Wrong parameter count for mysql_query() in...

[Brian.Wynes]

Warning: Wrong parameter count for mysql_query() in /home/harold/public_html/news/index.php on line 147

PHP Code:

$sql = mysql_query("SELECT `title`,`content`,`date` FROM `news` WHERE `id` = ?", array($_GET['id']), true); 


Any ideas?

[kbluhm]

It's unrelated to the issue at hand, but you're attempting to utilize parameter sanitizing, which mysql_query does not natively support.

http://www.php.net/mysql_query

Here's a quick and dirty way to achieve what you're looking to do:

PHP Code:

function mysql_prepare( $query, Array $params = array(), $link_identifier = NULL )
{

    if ( FALSE === strpos( $query, '?' ) || empty( $params ) )
    {
        return $query;
    }

    if ( count( $params ) !== substr_count( $query, '?' ) )
    {
        throw new InvalidArgumentException(
            'Placeholder count does not match parameter count'
        );
    }

    $parts = explode( '?', $query );

    // append the first query part
    $query = array( array_shift( $parts ) );

    foreach ( $parts as $part )
    {

        // grab the next parameter[s]
        $_params = ( array ) array_shift( $params );

        // sanitize the parameter[s]
        foreach ( $_params as & $_param )
        {

            if ( isset( $link_identifier ) )
            {
                $_param = mysql_real_escape_string( $_param, $link_identifier );
            }

            else
            {
                $_param = mysql_real_escape_string( $_param );
            }

            $_param = '\'' . $_param . '\'';

        }

        // append the parameter[s]
        $query[] = implode( ', ', $_params );

        // append the next query part
        $query[] = $part;

    }

    return implode( '', $query );

} 


Usage:

PHP Code:

$query = mysql_prepare(
    'SELECT `title`,`content`,`date` FROM `news` WHERE `id` = ?',
    array( $_GET['id'] )
);
$result = mysql_query( $query ); 


...or, "upgrade" to PDO or MySQLI

[Dormilich]

Quote:

Originally Posted by kbluhm

...or, "upgrade" to PDO or MySQLI

I emphasize that!

[tangoforce]

Quote:

Originally Posted by Brian.Wynes

Warning: Wrong parameter count for mysql_query() in /home/harold/public_html/news/index.php on line 147

PHP Code:

$sql = mysql_query("SELECT `title`,`content`,`date` FROM `news` WHERE `id` = ?", array($_GET['id']), true); 


You can't do that! Look at the php function manual for mysql_query:

Quote:

resource mysql_query ( string $query [, resource $link_identifier = NULL ] )

You're using 3 parameters yet the function can only take two - the second being a link identifier (the resource returned from mysql_connect) which is optional. You're passing it the $_GET array instead. The function returns a resource.

The function manual on php.net is very important and will save you a lot of hassle if you learn to use it and understand what it is telling you. You can't just make up your own parameters to a function or assume its the same as another with the same name from a different language or database - you need to target the manual and actually find out how to use it accurately.

You can lookup any function by visiting this link: http://www.php.net/<function_name>

[felgall]

The mysql_ interface is scheduled for removal from PHP as it has long ago been replaced by the newer mysqli_ interface and by PDO - either of which will allow you to do what you are trying to do using two separate calls - prepare and bind.