Code:
// get value of id that sent from address bar
$id=filter_input(INPUT_GET, 'id', FILTER_VALIDATE_INT);
if ($id === false) {
//filter failed
die('id not a number');
}
if ($id === null) {
//variable was not set
die('id not set');
}
//white list table
$safe_tbl_name = '';
switch($tbl_name){
case 'Table1':
$safe_tbl_name = 'MyTable1';
break;
case 'Table2':
$safe_tbl_name = 'MyTable2';
break;
default:
$safe_tbl_name = 'forum_questions';
};
$sql="SELECT * FROM `$safe_tbl_name` WHERE id=?";
if ($stmt = $con->prepare($sql)){
$stmt->bind_param("s", $id);
$stmt->execute();
}
else{
//error !! don't go further
var_dump($con);
}
$stmt->bind_result($result);
$rows = $stmt->fetch_all(MYSQLI_ASSOC);
?>
<table width="400" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<td><table width="100%" border="0" cellpadding="3" cellspacing="1" bordercolor="1" bgcolor="#FFFFFF">
<tr>
<td bgcolor="#F8F7F1"><strong><?php echo $rows['topic']; ?></strong></td>
</tr>
<tr>
<td bgcolor="#F8F7F1"><?php echo $rows['detail']; ?></td>
</tr>
<tr>
<td bgcolor="#F8F7F1"><strong>By :</strong> <?php echo $rows['name']; ?> <strong>Email : </strong><?php echo $rows['email'];?></td>
</tr>
<tr>
<td bgcolor="#F8F7F1"><strong>Date/time : </strong><?php echo $rows['datetime']; ?></td>
</tr>
</table></td>
</tr>
</table>
And I get this error:
Warning: mysqli_stmt::bind_result(): Number of bind variables doesn't match number of fields in prepared statement in C:\wamp64\www\forrrumm\view_topic.php on line 47
And this:
Fatal error: Call to undefined method mysqli_stmt::fetch_all() in C:\wamp64\www\forrrumm\view_topic.php on line 49
You are not using bind_result() properly.
Binds columns in the result set to variables.
You are trying to bind the entire result set into a single variable. You need to provide a variable for each column in the result set.
$stmt->bind_result($topic,$detail,$email,$name,$datetime);
Here is where it fits in:
$sql="SELECT `topic`,`detail`,`email`,`name`,`datetime` FROM `$safe_tbl_name` WHERE id=?";
if($stmt=$con->prepare($sql)){
$stmt->bind_param("s",$id);
$stmt->execute();
$stmt->bind_result($topic,$detail,$email,$name,$datetime);
//while($stmt->fetch()){ not wrong, but not necessary to loop if only one row
$stmt->fetch();
echo "<table width=\"400\" border=\"0\" align=\"center\" cellpadding=\"0\" cellspacing=\"1\" bgcolor=\"#CCCCCC\">";
echo "<tr>";
echo "<td>";
echo "<table width=\"100%\" border=\"0\" cellpadding=\"3\" cellspacing=\"1\" bordercolor=\"1\" bgcolor=\"#FFFFFF\">";
echo "<tr>";
echo "<td bgcolor=\"#F8F7F1\"><strong>$topic</strong></td>";
echo "</tr>";
echo "<tr>";
echo "<td bgcolor=\"#F8F7F1\">$detail</td>";
echo "</tr>";
echo "<tr>";
echo "<td bgcolor=\"#F8F7F1\"><strong>By :</strong>$name<strong>Email : </strong>$email</td>";
echo "</tr>";
echo "<tr>";
echo "<td bgcolor=\"#F8F7F1\"><strong>Date/time : </strong>$datetime</td>";
echo "</tr>";
echo "</table>";
echo "</td>";
echo "</tr>";
echo "</table>";
//}
$stmt->close();
}
Alternatively, if you want to use the * in your SELECT, you could try the following non-bind_result method. (all examples that I have read online only use bind_result when not using * in the SELECT.
if($stmt->execute()){
$result=$stmt->get_result();
$rows[]=$result->fetch_assoc();
}else{
echo "execute failed"; // but I don't think this is your problem
}
// $rows['topic']
// $rows['detail']
// $rows['email']
// $rows['name']
// $rows['datetime']