sessions and names


I broke this code…it was working until I tried to add firstname, lastname and dealer to the cookies.
Error is mysqli_stmt_bind_param(): Number of variables doesn’t match number of parameters in prepared statement

// Include config file
require_once ‘config.php’;

// Define variables and initialize with empty values
$username = $password = $firstname = $lastname = $dealer = “”;
$username_err = $password_err = $firstname_err = $lastname_err = $dealer_err = “”;

// Processing form data when form is submitted

// Check if username is empty
    $username_err = 'Please enter username.';
} else{
    $username = trim($_POST["username"]);

// Check if password is empty
    $password_err = 'Please enter your password.';
} else{
    $password = trim($_POST['password']);

// Validate credentials
if(empty($username_err) && empty($password_err)){
    // Prepare a select statement
    $sql = "SELECT * FROM managers WHERE username = ?";
    if($stmt = mysqli_prepare($link, $sql))
        // Bind variables to the prepared statement as parameters

mysqli_stmt_bind_param($stmt, “ssss”, $param_username, $param_firstname, $param_lastname, $param_dealer);

        // Set parameters
        $param_username = $username;
        $param_firstname = $firstname;
        $param_lastname = $lastname;
        $param_dealer = $dealer;
        // Attempt to execute the prepared statement
            // Store result
            // Check if username exists, if yes then verify password
            if(mysqli_stmt_num_rows($stmt) == 1){  
                // Bind result variables
                mysqli_stmt_bind_result($stmt, $username, $hashed_password, $firstname, $lastname, $dealer);
                    if(password_verify($password, $hashed_password))
                        /* Password is correct, so start a new session and
                        save the username to the session */
                        $_SESSION['username'] = $username; 
                        $_SESSION['firstname'] = $firstname;
                        $_SESSION['lastname'] = $lastname;
                        $_SESSION['dealer'] = $dealer;
                        header("location: welcome.php");
                    } else{
                        // Display an error message if password is not valid
                        $password_err = 'The password you entered was not valid.';
            } else{
                // Display an error message if username doesn't exist
                $username_err = 'No account found with that username.';
        } else{
            echo "Oops! Something went wrong. Please try again later.";
    // Close statement

// Close connection


Login body{ font: 14px sans-serif; } .wrapper{ width: 350px; padding: 20px; }


Please fill in your credentials to login.

" method="post">
Username <?php echo $username_err; ?>
Password <?php echo $password_err; ?>

Don't have an account? Sign up now.



Your query contains 1 placeholder
[php]$sql = “SELECT * FROM managers WHERE username = ?”;[/php]

You’re trying to bind 4 parameters to the query
[php]mysqli_stmt_bind_param($stmt, “ssss”, $param_username, $param_firstname, $param_lastname, $param_dealer);[/php]

This is just unnecessary
[php] $param_username = $username;
$param_firstname = $firstname;
$param_lastname = $lastname;
$param_dealer = $dealer;[/php]


Right. But I thought that I only need the one ? because as long as the username is correct (if username = x) then I need to select all the other data…since the username is the only thing in table that must be unique. What am I missing here? Thx


The query “where username = ?” only has one param, you’re binding 4 params to the query. It’s nothing more than what the error is saying, you’re trying to bind the wrong number of variables…


Binding params should have nothing to do with that. Because if x=x then do something with y…I thought.


When you bind params you tell the db what to insert into the placeholders. This should be pretty straight forward…


I get that. I can’t understand what the if statement has to do with how many parameters I bind later.


Which if statement are you referring to?