I am totally lost, I CANNOT find an answer via Stack Overflow. I am not sure if I have it set up wrong, but I am getting Warning: mysqli_stmt_bind_param(): Number of elements in type definition string doesn't match number of bind variables.

I can update the database just fine, but I still get that warning error. I set it up this way to prevent SQL Injections. Not sure if I need to restructure the way it is written or not. Any help is GREATLY appreciated.

<?

$id = $_GET["id"];
$listdate = $_POST["list_date"];
$listprice = $_POST["list_price"];

$servername = "localhost";
$username = "***";
$password = "***";
$db = "u449450474_products";

$conn = new mysqli($servername, $username, $password, $db);

if ($conn->connect_error){
    die("Connection failed: ". $conn->connect_error);
}

$sql = "UPDATE inventory SET list_date = '$listdate', list_price = '$listprice' WHERE product_id ='$id'";
$stmt = mysqli_stmt_init($conn);

if ( ! mysqli_stmt_prepare($stmt, $sql)){
    die(mysqli_error($conn));
}

mysqli_stmt_bind_param($stmt, "ss",
                       $listdate,
                       $listprice
                       );

mysqli_stmt_execute($stmt);

if($conn->query($sql) === TRUE){
    echo "Record Saved.";
    
    echo "$sql";
    } else {
        echo "Error!";
    }

$conn->close();

?>

CodePudding user response：

change

$sql = "UPDATE inventory SET list_date = '$listdate', list_price = '$listprice' WHERE product_id ='$id'";

to

$sql = "UPDATE inventory SET list_date = ?, list_price = ? WHERE product_id = ?";

then change

mysqli_stmt_bind_param($stmt, "ss",
                       $listdate,
                       $listprice
                       );

to

mysqli_stmt_bind_param($stmt, "ssd",
                       $listdate,
                       $listprice,
                       $id
                       );

source : https://www.php.net/manual/en/mysqli-stmt.bind-param.php