION, $CONDITIONS, $REVISED, $PAYPAL_ACCEPT, $PRE_TERMINATED, $SHIPPING_TO, $FEE_INSERTION, $FEE_FINAL, $FEE_LISTING, $PIC_XXL, $PIC_DIASHOW, $PIC_COUNT, $ITEM_SITE_ID);

Which otherwise runs OK, however I get an error:

Number of bind variables doesn't match number of fields in prepared statement

On the last line I posted.

I am not sure what the problem is. I want to use some columns seperate, eg ARTICLE_DESC. Does this mean I cannot use select *, and must put in each of the column names in the query?

edit: is it necessary to bind? are there security or performance advantages to be gained? Can I just as well do without?



Answers

Really you should be setting the names of the columns rather then using *.

This way, you will know exactly which columns to pass to the bind_result method.

By : Gavin


If you are binding results, you should not be doing this with a wildcard in your SQL query. Think of what would happen if a column was added or removed from the table you are binding.



This video can help you solving your question :)
By: admin