Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    New to the CF scene
    Join Date
    Dec 2012
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Question Wrong parameter count for mysql_query() in...

    Warning: Wrong parameter count for mysql_query() in /home/harold/public_html/news/index.php on line 147

    PHP Code:
    $sql mysql_query("SELECT `title`,`content`,`date` FROM `news` WHERE `id` = ?", array($_GET['id']), true); 
    Any ideas?
    Last edited by Brian.Wynes; 12-11-2012 at 08:51 PM. Reason: put in php tags

  • #2
    Senior Coder kbluhm's Avatar
    Join Date
    Apr 2007
    Location
    Philadelphia, PA, USA
    Posts
    1,509
    Thanks
    3
    Thanked 258 Times in 254 Posts
    It's unrelated to the issue at hand, but you're attempting to utilize parameter sanitizing, which mysql_query does not natively support.

    http://www.php.net/mysql_query

    Here's a quick and dirty way to achieve what you're looking to do:
    PHP Code:
    function mysql_prepare$query, Array $params = array(), $link_identifier NULL )
    {

        if ( 
    FALSE === strpos$query'?' ) || empty( $params ) )
        {
            return 
    $query;
        }

        if ( 
    count$params ) !== substr_count$query'?' ) )
        {
            throw new 
    InvalidArgumentException(
                
    'Placeholder count does not match parameter count'
            
    );
        }

        
    $parts explode'?'$query );

        
    // append the first query part
        
    $query = array( array_shift$parts ) );

        foreach ( 
    $parts as $part )
        {

            
    // grab the next parameter[s]
            
    $_params = ( array ) array_shift$params );

            
    // sanitize the parameter[s]
            
    foreach ( $_params as & $_param )
            {

                if ( isset( 
    $link_identifier ) )
                {
                    
    $_param mysql_real_escape_string$_param$link_identifier );
                }

                else
                {
                    
    $_param mysql_real_escape_string$_param );
                }

                
    $_param '\'' $_param '\'';

            }

            
    // append the parameter[s]
            
    $query[] = implode', '$_params );

            
    // append the next query part
            
    $query[] = $part;

        }

        return 
    implode''$query );


    Usage:
    PHP Code:
    $query mysql_prepare(
        
    'SELECT `title`,`content`,`date` FROM `news` WHERE `id` = ?',
        array( 
    $_GET['id'] )
    );
    $result mysql_query$query ); 
    ...or, "upgrade" to PDO or MySQLI
    Last edited by kbluhm; 12-12-2012 at 04:45 PM.

  • #3
    Senior Coder Dormilich's Avatar
    Join Date
    Jan 2010
    Location
    Behind the Wall
    Posts
    3,135
    Thanks
    12
    Thanked 332 Times in 328 Posts
    Quote Originally Posted by kbluhm View Post
    ...or, "upgrade" to PDO or MySQLI
    I emphasize that!
    The computer is always right. The computer is always right. The computer is always right. Take it from someone who has programmed for over ten years: not once has the computational mechanism of the machine malfunctioned.
    André Behrens, NY Times Software Developer

  • #4
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,093
    Thanks
    51
    Thanked 506 Times in 493 Posts
    Quote Originally Posted by Brian.Wynes View Post
    Warning: Wrong parameter count for mysql_query() in /home/harold/public_html/news/index.php on line 147

    PHP Code:
    $sql mysql_query("SELECT `title`,`content`,`date` FROM `news` WHERE `id` = ?", array($_GET['id']), true); 
    You can't do that! Look at the php function manual for mysql_query:

    resource mysql_query ( string $query [, resource $link_identifier = NULL ] )
    You're using 3 parameters yet the function can only take two - the second being a link identifier (the resource returned from mysql_connect) which is optional. You're passing it the $_GET array instead. The function returns a resource.

    The function manual on php.net is very important and will save you a lot of hassle if you learn to use it and understand what it is telling you. You can't just make up your own parameters to a function or assume its the same as another with the same name from a different language or database - you need to target the manual and actually find out how to use it accurately.

    You can lookup any function by visiting this link: http://www.php.net/<function_name>
    My helpful sig is on vacation trying to loose some weight. It got a bit fat and caused a few problems but it will be back at some point!

  • #5
    Master Coder felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, Australia
    Posts
    6,479
    Thanks
    0
    Thanked 635 Times in 625 Posts
    The mysql_ interface is scheduled for removal from PHP as it has long ago been replaced by the newer mysqli_ interface and by PDO - either of which will allow you to do what you are trying to do using two separate calls - prepare and bind.
    Stephen
    Learn Modern JavaScript - http://javascriptexample.net/
    Helping others to solve their computer problem at http://www.felgall.com/

    Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •