Home/ Questions/Q 8925957
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-15T07:50:17+00:00

I am trying to do a search across 29 fields in my database in

  • 0

I am trying to do a search across 29 fields in my database in my PHP project. I am using mysqli to connect to my database. My query works fine when I do not try to use bind_param(), but fails when I do with the error:

PHP Warning:  mysqli_stmt::bind_param() [<a href='mysqli-stmt.bind-param'>mysqli-stmt.bind-param</a>]: Number of variables doesn't match number of parameters in prepared statement in /search.php on line 6

My code is as follows:

<?php 
$find = $_POST['find'];
if (strcasecmp($_POST['in'], 'users') == 0) {

$query = $db->prepare("SELECT u.id, u.group_id, u.username, u.email, m.credits, m.first_name, m.last_name, m.address1, m.address2, m.city, m.state, m.country, m.zipcode, m.about, m.account_status, m.vacation_status FROM kf_users u JOIN kf_usermeta m ON u.id = m.id WHERE u.id LIKE  '%?%' OR u.group_id LIKE  '%?%' OR u.ip_address LIKE  '%?%' OR u.username  LIKE  '%?%' OR u.password LIKE  '%?%' OR u.salt LIKE  '%?%' OR u.email LIKE  '%?%' OR u.activation_code LIKE  '%?%' OR u.forgotten_password_code LIKE  '%?%' OR u.remember_code LIKE  '%?%' OR u.created_on LIKE  '%?%' OR u.last_login LIKE '%?%' OR u.active LIKE  '%?%' OR u.FUID LIKE  '%?%' OR m.id LIKE  '%?%' OR m.credits LIKE  '%?%' OR m.rating LIKE  '%?%' OR m.user_id LIKE  '%?%' OR m.first_name LIKE  '%?%' OR m.last_name LIKE  '%?%' OR m.address1 LIKE  '%?%' OR m.address2 LIKE  '%?%' OR m.city LIKE  '%?%' OR m.state LIKE  '%?%' OR m.country LIKE  '%?%' OR m.zipcode LIKE  '%?%' OR m.about LIKE  '%?%' OR m.account_status LIKE  '%?%' OR m.vacation_status LIKE '%?%'");
$query->bind_param('sssssssssssssssssssssssssssss',$find,$find,$find,$find,$find,$find,$find,$find,$find,$find,$find,$find,$find,$find,$find,$find,$find,$find,$find,$find,$find,$find,$find,$find,$find,$find,$find,$find,$find);
$query->execute();
$query->bind_result($id, $group, $username, $email, $credits, $first_name, $last_name, $address1, $address2, $city, $state, $country, $zipcode, $about, $account_status, $vacation_status);

while ($query->fetch()) {
    $result['id'] = $id;
    $result['group'] = $group;
    $result['username'] = $username;
    $result['email'] = $email;
    $result['credits'] = $credits;
    $result['first_name'] = $first_name;
    $result['last_name'] = $last_name;
    $result['address1'] = $address1;
    $result['address2'] = $address2;
    $result['city'] = $city;
    $result['state'] = $state;
    $result['country'] = $country;
    $result['zipcode'] = $zipcode;
    $result['about'] = $about;
    $result['account_status'] = $account_status;
    $result['vacation_status'] = $vacation_status; 
    $output[] = $result;
}

$query->close();

}
?>

Again, if I comment out my bind_param() line, and replace the ? in my query with my search term the data is returned, where as is I get an error and no data. Anyone have any ideas on what might be the issue here?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Binding parameters is not the same as string interpolation; you cannot just replace your variable with ?, nor should you quote them. The placeholder is for the entire value.

    Instead, you should prepare your query like this

    $query = $db->prepare('SELECT ... WHERE u.id LIKE ? OR u.group_id LIKE ? ... ');

    Then wrap your value in the wildcard characters

    $find = '%' . $find . '%';

    Update

    I would very strongly suggest using PDO instead of MySQLi. With it you can use named placeholders, for example

    $stmt = $pdo->prepare('SELECT ... WHERE u.id LIKE :term OR u.group_id LIKE :term ... ');
$find = '%' . $find . '%';
$stmt->bindParam('term', $find);
$stmt->execute();

    This way, you can reuse the same placeholder throughout your query

    • 0