Error Search PHP and Mysql Database

Asked

Viewed 497 times

2

I’m making a page that searches for information in tables of a Mysql database, the connection is beautiful, but is showing two errors :

Warning: mysqli_stmt::bind_param(): Number of variables doesn’t match number of Parameters in Prepared statement in **/home/----/public_html/search.php on line 7

Warning: mysqli_fetch_array() expects Parameter 1 to be mysqli_result, Object Given in **/home/---/public_html/search.php on line 15

My php code looks like this:

<?php

include ('conecta.php');

$pesquisa_rapida = $_POST["txtpesquisa"];
$sql=$mysqli->prepare("SELECT * FROM tabela WHERE nm_candidato LIKE '%".$pesquisa_rapida."%'");
$sql->bind_param("s",$pesquisa_rapida);

$sql->execute();
$sql->store_result();
$result=$sql->affected_rows;

if ($result > 0){

        while($linha = mysqli_fetch_array($sql)){
           $nm_candidato = $linha['nm_candidato'];        
           $nm_candidatura = $linha['nm_candidatura']; 
           $ds_cargo = $linha['ds_cargo'];
           echo "<strong>Nome: </strong>".@$nm_candidato;
           echo "<br /><br />"; 
           echo "<strong>Nome Candidatura: </strong>".@$nm_candidatura;
           echo "<br /><br />"; 
           echo "<strong>Cargo: </strong>".@$ds_cargo;
           echo "<br /><br />"; 
        }
}
else {
    echo "Desculpe, nada foi encontrado";
}    
?>
php mysql mysqli

3 answers

3


Your code makes the bind of a value but no placholder(?) was passed in consultation, also jokers(% or _) in the variable with term to be searched and not in sql. The second error is caused by the first to fix this and vitar sql Injection swap the variable for a query:

Change:

$sql=$mysqli->prepare("SELECT * FROM tabela WHERE nm_candidato LIKE '%".$pesquisa_rapida."%'");

To:

$pesquisa_rapida = '%'. $_POST["txtpesquisa"] .'%';
$sql=$mysqli->prepare("SELECT * FROM tabela WHERE nm_candidato LIKE ?");
$sql->bind_param("s",$pesquisa_rapida);
$res = $sql->get_result();
$result=$sql->affected_rows;

while($linha = $res->fetch_assoc()){
   //demais linhas
}

  • modified but now giving this error: Fatal error: Call to a Member Function bind_param() on a non-object in /home/irbpe586/public_html/search.php on line 7

  • @Sarah as you put? the error says that the query failed, table containing the call data tabela even?

  • kkk q stupid, no! tidied the table name, but is giving another error : Warning: mysqli_fetch_array() expects Parameter 1 to be mysqli_result, Object Given in /home/irbpe586/public_html/search.php on line 15

  • @Sarah you need to pass the connection as first argument in mysqli_query()

  • $search_rapida = '%'. $_POST["txtpesquisa"] . '%'; $sql=$mysqli->prepare("SELECT * FROM resultado_votacao_candidato_zona_eleicaomunicipal WHERE nm_candidate LIKE ?");

  • as well, the connection to the database?

  • @Sarah yes, it should look something like this mysqli_fetch_array($mysqli, $sql)

  • i put a include at the beginning that directs to a php q is making the connection to the database

  • @Sarah made a mistake

  • <?php&#xA;&#xA;$host='host.com.br';&#xA;$user='user';&#xA;$pass='******';&#xA;$database='irbpe586_appirb';&#xA;&#xA;$mysqli= new mysqli($host,$user,$pass,$database);&#xA;&#xA;if (mysqli_connect_errno()){&#xA; die ('Falha na conexao com o banco de dados. Erro: '.mysqli_connect_errno());&#xA; exit();&#xA;}&#xA;&#xA;?>

  • Let’s go continue this discussion in chat.

  • @Sarah corrected.

  • I put it like this but it didn’t work

  • while($line = mysqli_fetch_array($mysqli, $sql)){

  • ta giving this error: Warning: mysqli_fetch_array() expects Parameter 1 to be mysqli_result, Object Given in /home/irbpe586/public_html/search.php on line 15

  • the error is in mysqli_fetch_array(), I did so: mysqli_fetch_array($mysqli, $sql)), but it did not work

  • @Sarah I switched the strore_result for get_result()

  • already got put like this: while ($dados= mysqli_fetch_array($result,MYSQLI_ASSOC)) {

Show 13 more comments

1

Change the line:

while($linha = mysqli_fetch_array($sql)){

To 

while($linha = mysqli_fetch_array($result)){

Why don’t you use num_rows?

  • What do you mean? I don’t understand

  • how I use num_rows?

  • i changed the line gave this error: Warning: mysqli_fetch_array() expects Parameter 1 to be mysqli_result, integer Given in /home/irbpe586/public_html/irbapp/search.php on line 17

  • he is searching and finding the data the problem is just this time to show the other data of the table whose data was found

  • I use a Rows to count records. I will redo your code:

  • You’ve already solved! :)

Show 1 more comment

0

Thank you for all your help. That’s how it is: 

<?php

    include ('conecta.php');

    $pesquisa = '"%'. $_POST["txtpesquisa"] .'%"';

    $connection = mysqli_connect($host, $user, $pass,$database);
     if (!$connection) {
     echo ("Erro ao conectar!"); 
    }

    $query = "SELECT * FROM tabela "
            . "WHERE nome LIKE ".$pesquisa."";
    $result =  mysqli_query($connection,$query);
    if (!$result) {
      die("Query invalida");
    }

    while ($linha=  mysqli_fetch_array($result,MYSQLI_ASSOC)) {

    if ($result > 0){
        echo "Nome: $linha[nome]<br />"; 
        echo "<hr>";

    }
    else {
        echo "nada foi encontrado";
    }
    }
   ?>

Browser other questions tagged php mysql mysqli

You are not signed in. Login or sign up in order to post.