This question already has an answer here:
This is my server side code:
<?php
include('DBconnection.php');
$q = "";
$q = $_REQUEST["q"];
function getAlSubjects($searchtext){
$connection = db_connect();
$statement = $connection->prepare('select * from olsubjectmaster where (ifnull(?,"")="" or SubjectID like ? or SubjectID like ? ) ORDER BY SubjectID');
$statement->bind_param(1,$searchtext,PDO::PARAM_STR, 200);
$statement->bind_param(2,$searchtext.'%',PDO::PARAM_STR, 200);
$statement->bind_param(3,'%'.$searchtext.'%',PDO::PARAM_STR, 200);
$result=$statement.execute();
$connection.close();
$statement.close();
return $result;
}
$value='';
while($row = getAlSubjects($q)->fetch_assoc()) {
echo $row["SubjectID"];
}
?>
When I execute this, it shows the following error:
Fatal error: Cannot pass parameter 2 by reference in D:\xampp\htdocs\GetSubject.php on line 15
How can I fix this? This is my DBconnection.php file code
<?php
function db_connect() {
// Define connection as a static variable, to avoid connecting more than once
static $connection;
// Try and connect to the database, if a connection has not been established yet
if(!isset($connection)) {
// Load configuration as an array. Use the actual location of your configuration file
$config = parse_ini_file('config.ini');
$connection = mysqli_connect('localhost',$config['username'],$config['password'],$config['dbname']);
}
// If connection was not successful, handle the error
if($connection === false) {
// Handle error - notify administrator, log to a file, show an error screen, etc.
return mysqli_connect_error();
}
return $connection;
}
?>
</div>
Yes this is not allowed,
$statement->bind_param(2,$searchtext.'%',PDO::PARAM_STR, 200);
$statement->bind_param(3,'%'.$searchtext.'%',PDO::PARAM_STR, 200);
These operations result in new string literals being created. String literals cannot be bound. You need to
$param2 = $searchtext.'%';
$param3 = '%'.$searchtext.'%';
$statement->bind_param(2,$param2,PDO::PARAM_STR, 200);
$statement->bind_param(3,$param3,PDO::PARAM_STR, 200);
As a side note, since you are comparing for %searchtext%, there isn't a need to look for searchtext%
update: As Fred pointed out, you appear to be using PDO but calling bind_param, which is a part of the mysqli api rather than PDO. The correct all in PDO is bindParam