Prepared MySQLi statements

Question

I've always used PDO statements, but for some reason I can't persuade the server guy to install PDO for php, but I do have MySQLi, I have no clue what I'm doing wrong, I do not get a connection error and I do not get a query error no matter how I try to output one. Here's what I'm doing.

include 'MySQLiConnect.php';

if($stmt = $mysqli->prepare("SELECT * FROM zipCodeTable WHERE zip_code = ?")){

    $stmt->bind_param("s", '07110');

    $stmt->execute();

    $stmt->bind_result($resultsArray);

    $stmt->fetch();

    foreach($resultsArray as $columnData){

        $matchingZipcode = $columnData['zip_code'];
        $matchingTimezone = $columnData['time_zone'];
    }       

    $stmt->close();


}

echo $matchingZipcode.', '.$matchingTimezone;

This is basically just to confirm a users zipcode, never used MySQLi prepared statements before, I tryed to do it straight from the manual, not sure what I'm doing wrong. Thank you for taking the time to read this.

If your "server guy" won't let you use PDO, you need a new server guy. — ceejayoz
Not an answer, but why do you append Table to your tables? — PeeHaa
@ceejayoz I was helping a friend out and they gave me some half ass managed cloud machine to do this stupid zip code confirmation lol — user1053263

MichaelRushton MichaelRushton · Accepted Answer · 2013-02-09T19:29:30

You're trying to "bind" a literal string. You can't do this. You must bind a variable.

Change

$stmt->bind_param("s", '07110');

To

$string = '07110';

$stmt->bind_param("s", $string);

Also, when you bind a result you must provide a variable for each field returned.

For example:

$stmt->bind_result($zipCode, $timeZone);

This is slightly problematic when using SELECT *. You might be interested in checking out this comment for how you might want to go about it: http://www.php.net/manual/en/mysqli-stmt.bind-result.php#85470

Prepared MySQLi statements

1 Answers