I use the following code to prepare a statement for msqli:
if($verfahren != ""){
$where[] = "FIND_IN_SET(?,`verfahren`)>0";
$types[] = "s";
$params[] = $verfahren;
}
if($fachgebiet != ""){
$where[] = "FIND_IN_SET(?,`fachgebiet`)>0";
$types[] = "s";
$params[] = $fachgebiet;
}
if($praxis != ""){
$where[] = "`praxis` = ?";
$types[] = "s";
$params[] = $praxis;
}
$sql = "SELECT * FROM `my_table`";
if(isset($where)){
$sql .= " WHERE ". implode(' AND ', $where);
$stmt = mysqli_prepare($mysqli, $sql);
# https://stackoverflow.com/a/43216404/25634160
$refs = [$stmt, implode('', $types)];
foreach($params as $param){
$refs[] = $param;
}
unset($param);
call_user_func_array('mysqli_stmt_bind_param', $refs); <= Warning
} else {
$stmt = mysqli_prepare($mysqli, $sql);
}
The fourth to last line throws three warnings:
Warning: mysqli_stmt_bind_param(): Argument #3 must be passed by reference, value given in /path/to/script.php on line 254
Warning: mysqli_stmt_bind_param(): Argument #4 must be passed by reference, value given in /path/to/script.php on line 254
Warning: mysqli_stmt_bind_param(): Argument #5 must be passed by reference, value given in /path/to/script.php on line 254
I understand from other Q&A here, such as this one, that I need to pass my variables as variables instead of values. What I don’t understand is where in my code I need to do that and how.
Could you please explain to me how I need to change my code?