php - mysqli_prepare() Query working on localhost but not when uploaded online, variables on prepared statements -

i appreciate effort taking time read post , answer problem.

i making login system of item inventory list client's website.

i keep getting these errors online when testing login form :

warning: mysqli_stmt::bind_param() [mysqli-stmt.bind-param]: number of variables doesn't match number of parameters in prepared statement in /home/greyan/public_html/shoplogin/login.php on line 44

fatal error: call undefined method mysqli_stmt::get_result() in /home/greyan/public_html/shoplogin/login.php on line 48

what troubles me happens when upload online in web server not when viewing site through localhost.

//function sanitize values received form. prevents sql injection function clean($str) { $str = trim($str); global $conn; return $conn->real_escape_string($str); }   //sanitize post values $username = clean($_post['username']); $password = clean($_post['password']);  //input validations if($username == '') { $errmsg_arr[] = '*username missing'; $errflag = true; } if($password == '') { $errmsg_arr[] = '*password missing'; $errflag = true; }  //if there input validations, redirect login form if($errflag) { $_session['errmsg_arr'] = $errmsg_arr; session_write_close(); header("location: index.php"); exit(); }  $sql = $conn->prepare("select * users username = '$username' , password = '$password' ") ; $sql->bind_param("ss", $username, $password) ;  $sql->execute();  $result = $sql->get_result(); 

i confused why these errors keep happening. number of variables in prepared statement seems correct stated on bind_param() parameters.

thanks!

don't escape strings , replace variable names '$username' , '$password' question marks (?). also, not use single quotes.

as security precaution, recommend using password_hash function seems storing passwords plain text.