mysqli_stmt::bind_result(): Number of bind variables doesn't match number of fields in prepared statement

Question

I’ve been trying to code a login form in PHP using a prepared statement but every time I try to log in I get the following error:

mysqli_stmt::bind_re

Answer 1

$mysqli->prepare("SELECT username, password FROM users WHERE username = ? AND password = ?");
$username = $_POST['name'];
$password = $_POST['password'];
$stmt->bind_param('ss' ,$username ,$password);
$stmt->execute();
$stmt->bind_result($username ,$password);

Your select syntax was wrong, the correct syntax is SELECT field1, field2, field3 FROM TABLE WHERE field1 = ? AND field2 = ?

To select more fields simply seperate them by a comma and not an AND

Also, I realize that you're saving your passwords in plaintext which is bad practice, consider hashing them using the numerous hashing functions out there like sha1()

Answer 2

If that really is your code, it may be that either $_POST["name"] or $_POST["password"] is an array, so that bind_param binds more than just one value.

Check:

var_dump($_POST["name"]);
var_dump($_POST["password"]);