Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    New to the CF scene
    Join Date
    Dec 2012
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Question Wrong parameter count for mysql_query() in...

    Warning: Wrong parameter count for mysql_query() in /home/harold/public_html/news/index.php on line 147

    PHP Code:
    $sql mysql_query("SELECT `title`,`content`,`date` FROM `news` WHERE `id` = ?", array($_GET['id']), true); 
    Any ideas?
    Last edited by Brian.Wynes; 12-11-2012 at 08:51 PM. Reason: put in php tags

  • #2
    Senior Coder kbluhm's Avatar
    Join Date
    Apr 2007
    Location
    Philadelphia, PA, USA
    Posts
    1,509
    Thanks
    3
    Thanked 258 Times in 254 Posts
    It's unrelated to the issue at hand, but you're attempting to utilize parameter sanitizing, which mysql_query does not natively support.

    http://www.php.net/mysql_query

    Here's a quick and dirty way to achieve what you're looking to do:
    PHP Code:
    function mysql_prepare$query, Array $params = array(), $link_identifier NULL )
    {

        if ( 
    FALSE === strpos$query'?' ) || empty( $params ) )
        {
            return 
    $query;
        }

        if ( 
    count$params ) !== substr_count$query'?' ) )
        {
            throw new 
    InvalidArgumentException(
                
    'Placeholder count does not match parameter count'
            
    );
        }

        
    $parts explode'?'$query );

        
    // append the first query part
        
    $query = array( array_shift$parts ) );

        foreach ( 
    $parts as $part )
        {

            
    // grab the next parameter[s]
            
    $_params = ( array ) array_shift$params );

            
    // sanitize the parameter[s]
            
    foreach ( $_params as & $_param )
            {

                if ( isset( 
    $link_identifier ) )
                {
                    
    $_param mysql_real_escape_string$_param$link_identifier );
                }

                else
                {
                    
    $_param mysql_real_escape_string$_param );
                }

                
    $_param '\'' $_param '\'';

            }

            
    // append the parameter[s]
            
    $query[] = implode', '$_params );

            
    // append the next query part
            
    $query[] = $part;

        }

        return 
    implode''$query );


    Usage:
    PHP Code:
    $query mysql_prepare(
        
    'SELECT `title`,`content`,`date` FROM `news` WHERE `id` = ?',
        array( 
    $_GET['id'] )
    );
    $result mysql_query$query ); 
    ...or, "upgrade" to PDO or MySQLI
    Last edited by kbluhm; 12-12-2012 at 04:45 PM.

  • #3
    Senior Coder Dormilich's Avatar
    Join Date
    Jan 2010
    Location
    Behind the Wall
    Posts
    3,217
    Thanks
    12
    Thanked 338 Times in 334 Posts
    Quote Originally Posted by kbluhm View Post
    ...or, "upgrade" to PDO or MySQLI
    I emphasize that!
    The computer is always right. The computer is always right. The computer is always right. Take it from someone who has programmed for over ten years: not once has the computational mechanism of the machine malfunctioned.
    André Behrens, NY Times Software Developer

  • #4
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,283
    Thanks
    57
    Thanked 523 Times in 510 Posts
    Blog Entries
    5
    Quote Originally Posted by Brian.Wynes View Post
    Warning: Wrong parameter count for mysql_query() in /home/harold/public_html/news/index.php on line 147

    PHP Code:
    $sql mysql_query("SELECT `title`,`content`,`date` FROM `news` WHERE `id` = ?", array($_GET['id']), true); 
    You can't do that! Look at the php function manual for mysql_query:

    resource mysql_query ( string $query [, resource $link_identifier = NULL ] )
    You're using 3 parameters yet the function can only take two - the second being a link identifier (the resource returned from mysql_connect) which is optional. You're passing it the $_GET array instead. The function returns a resource.

    The function manual on php.net is very important and will save you a lot of hassle if you learn to use it and understand what it is telling you. You can't just make up your own parameters to a function or assume its the same as another with the same name from a different language or database - you need to target the manual and actually find out how to use it accurately.

    You can lookup any function by visiting this link: http://www.php.net/<function_name>
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #5
    Master Coder felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, Australia
    Posts
    6,593
    Thanks
    0
    Thanked 645 Times in 635 Posts
    The mysql_ interface is scheduled for removal from PHP as it has long ago been replaced by the newer mysqli_ interface and by PDO - either of which will allow you to do what you are trying to do using two separate calls - prepare and bind.
    Stephen
    Learn Modern JavaScript - http://javascriptexample.net/
    Helping others to solve their computer problem at http://www.felgall.com/

    Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •