PHP Warning: mysqli_stmt::bind_param(): Number of variables doesn't match number of parameters in prepared statement

if($stmt = $mysqli -> prepare("SELECT url, month, year, cover_image FROM back_issues ORDER BY year DESC, month DESC")) {
   $stmt -> bind_param("ssis", $url, $month, $year, $cover_image);
   [...]
}

These lines don't make any sense! If you want to use parameters, you have to use them into a where condition or similar, pretty much like:

$mysqli->prepare("SELECT * FROM back_issues WHERE url =? AND month =? AND year =? and cover_image = ?");
$stmt->bind_param("ssis", $url, $month, $year, $cover_image);

If you don't have any placeholder to bind with parameters, bind_param() method will produce the error you're running through. Moreover, what that IF statement supposed to do? If you want to verify if that query produces any result, you have first to run it and, then, to verify.


You do not need to bind parameters in this case. Placeholders are used for the values in an INSERT statement, or in a WHERE clause. (Note that placeholders are not allowed for identifiers, such as the column names in your statement.) A valid, simplified statement with placeholders would look like:

"SELECT url, cover_image FROM back_issues WHERE month = ? and year = ?"