When I use a php variable that is a multiple variables combined into one and use that variable in bind param, it doesnt work and it shows an error.
Let me explain:
I am storing the post data, sql columns and sql table details in a variable like this:
$user_input_ab = $_POST['ab'];
$user_input_cd = $_POST['cd'];
$user_input_ef = $_POST['ef'];
$user_input_gh = $_POST['gh'];
$sqlTable = 'abcd_list';
$sqlColumns = 'ab, cd, ef, gh';
$sqlValues = $user_input_ab .','. $user_input_cd .','. $user_input_ef .',' . $user_input_gh;
SQL Prepare Statement like this:
$stmt = $mysqli->prepare("INSERT INTO $sqlTable ($sqlColumns) VALUES (?, ?, ?, ?)");
The above works so far. But if I used the combined variable $sqlValues
in bind statement, it doesnt work:
$rc = $stmt->bind_param("ssss", $sqlValues);
The above doesnt work. It gives the following error:
Warning: mysqli_stmt::bind_param() [mysqli-stmt.bind-param]: Number of elements in type definition string doesn't match number of bind variables
But if I change bind_param to this, then it works:
$rc = $stmt->bind_param("ssss", $user_input_ab, $user_input_cd, $user_input_ef, $user_input_gh);
So why isint it working? The error says that the number of elements arent matching, but when I use $sqlValues
, should that populate the 4 elements in it?
If you are wondering why I am using variables, its just to make editing easier in future so I can keep the rest of the sql queries intact.