php - mysqli_stmt::bind_result(): Number of bind variables doesn't match number of fields in prepared statement

Question

I’ve been trying to code a login form in PHP using a prepared statement but every time I try to log in I get the following error:

mysqli_stmt::bind_result(): Number of bind variables doesn't match number of fields in prepared statement

Here is my code:

<?php

$mysqli = new mysqli("localhost", "root" , "" , "security");

$stmt = $mysqli->prepare("SELECT username AND password FROM users WHERE username = ?");
$username = $_POST['name'];
$stmt->bind_param('s', $username);
$stmt->execute();
$stmt->bind_result($password, $username);
$stmt->fetch();

Can someone tell me why this is happening?

Answer 1

$mysqli->prepare("SELECT username, password FROM users WHERE username = ?");
$username = $_POST['name'];
$stmt->bind_param('s' ,$username);
$stmt->execute();
$stmt->bind_result($username, $password);

Your select syntax was wrong, the correct syntax is SELECT field1, field2, field3 FROM TABLE WHERE field1 = ? AND field2 = ?

To select more fields simply separate them by a comma and not an AND