I am getting a mysqli warning in my error report stating Warning: mysqli_stmt::bind_result() [mysqli-stmt.bind-result]: Number of bind variables doesn't match number of fields in prepared statement in ... on line 36 Does anyone know how I can bind the results correctly so that this warning can go away? I can’t really see what the problem is but then saying this I am a beginner when it comes to using mysqli.
Below is the code:
<?php
// PHP code
session_start();
//connected to db
// required variables (make them explciit no need for foreach loop)
$teacherusername = (isset($_POST['teacherusername'])) ? $_POST['teacherusername'] : '';
$teacherpassword = (isset($_POST['teacherpassword'])) ? $_POST['teacherpassword'] : '';
$loggedIn = false;
if (isset($_POST['submit'])) {
$teacherpassword = md5(md5("j3Jf92".$teacherpassword."D203djS"));
// don't use $mysqli->prepare here
$query = "SELECT * FROM Teacher WHERE TeacherUsername = ? AND TeacherPassword = ? LIMIT 1";
// prepare query
$stmt=$mysqli->prepare($query);
// You only need to call bind_param once
$stmt->bind_param("ss",$teacherusername,$teacherpassword);
// execute query
$stmt->execute();
// get result and assign variables (prefix with db)
$stmt->bind_result($dbTeacherForename,$dbTeacherSurname,$dbTeacherUsername,$dbTeacherPassword);
while($stmt->fetch()) {
if ($teacherusername == $dbTeacherUsername && $teacherpassword == $dbTeacherPassword) {
$loggedIn = true;
}
}
if ($loggedIn == true){
// left your session code as is - but think wisely about using
$_SESSION['teacherforename'] = $dbTeacherForename;
$_SESSION['teachersurname'] = $dbTeacherSurname;
header( 'Location: menu.php' ) ;
die();
}
/* close statement */
$stmt->close();
/* close connection */
$mysqli->close();
}
?>
using the wildcard * is not recommend. probably there are more columns in the table than just the 4 you need?
I would go with