I’ve been trying to code a login form in PHP using a prepared statement but every time I try to log in I get the following error:

mysqli_stmt::bind_result(): Number of bind variables doesn't match number of fields in prepared statement

Here is my code:

<?php
session_start();

$mysqli = new mysqli("localhost", "root" , "" , "security");
if(mysqli_connect_errno()){
    echo "Wrong" ;
}
if($stmt = $mysqli->prepare("SELECT username AND password FROM users WHERE username =? AND password =?")){
    $username = $_POST['name'];
    $password = $_POST['password'];
    $stmt->bind_param('ss' ,$username ,$password);
    $stmt->execute();
    $stmt->bind_result($password ,$username);
    if($stmt->fetch() == 'true')
    {
        echo "welcome";
    } else{
        echo "wrong password";
    }
}
?>

Can someone tell me why this is happening?

If that really is your code, it may be that either $_POST["name"] or $_POST["password"] is an array, so that bind_param binds more than just one value.

Check:

var_dump($_POST["name"]);
var_dump($_POST["password"]);

$mysqli->prepare("SELECT username, password FROM users WHERE username = ? AND password = ?");
$username = $_POST['name'];
$password = $_POST['password'];
$stmt->bind_param('ss' ,$username ,$password);
$stmt->execute();
$stmt->bind_result($username ,$password);

Your select syntax was wrong, the correct syntax is SELECT field1, field2, field3 FROM TABLE WHERE field1 = ? AND field2 = ?

To select more fields simply seperate them by a comma and not an AND

Also, I realize that you're saving your passwords in plaintext which is bad practice, consider hashing them using the numerous hashing functions out there like sha1()