I am new to PHP and MySQLi and hope someone can help me with this.
I would like to use a prepared statement for a Select query in order to prevent SQL injection - using MySQLi.
So far I have the below code which returns the following error:
"Call to a member function fetch_assoc() on a non-object...
".
However, if I hardcode the $IN
params (i.e. a list of integers) and remove the call_user_func_array
line then it works as intended.
My PHP:
case "fetchContent":
$content = $_POST["content"];
$IN = implode(",", array_fill(0, count($content), "?"));
$stmt = $conn->prepare("SELECT tID, en FROM TranslationsMain WHERE tID IN($IN) ORDER BY tID");
call_user_func_array(array($stmt, "bind_param"), $content);
$stmt->execute();
$result = $stmt->get_result();
while($arrTranslations = $result->fetch_assoc()){
$translations[] = array("tID" => $arrTranslations["tID"], "content" => $arrTranslations["en"]);
}
var_dump($translations);
break;
Note:
$IN creates something like the following - e.g. when $content contains 7 items then dumping $IN returns: string(13) "?,?,?,?,?,?,?"
Update - Example for $content:
array(7) {
[0]=>
string(1) "1"
[1]=>
string(1) "2"
[2]=>
string(1) "3"
[3]=>
string(1) "4"
[4]=>
string(1) "5"
[5]=>
string(1) "6"
[6]=>
string(1) "7"
}
Can someone tell me how to resolve this and maybe also provide an explanation why I am getting this error ?
Many thanks for any help,
Mike