I learning to build prepared statements using the mysqli class in php to connect to databases. Below is the code relevant to a little script a wrote to add books to a database.
It works by filling out a form that is then posted to a php script called books.php. The script takes care of connecting to the database and sending queries.
Code for connecting/query datatbase:
# /* Connect to database and add book information */
#
# /* Book variables */
# $title = trim($_POST['title']);
# $author = trim($_POST['author']);
# $description = trim($_POST['description']);
# $image = trim($_POST['image']);
# $amazon = trim($_POST['amazon']);
#
# /* Database login information */
# require_once 'includes/constants.php';
#
# /* Create new connection to database */
# $mysqli = new mysqli(DB_SERVER, DB_USER, DB_PASSWORD, DB_NAME);
#
# if (mysqli_connect_errno()) {
# printf("Can't connect to MySQL Server. Errorcode: %s\n",
# mysqli_connect_error());
# exit;
# }
#
# /* Create prepared statement query */
# $stmt = $mysqli->prepare("INSERT INTO books('title', 'author', 'description', 'image', 'amazon') VALUES(?, ?, ?, ?, ?)");
#
# $stmt->bind_param('sssss', $title, $author, $description, $image, $amazon);
#
#
# /* Execute query */
# $stmt->execute();
#
# printf("%d Book added.\n", $stmt->affected_rows);
#
# /* Close statement and connection */
# $stmt->close();
#
# /* Close connection */
# $mysqli->close();
#
# ?>
This is the code I based my book script off of:
# <?php
# $mysqli = new mysqli('localhost', 'user', 'password', 'world');
#
# /* check connection */
# if (mysqli_connect_errno()) {
# printf("Connect failed: %s\n", mysqli_connect_error());
# exit();
# }
#
# $stmt = $mysqli->prepare("INSERT INTO CountryLanguage VALUES (?, ?, ?, ?)");
# $stmt->bind_param('sssd', $code, $language, $official, $percent);
#
# $code = 'DEU';
# $language = 'Bavarian';
# $official = "F";
# $percent = 11.2;
#
# /* execute prepared statement */
# $stmt->execute();
#
# printf("%d Row inserted.\n", $stmt->affected_rows);
#
# /* close statement and connection */
# $stmt->close();
#
# /* Clean up table CountryLanguage */
# $mysqli->query("DELETE FROM CountryLanguage WHERE Language='Bavarian'");
# printf("%d Row deleted.\n", $mysqli->affected_rows);
#
# /* close connection */
# $mysqli->close();
# ?>
Relevant database table was built using the following mysql code:
# --
# -- Table structure for table `books`
# --
#
# CREATE TABLE IF NOT EXISTS `books` (
# `title` varchar(32) NOT NULL COMMENT 'title of book',
# `author` varchar(64) NOT NULL COMMENT 'author of book',
# `description` text NOT NULL COMMENT 'description of book',
# `image` varchar(128) NOT NULL COMMENT 'link to image on server',
# `amazon` varchar(256) NOT NULL COMMENT 'amazon affiliate link',
# PRIMARY KEY (`title`)
# ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='information about books listed on site';
#
This is the output I receive when I try submit the form that calls books.php:
# Fatal error: Call to a member function bind_param() on a non-object in /path/path/path/books.php on line 26
#
I think my error is a result of some mistake I've made with with the prepared statements as the sql query runs fine when I run it through the command line. I'm still new to using prepared statements and the mysqli class to work with databases so any help with this would be greatly appreciated. Thanks!
