mysqli_stmt_execute() expects parameter 1 to be mysqli_stmt,
Your query prepare failed, you failed to check for failure, etc...
$sql = "SELECT bookTitle, bookYear, catDesc, pubName, FROM nbc_book b inner join ..."
^--- stray comma
Never EVER assume a db query will succeed. Especially while developing. Always assume failure, check for failure, and treat success as a pleasant surprise:
$stmt = mysqli_prepare($conn, $sql) or die(mysqli_error($conn));
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Related videos on Youtube
IvanGakev
Updated on June 04, 2022Comments
-
IvanGakev almost 2 years
Hi I am in need of some help. I am currently trying to create a search page in which a user is able to search for a specific book by the Title of the book, the category, year and publisher
I have created my basic HTML search form and this is the code below:
<!DOCTYPE html> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=windows-1252"> <title>Page Title</title> </head> <body> <form id ="SearchPage" action="SearchPage.php" method="get"> <h1> Search Page</h1> Book Title <input type="text" name="bookTitle" /> Category <select name="catDesc"> <option value = "Business & Commerce">Business & Commerce</option> <option value = "Databases">Databases</option> <option value = "Databases and Web Development">Databases and Web Development</option> <option value = "Fiction">Fiction</option> <option value = "Flex & Flash Programming">Flex & Flash Programming</option> <option value = "Netorks">Netorks</option> <option value = "Programming">Programming</option> <option value = "Systems Design">Systems Design</option> <option value = "Web Development">Web Development</option> </select> Publisher <input type="text" name="pubName"/> Year <input type="text" name="bookYear"/> <input type ="submit" value-"Find Books"/> </form> </body> </html>
And this is the php code i have done below:
<!DOCTYPE HTML> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=windows-1252"> <title>Search Page</title> </head> <body> <table> <tr> <th>Book Title</th> <th>Year</th> <th>Category</th> <th>Publisher</th> </tr> <?php include 'database_mysqli_conn.php'; $bookTitle = $_REQUEST['bookTitle']; $bookYear =$_REQUEST['bookYear']; $catDesc =$_REQUEST['catDesc']; $pubName =$_REQUEST['pubName']; $sql = "SELECT bookTitle, bookYear, catDesc, pubName, FROM nbc_book b inner join nbc_category c on b.catID = c.catID inner join nbc_publisher p on b.pubID = p.pubID WHERE 1"; $stmt = mysqli_prepare($conn, $sql); mysqli_stmt_execute($stmt); mysqli_stmt_bind_result($stmt, $bookTitle, $bookYear, $bookPrice, $catDesc); if (!empty($bookTitle)) { $sql= $sql." AND bookTitle = '$bookTitle'"; } if (!empty($bookYear)) { $sql= $sql." AND bookYear = '$bookYear'"; } if (!empty($catDesc)) { $sql= $sql." AND catDesc = '$catDesc'"; } if (!empty($pubName)) { $sql= $sql." AND pubName = '$pubName'"; } while (mysqli_stmt_fetch($stmt)){ echo "<tr> <td>$bookTitle</td> <td>$bookYear</td> <td>$catDesc</td> <td>$pubName</td> </tr>"; } mysqli_stmt_close($stmt); mysqli_close($conn); ?> </body> </html>
the problem is, this is the error message i receive when i submit the search:
Warning: mysqli_stmt_execute() expects parameter 1 to be mysqli_stmt, boolean given in /home/unn_w11036829/public_html/PHPexercises/SearchPage.php on line 27
Warning: mysqli_stmt_bind_result() expects parameter 1 to be mysqli_stmt, boolean given in /home/unn_w11036829/public_html/PHPexercises/SearchPage.php on line 28
Warning: mysqli_stmt_fetch() expects parameter 1 to be mysqli_stmt, boolean given in /home/unn_w11036829/public_html/PHPexercises/SearchPage.php on line 54
Warning: mysqli_stmt_close() expects parameter 1 to be mysqli_stmt, boolean given in /home/unn_w11036829/public_html/PHPexercises/SearchPage.php on line 63 Book Title Year Category Publisher
Can anyone please tell me where i am going wrong! I have been stuck on this for the past hour and its driving me insane.
Thank you in advance
-
Mihai over 9 yearsYou have a comma before FROM in your query.
-
tadman over 9 yearsWARNING: When using
mysqli
you should be using parameterized queries andbind_param
to add user data to your query. DO NOT use string interpolation to accomplish this because you will create severe SQL injection bugs. It's worth noting that PDO and named placeholders makes this kind of conditional composition a lot easier. -
IvanGakev over 9 yearsoh dear silly me. its always the smallest thing :( Thanks
-
-
IvanGakev over 9 yearsThank you. I am now experiencing another problem and when i try to submit my search result it is bringing up all of the data from my sql table and not just what i was searching for, any ideas why ?