Php prepared Statements

developer_web

Php Folks,

Look at this procedural style php prepared statement.
I want to know why this query fails:

"UPDATE users SET first_name = ?, middle_name = ?, surname = ?, gender = ?, marital_status = ?, working_status = ? WHERE id = ?";

Where is the syntax error ? Do you see any ? Cos I don't.
Prepare failed:
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '"UPDATE users SET first_name = ?, middle_name = ?, surname = ?, gender = ?, mari' at line 1
"UPDATE users SET first_name = ?, middle_name = ?, surname = ?, gender = ?, marital_status = ?, working_status = ? WHERE id = ?";

Here is the complicated context:

//Connect to Database. (DB_SERVER, BD_USERNAME, DB_PASSWORD, DB_NAME).
$conn = mysqli_connect("localhost","root","","powerpage");
$conn->set_charset('utf8mb4'); //Always set Charset.
				
if($conn === false)
{
	die("ERROR: Connection Error!. " . mysqli_connect_error());
}
				
//Prepare an UPDATE Statement.
$sql_query = "\"UPDATE users SET ";//Half built the query. Now got to grab the Column Names (which need querying) that match the form Item Names.
foreach($form_questions_labels AS $form_question_label)
{
	$value = $form_question_label;
	$value_1 = str_replace(" ","_","$value"); //Replaced Spaces to Underscores.
	$value_2 = strtolower("$value_1"); //Replaced Upper Case to Lower Case.	
					
   if(isset($_POST["$value_2"]) && !empty($_POST["$value_2"]))
  {
      $sql_query = "$sql_query" . "$value_2 = ?, ";
  }
}

$sql_query = "$sql_query" . "WHERE id = ?\";";
//Now below, need to fix the last part of the Mysql Tbl Query as query has been generated something like this with a comma after the final column name's placeholder. Eg. $sql_query = "UPDATE users SET first_name = ?, surname = ?, WHERE id = ?";
$value_3 = $sql_query;
$value_4 = str_replace("= ?, WHERE","= ? WHERE","$value_3");//Replaced the Comma after the final column name's placeholder.
$sql_query = $value_4;
echo "$sql_query<br>";

$stmt = mysqli_prepare($conn,$sql_query);
if($stmt == false) 
{
    // just for debugging for now:
    die("<pre>Prepare failed:\n".mysqli_error($conn)."\n$sql_query</pre>");
}

Remember, when I echo the $sql_query, I see this:
"UPDATE users SET first_name = ?, middle_name = ?, surname = ?, gender = ?, marital_status = ?, working_status = ? WHERE id = ?";

Now where is the supposed syntax error there ?

NogDog

Why are you including an opening double quote as part of the query here?

$sql_query = "\"UPDATE users SET ";
              ^^

developer_web

NogDog

Because the query hasn't been fully built or generated yet.
I mean it would be generated at the end to this:

"UPDATE users SET first_name = ?, middle_name = ?, surname = ?, gender = ?, marital_status = ?, working_status = ? WHERE id = ?";

Do you see the opening and closing dbl quotes ? Isn't that how it should be ?
If so, then the first part of the half-built $query looks like this:

$sql_query = "\"UPDATE users SET ";

And, end part looks like this:

$sql_query = "$sql_query" . "WHERE id = ?\";";

Context:

//Prepare an UPDATE Statement.
				$sql_query = "\"UPDATE users SET ";//Half built the query. Now got to grab the Column Names (which need querying) that match the form Item Names.
				foreach($form_questions_labels AS $form_question_label)
				{
					$value = $form_question_label;
					$value_1 = str_replace(" ","_","$value"); //Replaced Spaces to Underscores.
					$value_2 = strtolower("$value_1"); //Replaced Upper Case to Lower Case.	
					
				if(isset($_POST["$value_2"]) && !empty($_POST["$value_2"]))
				{
					$sql_query = "$sql_query" . "$value_2 = ?, ";
				}
			}
			$sql_query = "$sql_query" . "WHERE id = ?\";";
			//Now below, need to fix the last part of the Mysql Tbl Query as query has been generated something like this with a comma after the final column name's placeholder. Eg. $sql_query = "UPDATE users SET first_name = ?, surname = ?, WHERE id = ?";
			$value_3 = $sql_query;
			$value_4 = str_replace("= ?, WHERE","= ? WHERE","$value_3");//Replaced the Comma after the final column name's placeholder.
			$sql_query = $value_4;
			echo "$sql_query<br>";

developer_web

NogDog,

I switched it to this and error gone. On both lines note the "$sql_query =":

//Prepare an UPDATE Statement.
$sql_query = "UPDATE users SET ";//Half built the query. Now got to grab the Column Names (which need querying) that match the form Item Names.
foreach($form_questions_labels AS $form_question_label)
{
	$value = $form_question_label;
	$value_1 = str_replace(" ","_","$value"); //Replaced Spaces to Underscores.
	$value_2 = strtolower("$value_1"); //Replaced Upper Case to Lower Case.	
					
if(isset($_POST["$value_2"]) && !empty($_POST["$value_2"]))
{
	$sql_query = "$sql_query" . "$value_2 = ?, ";
}
}
$sql_query = "$sql_query" . "WHERE id = ?";

Should I stick to the above or this instead with single quotes since the variable values are strings....
On both lines note the "$sql_query =":

//Prepare an UPDATE Statement.
$sql_query = 'UPDATE users SET ';//Half built the query. Now got to grab the Column Names (which need querying) that match the form Item Names.
foreach($form_questions_labels AS $form_question_label)
{
	$value = $form_question_label;
	$value_1 = str_replace(" ","_","$value"); //Replaced Spaces to Underscores.
	$value_2 = strtolower("$value_1"); //Replaced Upper Case to Lower Case.	
					
if(isset($_POST["$value_2"]) && !empty($_POST["$value_2"]))
{
	$sql_query = "$sql_query" . "$value_2 = ?, ";
}
}
$sql_query = $sql_query . 'WHERE id = ?;';

or, maybe I should switch the last line to this:

$sql_query = $sql_query . 'WHERE id = ?;';

You show me NogDog how it should be. I guess I got it right at the end.

developer_web

NogDog,

Ok. This is working after tests:

//Prepare an UPDATE Statement.
$sql_query = 'UPDATE users SET ';//Half built the query. Now got to grab the Column Names (which need querying) that match the form Item Names.
foreach($form_questions_labels AS $form_question_label)
{
	$value = $form_question_label;
	$value_1 = str_replace(" ","_","$value"); //Replaced Spaces to Underscores.
	$value_2 = strtolower("$value_1"); //Replaced Upper Case to Lower Case.	
					
if(isset($_POST["$value_2"]) && !empty($_POST["$value_2"]))
{
	$sql_query = $sql_query . "$value_2 = ?, ";
}
}

$sql_query = $sql_query . 'WHERE id = ?;';
//Now below, need to fix the last part of the Mysql Tbl Query as query has been generated something like this with a comma after the final column name's placeholder. Eg. $sql_query = "UPDATE users SET first_name = ?, surname = ?, WHERE id = ?";
$value_3 = $sql_query;
$value_4 = str_replace("= ?, WHERE","= ? WHERE","$value_3");//Replaced the Comma after the final column name's placeholder.
$sql_query = $value_4;
echo "$sql_query<br>"; echo "Line:277<br>";

The original error in my original post is gone. but now I get another error in some other line now which I will mention in next post.

developer_web

Don't know why execution fails!

**Warning: mysqli_error(): Couldn't fetch mysqli in C:\xampp\htdocs\test\search_2.php on line 325

Statement Execution Failed!

mysqli_stmt_bind_param($stmt,'ssssssi',$first_name,$middle_name,$surname,$gender,$marital_status,$working_status,$_SESSION["id"])**

In the comment, I have written:
"else //TROUBLE STARTING FROM THIS POINT ONWARDS!"
that way you can see from the script flow from where the trouble starts.

//Prepare an UPDATE Statement.
$sql_query = 'UPDATE users SET ';//Half built the query. Now got to grab the Column Names (which need querying) that match the form Item Names.
foreach($form_questions_labels AS $form_question_label)
{
	$value = $form_question_label;
	$value_1 = str_replace(" ","_","$value"); //Replaced Spaces to Underscores.
	$value_2 = strtolower("$value_1"); //Replaced Upper Case to Lower Case.	
					
if(isset($_POST["$value_2"]) && !empty($_POST["$value_2"]))
{
	 $sql_query = $sql_query . "$value_2 = ?, ";
}
}

$sql_query = $sql_query . 'WHERE id = ?;';
//Now below, need to fix the last part of the Mysql Tbl Query as query has been generated something like this with a comma after the final column name's placeholder. Eg. $sql_query = "UPDATE users SET first_name = ?, surname = ?, WHERE id = ?";
$value_3 = $sql_query;
$value_4 = str_replace("= ?, WHERE","= ? WHERE","$value_3");//Replaced the Comma after the final column name's placeholder.
$sql_query = $value_4;
echo "$sql_query<br>"; echo "Line:277<br>";
$stmt = mysqli_prepare($conn,$sql_query);
if($stmt == False)
{
	//Close Connection.
	mysqli_close($conn);
	echo "Line 300<br>";//DELETE THIS
	die("<pre>Mysqli Prepare Failed!\n".mysqli_error($conn)."\n$sql_query</pre>");
}
else //TROUBLE STARTING FROM THIS POINT ONWARDS!
{
	//Generate the mysqli_stmt_bind_param() in parts to generate the variables matching the 'Column Names'.
	$_SESSION["id"] = 0; //DELETE THIS LINE
	$mysqli_stmt_bind_param_part_1 = 'mysqli_stmt_bind_param($';
	$mysqli_stmt_bind_param_part_2 = 'stmt,\'ssssssi\',';
					
foreach($form_questions_labels AS $form_question_label)
{
	$value = $form_question_label;
	$value_1 = str_replace(" ","_","$value"); //Replaced Spaces to Underscores.
	$value_2 = strtolower("$value_1"); //Replaced Upper Case to Lower Case.
	if($form_question_label == $form_questions_labels[0])
	{
		$mysqli_stmt_bind_param_part_3 = '$' . "$value_2,";
	}
	else
	{
		$mysqli_stmt_bind_param_part_3 = "$mysqli_stmt_bind_param_part_3" . '$' . "$value_2,";
	}
    }
$mysqli_stmt_bind_param_part_4 = '$_SESSION["id"])';
$mysqli_stmt_bind_param = "$mysqli_stmt_bind_param_part_1" . "$mysqli_stmt_bind_param_part_2" . "$mysqli_stmt_bind_param_part_3" . "$mysqli_stmt_bind_param_part_4"; //Now Bind Param looks like this: mysqli_stmt_bind_param($stmt,'ssssssss',$first_name,$middle_name,$surname,$gender,$marital_status,$working_status,13);

//Attempt to Execute the Prepared Statement.
if(!mysqli_stmt_execute($stmt))
{
	//Close Connection.
	mysqli_close($conn);
	echo "Line 322<br>";//DELETE THIS
	die("<pre>Statement Execution Failed!\n".mysqli_error($conn)."\n$mysqli_stmt_bind_param</pre>");
}

On the final line, can you see the DIE ? That is getting triggered. Why is the execution failing ? I get no syntax errors anymore regarding SQL Syntax. Nor get any php syntax errors. Mysql Tbl Col names are accurate as getting no column names errors.

Beats the hell out of me!

NogDog

If the mysqli_stmt_execute() fails, I think you want to use mysqli_stmt_error($stmt) to get the relevant error message, not mysqli_error($conn). You might also want to echo $sql after the error message, so you can see exactly what you actually sent to the database.

developer_web

NogDog

Thanks.
But is this error one ok ? Else what error should i replace it with ?

$stmt = mysqli_prepare($conn,$sql_query);
if($stmt == False)
{
	//Close Connection.
	mysqli_close($conn);
	echo "Line 293<br>";//DELETE THIS
	die("<pre>Mysqli Prepare Failed!\n".mysqli_error($conn)."\n$sql_query</pre>");
}

Should I replace it with this one too ?

mysqli_stmt_error($stmt)

There should be like these:

mysqli_prepare_error($stmt)
mysqli_bind_error($stmt)
mysqli_stmt_error($stmt)

And so on. Maybe there are ?

developer_web

NogDog

Ok. After switching to your suggested error. I now get this echoed:

Statement Execution Failed!
No data supplied for parameters in prepared statement
mysqli_stmt_bind_param($stmt,'ssssssi',$first_name,$middle_name,$surname,$gender,$marital_status,$working_status,$SESSION["user_id"]_

This following code is producing the error.
You can see I am echoing the bind_params after the error and from it you can clearly see from the echo that they are not empty. So why php giving false error ?

if(!mysqli_stmt_execute($stmt))
{
	//Close Connection.
	mysqli_close($conn);
	echo "Line 322<br>";//DELETE THIS
	die("<pre>Statement Execution Failed!\n".mysqli_stmt_error($stmt)."\n$mysqli_stmt_bind_param</pre>");
}

developer_web

@NogDog,

I don't expect anyone to wade through all these lines of code and so if anyone is curious to whether I am supplying data to the prepared statements or bind parameters or not then you can supply the parameters yourself (in the form) and then test the script for yourself. You know that you have supplied the prepared statements and the bind params and so why is php giving you the error that you haven't supplied data to the prepared statement? Get my point ?
I mean, if I did not supply data to prepared statement then why is this condition not getting triggered ?
Why am I not getting the following echo ?

$stmt = mysqli_prepare($conn,$sql_query);
if($stmt == False)
{
	//Close Connection.
	mysqli_close($conn);
	echo "Line 293<br>";//DELETE THIS
	die("<pre>Mysqli Prepare Failed!\n".mysqli_stmt_error($stmt)."\n$sql_query</pre>");

If you're puzzled like hell like I am and curious to dig deep then here is the full code. Fire it up on your Xamp/Wamp/Lamp if you will and fill in the form yourself and hit the submit button. That way you will realize I ain't mistaken and you will see for yourself that you get php giving you error saying you did not supply the prepared statements (did not fill in the form)!!!

<?php
error_reporting(E_ALL);
?>

<!DOCTYPE HTML">
<html>

<head>
<meta name="viewport" content="width-device=width, initial-scale=1">
</head>
<body>

<?php
if(session_id() == '')
{
	echo "Line 16 <br>";
	echo "Session Status:"; echo session_status(); echo "<br>";
	session_start();
	$_SESSION['session_step'] = 'start';
	echo "Line 21 <br>";
	echo "Session Status:"; echo session_status(); echo "<br>";
	echo "Session Step:"; echo $_SESSION['session_step']; echo "<br>";
}

if($_SESSION['session_step'] != 'end');
{
	echo "Line 28 <br>";
	echo "Session Status:"; echo session_status(); echo "<br>";
	echo "Session Step:"; echo $_SESSION['session_step']; echo "<br>";
		
if(isset($_GET['session_type']) && !empty($_GET['session_type']))
{
	$_SESSION['session_type'] = $_GET['session_type'];
	//echo session_id();
	if(!function_exists($_SESSION['session_type']))
	{
		die("Invalid Session");
	}
	else
	{
		echo "Line 42<br>";//THIS LINE SHOULD NOT ECHO AFTER CLICKING THE SUBMIT BUTTON SINCE 1). IT IS BEFORE THE SUBMIT BUTTON IN THE SCRIPT FLOW. AND 2). AFTER CLICKING THE SUBMIT BUTTON $_SESSION['session_step'] = 'end';! THIS LINE SHOULD ONLY ECHO IF $_SESSION['session_step'] = 'start'; WHY IS THIS LINE ECHOING AFTER CLICKING THE SUBMIT BUTTON ? 
		echo "Session Status:"; echo session_status(); echo "<br>";
		echo "Session Step:"; echo $_SESSION['session_step']; echo "<br>";
		$_SESSION['session_type']();
	}
}
else
{
	die("Invalid Session");
}

function submit_personal_details()
{
	$session_type = $_SESSION['session_type'];
	
	$form_questions_labels[]='First Name';
	$form_questions_labels[]='Middle Name';
	$form_questions_labels[]='Surname';
	$form_questions_labels[]='Gender';
	//$form_questions_labels[]='Age_Range';
	$form_questions_labels[]='Marital Status';
	$form_questions_labels[]='Working Status';
	
	$form_questions_labels_required[]='First Name';
	$form_questions_labels_required[]='Surname';
	$form_questions_labels_required[]='Gender';
	//$form_questions_labels_required[]='Age_Range';
	$form_questions_labels_required[]='Marital Status';
	$form_questions_labels_required[]='Working Status';
	
	$text_fields_labels = array('First Name','Middle Name','Surname');
	$radio_buttons_labels = array('Gender');
	$drop_downs_labels = array('Marital Status','Working Status');
	/*
	$i=1;
	$options_radio_button_[$i] = array('Male','Female','Male To Female','Female To Male');
	$i=2;
	$options_radio_button_[$i] = array('Yes','No');
	*/
	/*
	$i=1;
	$options_drop_down_[$i] = array('Single','Married','Divorced','Widow');
	$i=2;
	$options_drop_down_[$i] = array('Selfemployed','Employed','Unemployed');
	*/
	//Gender Options
	$i=1;
	$options_radio_button_[$i][]='Male';
	$options_radio_button_[$i][]='Female';
	$options_radio_button_[$i][]='Male To Female';
	$options_radio_button_[$i][]='Female To Male';
	$total_options_radio_button_[$i] = count($options_radio_button_[$i]);//4
	/*
	//Tos Options
	$i=2;
	$options_radio_button_[$i][]='Yes';
	$options_radio_button_[$i][]='No';
	$total_options_radio_button_[$i] = count($options_radio_button_[$i]);//2
	*/
	//Marital Status Options
	$i=1;
	$options_drop_down_[$i][]='Single';
	$options_drop_down_[$i][]='Married';
	$options_drop_down_[$i][]='Divorced';
	$options_drop_down_[$i][]='Widow';
	$total_options_drop_down_[$i] = count($options_drop_down_[$i]);//4
	//Working Status Options
	$i=2;
	$options_drop_down_[$i][]='Selfemployed';
	$options_drop_down_[$i][]='Employed';
	$options_drop_down_[$i][]='Unemployed';
	$total_options_drop_down_[$i] = count($options_drop_down_[$i]);//3

	$total_form_questions_labels = 8;
	$total_form_questions_labels_required = 7;
	$total_text_fields_labels = 4;
	$total_radio_buttons_labels = count($radio_buttons_labels);//2
	$total_drop_downs_labels = count($drop_downs_labels);//2
	?>
	<form action="<?php echo $_SERVER['PHP_SELF'];?>?session_type=<?php echo $_SESSION['session_type'];?>" method="post" enctype="plain/text">
	<?php

	foreach($form_questions_labels as $form_question_label) //Loop through the whole 'Form Questions' array.
	{
		$value = $form_question_label;
		$value_1 = str_replace(" ","_","$value"); //Replaced Spaces to Underscores.
		$value_2 = strtolower("$value_1"); //Replaced Upper Case to Lower Case.		
		
		//Check if current 'Form Item' is a 'Text Field' or not.
		if(in_array("$form_question_label",$text_fields_labels)) //Current 'Form Item' proved to be a 'Text Field'.
		{
			//Check if current 'Form Item' (Text Field) is a 'required' one or not.
			if(in_array("$form_question_label",$form_questions_labels_required))//Current 'Form Item' (Text Field) proved to be a 'required' one.
			{
				//Added '*' (asterisk) to indicate the 'Text Field' is a 'required' one.
				echo "<label for=\"$value_2\">$form_question_label *:</label>
				<input type=\"text\" name=\"$value_2\" placeholder=\"$form_question_label\" value = \"\">";
			}
			else
			{
				//Added no '*' (asterisk) to indicate the 'Text Field' is NOT a 'required' one.
				echo "<label for=\"$value_2\">$form_question_label:</label>
				<input type=\"text\" name=\"$value_2\" placeholder=\"$form_question_label\">";
			}
			echo "<br>";
		}
		//Check if current 'Form Item' is a 'Radio Button' or not.
		if(in_array("$form_question_label",$radio_buttons_labels)) //Current 'Form Item' proved to be a 'Radio Button'.
		{
			//Check if current 'Form Item' (Radio Button) is a 'required' one or not.
			if(in_array("$form_question_label",$form_questions_labels_required))//Current 'Form Item' (Radio Button) proved to be a 'required' one.
			{
				//Added '*' (asterisk) to indicate the 'Radio Button' is a 'required' one.
				echo "<label for=\"$value_2\">$form_question_label *:</label>";
			}
			else
			{
				//Added no '*' (asterisk) to indicate the 'Radio Button' is NOT a 'required' one.
				echo "<label for=\"$value_2\">$form_question_label:</label>";
			}
			$i = 0;
			foreach($radio_buttons_labels as $radio_button_label) //$radio_buttons_labels = ('Gender','Tos');
			{
				if($form_question_label == $radio_button_label) //eg. 'Gender'.
				{
					$i++;
					foreach($options_radio_button_[$i] as $option_radio_button_[$i])
					{
						echo "<input type=\"radio\" id=\"$option_radio_button_[$i]\" name=\"$value_2\" value=\"$option_radio_button_[$i]\">
						<label_for=\"$option_radio_button_[$i]\">$option_radio_button_[$i]</label>";
					}
					echo "<br>";
				}
				$i++;
			}
		}
		//Check if current 'Form Item' is a 'Drop Down' or not.
		if(in_array("$form_question_label",$drop_downs_labels)) //Current 'Form Item' proved to be a 'Drop Down'.
		{
			//Check if current 'Form Item' (Drop Down) is a 'required' one or not.
			if(in_array("$form_question_label",$form_questions_labels_required))//Current 'Form Item' (Drop Down) proved to be a 'required' one.
			{
				//Added '*' (asterisk) to indicate the 'Drop Down' is a 'required' one.
				echo "<label for=\"$value_2\">$form_question_label *:</label>";
			}
			else
			{
				//Added no '*' (asterisk) to indicate the 'Drop Down' is NOT a 'required' one.
				echo "<label for=\"$value_2\">$form_question_label:</label>";
			}
			$i = 0;
			foreach($drop_downs_labels as $drop_down_label)//$drop_downs_labels = ('Marital Status','Working Status');
			{
				if($form_question_label == $drop_down_label)
				{
					$i++;
					echo "<select name=\"$value_2\">";
					echo "<option value=\"$option_drop_down_[$i]\">$option_drop_down_[$i]</option>";
					foreach($options_drop_down_[$i] as $option_drop_down_[$i])
					{
						echo "<option value=\"$option_drop_down_[$i]\">$option_drop_down_[$i]</option>";
					}
					echo "</select>";
					echo "<br>";
				}
				$i++;
			}
		}
	}
	?>
	<input type="submit" name="submit_personal_details" value="Submit">
	<?php
	//$current_function = __FUNCTION__;
	//echo $current_function;
	
	if($_SERVER['REQUEST_METHOD'] === 'POST')
	{echo "Line 217<br>";
		if(isset($_POST['submit_personal_details']) && $_SESSION['session_step'] != 'end')
		{
			$_SESSION['session_step'] = 'end';				
			echo "Line 223<br>";
			echo "Session Status:"; echo session_status(); echo "<br>";
			echo "Session Step:"; echo $_SESSION['session_step']; echo "<br>";
			foreach($form_questions_labels_required AS $form_question_label_required)
			{
				$value = $form_question_label_required;
				$value_1 = str_replace(" ","_","$value"); //Replaced Spaces to Underscores.
				$value_2 = strtolower("$value_1"); //Replaced Upper Case to Lower Case.	
				
				if(!isset($_POST["$value_2"]) || trim ($_POST["$value_2"]) === '')//Do not use 'empty($_POST["$value_2"]))' here as a '0' value is considered 'empty' value.
				{
					echo "Fill-in All required Form Fields that! Fields with asterisks * are required to be filled-in!<br>";
					//die("Fill-in All required Form Fields that! Fields with asterisks * are required to be filled-in!");
				}
				/*
				else
				{
					echo "$value_2<br>"; echo "Line 227!<br>";
				}
				*/
			}
			echo "Line 242<br>";
			echo "Session Status:"; echo session_status(); echo "<br>";
			echo "Session Step:"; echo $_SESSION['session_step']; echo "<br>";
			session_destroy();
			echo "Line 246<br>";
			echo "Session Status:"; echo session_status(); echo "<br>";
			echo "Session Step:"; echo $_SESSION['session_step']; echo "<br>";
			
			//Connect to Database. (DB_SERVER, BD_USERNAME, DB_PASSWORD, DB_NAME).
			$conn = mysqli_connect("localhost","root","","powerpage");
			$conn->set_charset('utf8mb4'); //Always set Charset.
			
			if($conn === false)
			{
				die("ERROR: Connection Error!. " . mysqli_connect_error());
			}
			
			//Prepare an UPDATE Statement.
			$sql_query = 'UPDATE users SET ';//Half built the query. Now got to grab the Column Names (which need querying) that match the form Item Names.
			foreach($form_questions_labels AS $form_question_label)
			{
				$value = $form_question_label;
				$value_1 = str_replace(" ","_","$value"); //Replaced Spaces to Underscores.
				$value_2 = strtolower("$value_1"); //Replaced Upper Case to Lower Case.	
				
				if(isset($_POST["$value_2"]) && !empty($_POST["$value_2"]))
				{
					$sql_query = $sql_query . "$value_2 = ?, ";
				}
			}
			$sql_query = $sql_query . 'WHERE id = ?;';
			//Now below, need to fix the last part of the Mysql Tbl Query as query has been generated something like this with a comma after the final column name's placeholder. Eg. $sql_query = "UPDATE users SET first_name = ?, surname = ?, WHERE id = ?";
			$value_3 = $sql_query;
			$value_4 = str_replace("= ?, WHERE","= ? WHERE","$value_3");//Replaced the Comma after the final column name's placeholder.
			$sql_query = $value_4;
			echo "$sql_query<br>"; echo "Line:277<br>";
			/*
			if(!mysqli_prepare($conn,$query)
			{
				//Close Connection.
				mysqli_close($conn);
				echo "Line 322<br>";//DELETE THIS
				die("<pre>Statement Execution Failed!\n".mysqli_error($conn)."\n$mysqli_stmt_bind_param</pre>");
			}
			*/
			//$sql_query = "UPDATE users SET first_name = ?, middle_name = ?, surname = ?, gender = ?, marital_status = ?, working_status = ? WHERE id = ?";
			$stmt = mysqli_prepare($conn,$sql_query);
			if($stmt == False)
			{
				//Close Connection.
				mysqli_close($conn);
				echo "Line 293<br>";//DELETE THIS
				die("<pre>Mysqli Prepare Failed!\n".mysqli_stmt_error($stmt)."\n$sql_query</pre>");
			}
			else
			{
				//Generate the mysqli_stmt_bind_param() in parts to generate the variables matching the 'Column Names'.
				$_SESSION["user_id"] = 13; //DELETE THIS LINE
				
				echo $mysqli_stmt_bind_param_part_1 = 'mysqli_stmt_bind_param($';
				echo $mysqli_stmt_bind_param_part_2 = 'stmt,\'ssssssi\',';
				
				foreach($form_questions_labels AS $form_question_label)
				{
					$value = $form_question_label;
					$value_1 = str_replace(" ","_","$value"); //Replaced Spaces to Underscores.
					$value_2 = strtolower("$value_1"); //Replaced Upper Case to Lower Case.
					if($form_question_label == $form_questions_labels[0])
					{
						echo $mysqli_stmt_bind_param_part_3 = '$' . "$value_2,";
					}
					else
					{
						echo $mysqli_stmt_bind_param_part_3 = "$mysqli_stmt_bind_param_part_3" . '$' . "$value_2,";
					}
				}
				echo $mysqli_stmt_bind_param_part_4 = '$_SESSION["user_id"])';
				echo $mysqli_stmt_bind_param = "$mysqli_stmt_bind_param_part_1" . "$mysqli_stmt_bind_param_part_2" . "$mysqli_stmt_bind_param_part_3" . "$mysqli_stmt_bind_param_part_4"; //Now Bind Param looks like this: mysqli_stmt_bind_param($stmt,'ssssssss',$first_name,$middle_name,$surname,$gender,$marital_status,$working_status,13);
				
				//EVEN WITH FOLLOWING LINE UNCOMMENTED, I STILL GET THE ERROR THAT I HAVE NOT SUPPLIED DATA TO PREPARED STATEMENT!
				//mysqli_stmt_bind_param($stmt,'ssssssi',$first_name,$middle_name,$surname,$gender,$marital_status,$working_status,$_SESSION["user_id"]);
				//Attempt to Execute the Prepared Statement.
				mysqli_stmt_execute($stmt);
				if(!mysqli_stmt_execute($stmt))
				{
					//Close Connection.
					mysqli_close($conn);
					echo "Line 322<br>";//DELETE THIS
					die("<pre>Statement Execution Failed!\n".mysqli_stmt_error($stmt)."\n$mysqli_stmt_bind_param</pre>");
				}
				//mail();
			}
		}
	}
}
}
echo "Line 337<br>";
echo "Session Step:"; echo $_SESSION['session_step']; echo "<br>";
echo "Session Status:"; echo session_status(); echo "<br>";
?>

<?php
/*
session_start();

//$_session = 'search';
//echo session_id();
//echo $_session;

if(isset($_GET['session_type']))
{
	$session=$_GET['session'];echo $_session['session'];
}
else
{
	die("Invalid Session1!");echo $_session['session'];
}
*/

/*
echo session_id();

session_start();
if(isset($_GET['session_type']))
{
	$_GET['session_type'];
}
else
{
	die("Invalid Session2");
}
*/
?>

NogDog

It does not look as if you actually execute the mysqli_stmt_bind_param() command anywhere (except in a commented-out line in one of the posts here). You assign values to variables that output what you intended to bind in your error message, but you never actually did the binding.

(One of the main reasons I prefer the PDO extension over MySQLi is that you can use named place-holders in the SQL, then just supply an array of values to bind to them in the execute.)

developer_web

NogDog

I will be getting into PDO soon. I started mysqli in 2015 and so best master that first.
Thanks!

developer_web

NogDog

I did do the binding but I reckon it is invalid. Look:

else
{
	/*
	Generate the mysqli_stmt_bind_param() in parts to generate the variables 
	matching the 'Column Names'.
	*/
	$_SESSION["user_id"] = 13; //DELETE THIS LINE
					
echo $mysqli_stmt_bind_param_part_1 = 'mysqli_stmt_bind_param($';
echo $mysqli_stmt_bind_param_part_2 = 'stmt,\'ssssssi\',';
				
foreach($form_questions_labels AS $form_question_label)
{
	$value = $form_question_label;
	$value_1 = str_replace(" ","_","$value"); //Replaced Spaces to Underscores.
	$value_2 = strtolower("$value_1"); //Replaced Upper Case to Lower Case.
	if($form_question_label == $form_questions_labels[0])
	{
		echo $mysqli_stmt_bind_param_part_3 = '$' . "$value_2,";
	}
	else
	{
		echo $mysqli_stmt_bind_param_part_3 = "$mysqli_stmt_bind_param_part_3" . 
		'$' . "$value_2,";
	}
}
echo $mysqli_stmt_bind_param_part_4 = '$_SESSION["user_id"])';
echo $mysqli_stmt_bind_param = "$mysqli_stmt_bind_param_part_1" . 
"$mysqli_stmt_bind_param_part_2" . 
"$mysqli_stmt_bind_param_part_3" . 
"$mysqli_stmt_bind_param_part_4"; //Now Bind Param looks like this: mysqli_stmt_bind_param($stmt,'ssssssss',$first_name,$middle_name,$surname,$gender,$marital_status,$working_status,13);
					
//EVEN WITH FOLLOWING LINE UNCOMMENTED, I STILL GET THE ERROR THAT I HAVE NOT SUPPLIED DATA TO PREPARED STATEMENT!
					//mysqli_stmt_bind_param($stmt,'ssssssi',$first_name,$middle_name,$surname,$gender,$marital_status,$working_status,$_SESSION["user_id"]);
//Attempt to Execute the Prepared Statement.
mysqli_stmt_execute($stmt);
if(!mysqli_stmt_execute($stmt))
{
	//Close Connection.
	mysqli_close($conn);
	echo "Line 322<br>";//DELETE THIS
	die("<pre>Statement Execution Failed!\n".mysqli_stmt_error($stmt)."\n$mysqli_stmt_bind_param</pre>");
}
//mail();
}

I think php is not accepting this as mysqli_bind. Count it as invalid.

echo $mysqli_stmt_bind_param_part_4 = '$_SESSION["user_id"])';
echo $mysqli_stmt_bind_param = "$mysqli_stmt_bind_param_part_1" . "$mysqli_stmt_bind_param_part_2" . "$mysqli_stmt_bind_param_part_3" . "$mysqli_stmt_bind_param_part_4"; 
//Now Bind Param looks like this: mysqli_stmt_bind_param($stmt,'ssssssss',$first_name,$middle_name,$surname,$gender,
$marital_status,$working_status,13);

Hence, any ideas how I can validate this ? Any workaround ?
You know I can't directly write the bind_param like the following and need to get php generate it in parts and then concatenate the parts just like php did to the prepared statement.

mysqli_stmt_bind_param($stmt,'ssssssi',$first_name,$middle_name,$surname,$gender,$marital_status,$working_status,$_SESSION["user_id"]);

Byrgersun

You might also want to echo $sql after the error

lopomaji

You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '"UPDATE users SET first_name = ?, middle_name = ?, surname = ?, gender = ?, mari' at line 1

Links removed by Site Staff so it doesn't look like you're spamming us. Please don't post them again.

developer_web

lopomaji

I did not post any links. What links you talking about ? Links to what site ? PM the link.

Sempervivum

developer_web Don't be confused, lopomaju posted links that were abviously advertising, therefore I removed them.

developer_web

Sempervivum

Oh. Ok. I thought lopomaju was the mod warning me (by referencing to my post) not to post ad links.
Anyway, I still confused how to generate mysqli_bind_param(); in parts. Check my previous post.
Maybe, you can enlighten me on that. 😉

Thanks

developer_web

Even this didn't work:

mysqli_stmt_bind_param($stmt,'ssssssi',$mysqli_stmt_bind_param_part_3,$_SESSION["user_id"]);

Context:

//Generate the mysqli_stmt_bind_param() in parts to generate the variables matching the 'Column Names'.
$_SESSION["user_id"] = 13; //DELETE THIS LINE
					
foreach($form_questions_labels AS $form_question_label)
{
	$value = $form_question_label;
	$value_1 = str_replace(" ","_","$value"); //Replaced Spaces to Underscores.
	$value_2 = strtolower("$value_1"); //Replaced Upper Case to Lower Case.
	if($form_question_label == $form_questions_labels[0])
	{
		echo $mysqli_stmt_bind_param_part_3 = '$' . "$value_2,";
	}
	else
	{
		echo $mysqli_stmt_bind_param_part_3 = "$mysqli_stmt_bind_param_part_3" . '$' . "$value_2,";
	}
}

mysqli_stmt_bind_param($stmt,'ssssssi',$mysqli_stmt_bind_param_part_3,$_SESSION["user_id"]);

developer_web

Even this failed. Still getting same error:

//Generate the mysqli_stmt_bind_param() in parts to generate the variables matching the 'Column Names'.
$_SESSION["user_id"] = 13; //DELETE THIS LINE
					
echo $mysqli_stmt_bind_param_part_1 = 'mysqli_stmt_bind_param($';
echo $mysqli_stmt_bind_param_part_2 = 'stmt,\'ssssssi\',';
					
foreach($form_questions_labels AS $form_question_label)
{
	$value = $form_question_label;
	$value_1 = str_replace(" ","_","$value"); //Replaced Spaces to Underscores.
	$value_2 = strtolower("$value_1"); //Replaced Upper Case to Lower Case.

    if($form_question_label == $form_questions_labels[0])
    {
     echo $mysqli_stmt_bind_param_part_3 = '$' . "$value_2,";
    }
   else
    {
    echo $mysqli_stmt_bind_param_part_3 = "$mysqli_stmt_bind_param_part_3" . '$' . "$value_2,";
    }
}
 echo $mysqli_stmt_bind_param_part_4 = '$_SESSION["user_id"]);';
 echo $mysqli_stmt_bind_param = "$mysqli_stmt_bind_param_part_1" . "$mysqli_stmt_bind_param_part_2" . "$mysqli_stmt_bind_param_part_3" . "$mysqli_stmt_bind_param_part_4"; //Now Bind Param looks like this: mysqli_stmt_bind_param($stmt,'ssssssss',$first_name,$middle_name,$surname,$gender,$marital_status,$working_status,13);
					//mysqli_stmt_bind_param($stmt,'ssssssi',$mysqli_stmt_bind_param_part_3,$_SESSION["user_id"]);
mysqli_stmt_bind_param($mysqli_stmt_bind_param);