0

I'm working on my graduation project. I'm using MySQLi, and I like to use prepared statements.

I'm currently working on the template system, which I'm doing my self, but when I try to request the theme from the settings table in my database, this happens:

    Fatal error: Uncaught exception 'mysqli_sql_exception' with message 'No index used in query/prepared statement SELECT value FROM ws_settings WHERE name = ?' in C:\xampp\htdocs\_inc\_classes\template.class.php:58 Stack trace: #0 
    C:\xampp\htdocs\_inc\_classes\template.class.php(58): mysqli_stmt->execute() #1 
    C:\xampp\htdocs\_inc\_classes\template.class.php(73): template->getTheme() #2 
    C:\xampp\htdocs\_inc\_classes\template.class.php(111): template->loadPage() #3 
    C:\xampp\htdocs\index.php(40): template->handlePageLoad(0) #4 
    {main} thrown in C:\xampp\htdocs\_inc\_classes\template.class.php on line 58

So I tought, lets just go to line 58 of template.class.php and this is what I see:

public function getTheme()
    {
        $theme = 'theme';
        $query = $this->db->connection->prepare( 'SELECT value FROM ' . $this->functions->prefix( 'settings' ) . ' WHERE name = ?' );
        $query->bind_param( 's', $theme );
        $query->execute();
        if ( ! $query )
        {
            throw new Exception( $query->error(), 1 );
        }
        $query( $result );
        while ( $stmt->fetch() )
        {
            return $result;
        }
        $query->close();
    }

For the sake of making this a good question, I pasted the whole function here. I used this for error_reporting:

    error_reporting( E_ALL );
    mysqli_report( MYSQLI_REPORT_ALL | MYSQLI_REPORT_STRICT );

If you guys know what the problem is, please help me by telling it, since I have to make this fully A grade for school.

Thanks.

W.H.E. Peeters
  • 1
  • 1
  • 6
  • I don't know if this is the problem or if it works with MySQLi (I'm using PDO). If you're using ? as placeholder, try to use numeric indexes when you're binding params. `$query->bind_param(1, $theme);` – Charlotte Dunois Aug 12 '14 at 21:39
  • @CharlotteDunois As far as I'm aware, you use the `s` to indicate that you're using a string, just like you would use `i` for an integer. – W.H.E. Peeters Aug 12 '14 at 21:41
  • Well, I don't know. PDO has a third (optional) parameter to tell specifically if it's a string or something else otherwise it'll determine on their own. So I can really just fetch through with numbers. Maybe [this](http://stackoverflow.com/questions/5580039/fatal-error-uncaught-exception-mysqli-sql-exception-with-message-no-index-us) helps. – Charlotte Dunois Aug 12 '14 at 21:45
  • @CharlotteDunois Well, that one really helps :D. I just found out that MySQLi throws too many errors :/ – W.H.E. Peeters Aug 12 '14 at 21:46
  • If you run the query generated by the string in the prepare statement, what shows and does it return the correct results if run directly in the database? – Rachael Aug 12 '14 at 21:52

0 Answers0