www.webdeveloper.com
Results 1 to 5 of 5

Thread: [RESOLVED] mysqli_stmt_bind_param with URLs

  1. #1
    Join Date
    Dec 2011
    Posts
    163

    resolved [RESOLVED] mysqli_stmt_bind_param with URLs

    I am currently trying to submit URLs to my SQL db for links on my admin page. These URLs are absolute paths (ex www.google.com). But I keep getting "Warning: mysqli_stmt_bind_param() [function.mysqli-stmt-bind-param]: invalid object or resource mysqli_stmt"

    Any help here, I'm using the string type for this variable.

  2. #2
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,251
    Probably need to see the actual code, but it sounds like maybe it's a problem with the first parameter not being a valid mysqli statement identifier (i.e. what is returned by a successful call to mysqli_statement_init() or mysqli_prepare()). If so, you may need to check what that function is returning and if false, add some debug code to figure out why it's failing.
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  3. #3
    Join Date
    Dec 2011
    Posts
    163
    I get this mysqli error back
    Code:
    You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '://www.google.com WHERE id = 20' at line 4
    As you can see, it's to do with the "http://" part, I have submitted relative links just fine with ease, does it have something to do with the mysqli_stmt_bind_param? because that's the line it points to.

  4. #4
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,251
    Again, need to see the actual code where that SQL is defined and then used in a prepare function, though it looks like you may have an unquoted string literal in the query?
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  5. #5
    Join Date
    Dec 2011
    Posts
    163
    UPDATE: I checked the POST variables, nothing wrong there.

    Here is my form code...

    PHP Code:
    <?php
        
    if($_POST['submit']){
            
            
    $error_message "";
            
    $display_message "";
            
            
    $error NULL;
            
            
    $id mysqli_prep($_POST['id']);
            
            
    $image $_FILES['thumbnail'];
            
            if(
    $image['error'] != 0){
                if(
    $image['error'] == 4){ // no file selected
                    
    $menu_name mysqli_prep($_POST['title']);
                    
    $group mysqli_prep($_POST['group']);
                    
    $link mysqli_prep($_POST['link']);
                    
    $sql "UPDATE admin_categories SET 
                            `menu_name` = 
    $menu_name,
                            `group` = 
    $group,
                            `link` = 
    $link
                            WHERE id = 
    $id";
                    
    $stmt mysqli_stmt_init($connect);
                    
    mysqli_stmt_prepare($stmt$sql);
                    
    mysqli_stmt_bind_param($stmt'sssi'$menu_name$group$link$id);
                    if(
    mysqli_stmt_execute($stmt)){
                        
    // Success!
                        
    $display_message "<h6 class=\"displaymessage\">Admin category updated successfully!</h6>\n";
                    }else{
                        
    // Failed!
                        
    $display_message "<h6 class=\"displaymessage\">Admin category update failed.</h6>\n";
                        
    $display_message "<h6 class=\"displaymessage\">".mysqli_error($connect)."</h6>\n";
                    }
                    
    mysqli_stmt_close($stmt);
                } else {
                    
    $error "File could not be uploaded. Please try again.\n";
                    
    // Not correct form enctype?
                
    }
            }
            
            if(!
    $error){
                if(!@
    is_uploaded_file($image['tmp_name'])){
                    
    $error 'The process cannot continue. Please contact administration.';
                    
    // Malicious user?
                
    }
            }
            
            if(!
    $error){
                
    $allowedMime = array('image/png');
                if(!
    in_array($image['type'], $allowedMime)){
                    
    $error 'You can upload only PNG images. Please try again.';
                    
    // Unaccepted file type
                
    }
            }
            
            if(!
    $error){
                
    $allowedExtensions = array('png');
                
    $fileExtension array_pop(explode('.'$image['name']));
                if(!
    in_array($fileExtension$allowedExtensions)){
                    
    $error 'You can upload only PNG files. Please try again.';
                    
    // Unaccepted file extension
                
    }
            }
            
            if(!
    $error){
                
    $uploadDirectory ADMIN.'_images/dir/';
                
    $uploadName $image['name'];
                
    // uploadDirectory must be set as absolute path or as relative path to upload.php
                
                // check if image already exists, if it does, delete it
                
    if(file_exists($uploadDirectory.$uploadName)) unlink($uploadDirectory.$uploadName);
                
                if(!@
    move_uploaded_file($image['tmp_name'], $uploadDirectory.$uploadName)){
                    
    $error 'There was a problem storing the file. Please contact webmaster.';
                    
    // Permission denied to write into folder or hardware issues?
                
    }
            }
            
            if(!
    $error){
                
    $menu_name mysqli_prep($_POST['title']);
                
    $group mysqli_prep($_POST['group']);
                
    $link mysqli_prep($_POST['link']);
                
    $imagen mysqli_prep($_FILES['thumbnail']['name']);
                
    $sql "UPDATE admin_categories SET 
                        `menu_name` = 
    $menu_name,
                        `group` = 
    $group,
                        `link` = 
    $link,
                        `image` = 
    $imagen
                        WHERE id = 
    $id";
                
    $stmt mysqli_stmt_init($connect);
                
    mysqli_stmt_prepare($stmt$sql);
                
    mysqli_stmt_bind_param($stmt'ssssi'$menu_name$group$link$imagen$id);
                if(
    mysqli_stmt_execute($stmt)){
                    
    // Success!
                    
    $display_message "<h6 class=\"displaymessage\">Admin category updated successfully!</h6>\n";
                }else{
                    
    // Failed!
                    
    $display_message "<h6 class=\"displaymessage\">Admin category update failed.</h6>\n";
                    
    $display_message "<h6 class=\"displaymessage\">".mysqli_error($connect)."</h6>\n";
                }
                
    mysqli_stmt_close($stmt);
            }
            if(
    $error$error_message .= $error."\n";
        }
    ?>
    ...and my mysqli_prep function code...
    PHP Code:
    function mysqli_prep($value){
        global 
    $connect;
        
    $magic_quotes_active get_magic_quotes_gpc();
        
    $new_enough_php function_exists("mysqli_real_escape_string");
        if(
    $value == "")
        if(
    $new_enough_php){ // PHP v4.3.0 or higher
            // undo any magic quote effects so mysqli_real_escape_string can do the work
            
    if($magic_quotes_active){
                
    $value stripslashes($value);
            } 
            
    $value mysqli_real_escape_string($connect$value);
        } else { 
    // before PHP 4.3.0
            // if magic quotes aren't already on then add slahses manually
            
    if(!$magic_quotes_active){
                
    $value addslashes($value);
            }
            
    // if magic quotes are active, then the slashes already exist
        
    }
        return 
    $value;

    UPDATE2: Well I don't know how I missed that screw up (sql query did not have any ?'s), working good now.
    Last edited by Dragonfire2008; 02-15-2014 at 01:43 PM.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles