[Solved] php bind_param number of variables doesn’t match number of parameters

Question

You get the error because you bind 7 params to the query, but don’t use any of them. Instead you insert the variables directly into the query, which leads to the data being (insecurely) inserted into the database.

$insert = $this->con->db->prepare('UPDATE users SET 
            firstName="'.$updateFirstName.'", 
            lastName="'.$updateLastName.'", 
            username="'.$updateUsername.'", 
            email="'.$updateEmail.'", 
            profileImage="'.$updateProfileImage.'", 
            bio="'.$updateBio.'" 
            WHERE userID = '.$userID);

should be

$insert = $this->con->db->prepare('UPDATE users SET 
            firstName= ?, 
            lastName= ?, 
            username= ?, 
            email= ?, 
            profileImage= ?, 
            bio= ? 
            WHERE userID = ?');

read more: http://php.net/manual/en/mysqli-stmt.bind-param.php

Accepted Answer

You get the error because you bind 7 params to the query, but don’t use any of them. Instead you insert the variables directly into the query, which leads to the data being (insecurely) inserted into the database.

$insert = $this->con->db->prepare('UPDATE users SET 
            firstName="'.$updateFirstName.'", 
            lastName="'.$updateLastName.'", 
            username="'.$updateUsername.'", 
            email="'.$updateEmail.'", 
            profileImage="'.$updateProfileImage.'", 
            bio="'.$updateBio.'" 
            WHERE userID = '.$userID);

should be

$insert = $this->con->db->prepare('UPDATE users SET 
            firstName= ?, 
            lastName= ?, 
            username= ?, 
            email= ?, 
            profileImage= ?, 
            bio= ? 
            WHERE userID = ?');

read more: http://php.net/manual/en/mysqli-stmt.bind-param.php