The number of parameters in the prepared statement is inconsistent with the number of variables bound by bind_param

Question

Here is my code snippet:

$stmt = $mysqli->prepare("SELECT DISTINCT model FROM vehicle_types
    WHERE year = ? AND make = '?' ORDER by model");

$stmt->bind_param('is', $year, $make);

$stmt->execute();

When I output the values ​​for $year and $make, I can see the values, but when I run this script I get a null value and the following warning appears in my log file:

PHP Warning: mysqli_stmt::bind_param(): Number of variables doesn't match number of parameters in prepared statement

In this case, the type of year in the database is int(10), I have tried converting it to int type for passing, and make is a varchar(20) with utf8_unicode_ci encoding. Is there anything I'm missing?

Answer 1

Your prepared statement is wrong, it should be:

$stmt = $mysqli->prepare("
    SELECT DISTINCT model FROM vehicle_types WHERE year = ? AND make = ? ORDER by model
");
$stmt->bind_param('is', $year, $make);
$stmt->execute();

When you prepare a statement, you must replace each variable with a question mark instead of quotes. Question marks within quotes will not be recognized as placeholders.

The number of question marks must be equal to the number of variables in bind_param()