I am currently trying to submit URLs to my SQL db for links on my admin page. These URLs are absolute paths (ex [url]www.google.com[/url]). But I keep getting “Warning: mysqli_stmt_bind_param() [function.mysqli-stmt-bind-param]: invalid object or resource mysqli_stmt”
Any help here, I’m using the [i]string[/i] type for this variable.
@NogDogFeb 12.2014 — #Probably need to see the actual code, but it sounds like maybe it's a problem with the first parameter not being a valid mysqli statement identifier (i.e. what is returned by a successful call to mysqli_statement_init() or mysqli_prepare()). If so, you may need to check what that function is returning and if false, add some debug code to figure out why it's failing.
@Dragonfire2008authorFeb 12.2014 — #I get this mysqli error back You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '://www.google.com WHERE id = 20' at line 4
As you can see, it's to do with the "http://" part, I have submitted relative links just fine with ease, does it have something to do with the mysqli_stmt_bind_param? because that's the line it points to.
@NogDogFeb 12.2014 — #Again, need to see the actual code where that SQL is defined and then used in a prepare function, though it looks like you may have an unquoted string literal in the query?
if(!$error){ $uploadDirectory = ADMIN.'_images/dir/'; $uploadName = $image['name']; // uploadDirectory must be set as absolute path or as relative path to upload.php
// check if image already exists, if it does, delete it if(file_exists($uploadDirectory.$uploadName)) unlink($uploadDirectory.$uploadName);
if(!@move_uploaded_file($image['tmp_name'], $uploadDirectory.$uploadName)){ $error = 'There was a problem storing the file. Please contact webmaster.'; // Permission denied to write into folder or hardware issues? } }
if(!$error){ $menu_name = mysqli_prep($_POST['title']); $group = mysqli_prep($_POST['group']); $link = mysqli_prep($_POST['link']); $imagen = mysqli_prep($_FILES['thumbnail']['name']); $sql = "UPDATE admin_categories SET menu_name = $menu_name, group = $group, link = $link, image = $imagen WHERE id = $id"; $stmt = mysqli_stmt_init($connect); mysqli_stmt_prepare($stmt, $sql); mysqli_stmt_bind_param($stmt, 'ssssi', $menu_name, $group, $link, $imagen, $id); if(mysqli_stmt_execute($stmt)){ // Success! $display_message = "<h6 class="displaymessage">Admin category updated successfully!</h6>n"; }else{ // Failed! $display_message = "<h6 class="displaymessage">Admin category update failed.</h6>n"; $display_message = "<h6 class="displaymessage">".mysqli_error($connect)."</h6>n"; } mysqli_stmt_close($stmt); } if($error) $error_message .= $error."n"; } ?> [/code] ...and my mysqli_prep function code... [code=php] function mysqli_prep($value){ global $connect; $magic_quotes_active = get_magic_quotes_gpc(); $new_enough_php = function_exists("mysqli_real_escape_string"); if($value == "") if($new_enough_php){ // PHP v4.3.0 or higher // undo any magic quote effects so mysqli_real_escape_string can do the work if($magic_quotes_active){ $value = stripslashes($value); } $value = mysqli_real_escape_string($connect, $value); } else { // before PHP 4.3.0 // if magic quotes aren't already on then add slahses manually if(!$magic_quotes_active){ $value = addslashes($value); } // if magic quotes are active, then the slashes already exist } return $value; } [/code]
UPDATE2: Well I don't know how I missed that screw up (sql query did not have any ?'s), working good now.