I've got this problem I'm having with bind_param
and I have no clue what's going wrong:
<?php
$mysqli = new mysqli("$host","$user","$pass","$db");
if(isset($_GET['catName'])) {
$category = "%" . $_GET['catName'] . "%";
}
//setup query
$catSearch = $mysqli->stmt_init();
//search values
$catQuery = "SELECT lister_id,
logo_file_name,
listing_name,
street_address,
city,
state,
zip
FROM listers
INNER JOIN listings
ON listers.lister_id = listings.lister_id
WHERE listings.listing_category LIKE ?";
$catSearch->prepare($catQuery);
$catSearch->bind_param('s', $category);
$catSearch->bind_result($id, $imgfile, $name, $address, $city, $state, $zip);
$catSearch->execute();
$catSearch->store_result();
$mainRows = $catSearch->num_rows();
?>
The warning I'm getting is:
Warning: mysqli_stmt::bind_param(): invalid object or resource mysqli_stmt in C:\wamp\www\RP\catSearch.php on line 29
And what's killing me is this exact syntax is holding together 7 or 8 other documents just like it, but for some reason this one keeps breaking. I've checked each of the tables, and they're good (which was the problem the last time this happened). I'm making sure I'm declaring my stmt_init()
well before everything else (had a problem with that before, too). I've got echo $_GET['catName']
printed all over the sheet, so it's coming through (had a problem there once as well).
Also, a more meta question, but I've been told using bind_param is the best way to prevent SQL injection; is this really all the security I need? (I mean, within reason, I'm sure there's more security, but this is a small yellow pages type of site).