Welcome to the Treehouse Community

The Treehouse Community is a meeting place for developers, designers, and programmers of all backgrounds and skill levels to get support. Collaborate here on code errors or bugs that you need feedback on, or asking for an extra set of eyes on your latest project. Join thousands of Treehouse students and alumni in the community today. (Note: Only Treehouse students can comment or ask questions, but non-students are welcome to browse our conversations.)

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and a supportive community. Start your free trial today.

PHP Integrating PHP with Databases Using Relational Tables Using a Prepared Statement

Alfredo Prince
Alfredo Prince
6,175 Points

Why is it giving me this error?

The error: Make sure you are using 'prepare' instead of 'query' and binding your parameter before execution. Why? isn't that what i did?

index.php
<?php
function get_member($member_id) {
    include("connection.php");

    try {
      $results = $db->prepare(
          "SELECT member_id, email, fullname, level
          FROM members
          WHERE member_id = $member_id"
      );
      $results->bindParam($member_id);
      $results->execute();
    } catch (Exception $e) {
      echo "bad query";
    }

    $members = $results->fetchAll();
    return $members;
}

Hi Alfredo, try to change $member_id inside your database query to quistion mark. So it will be ...WHERE member_id = ?

1 Answer

Simon Woodard
Simon Woodard
6,545 Points

Hi Alfredo, you are indeed using a prepare statement but you're not binding the parameter correctly.

You first need to remember that parameters in a prepared statement need to be identified with a '?'. Secondly because multiple '?' parameters can be used in a prepared statement you also need to target which '?' you want to bind a variable too.

This means your prepare statement becomes:

$results = $db->prepare(
          "SELECT member_id, email, fullname, level
          FROM members
          WHERE member_id = ?"
      );

and your bind statement becomes:

$results->bindParam(1,$member_id)

Notice we've used the '?' in the prepare statement, then in our bindParam statement we say we want to bind the $member_id variable to the first '?'