I am trying to create a query with a dynamic where clause. The query has a default where clause where it will always check for SessionId = ? no matter which option is chosen from the students andquestions` drop down menu.

Then I have a php code where if the user has selected an individual student or an individual question (or in other words has not selected the option All in the student drop down menu or the user has not selectedAllin the question drop down menu). If theAll` option is selected in either of the 2 drop down menus then it does not add those parameters to the WHERE clause.

Anyway when trying to do this, I am getting these errors:

Warning: mysqli::prepare(): (42000/1064): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE q.SessionId = ?' at line 15 in ... on line 320 

Fatal error: Call to a member function bind_param() on a non-object in ... on line 322

My question is what do I need to sort out in the mysqli and php code below in order to fix the errors?

Below is the code with comments to display line numbers where errors are:

$selectedstudentanswerqry = "
SELECT
StudentAlias, StudentForename, StudentSurname, q.SessionId, QuestionNo, QuestionContent, o.OptionType, q.NoofAnswers, GROUP_CONCAT( DISTINCT Answer
ORDER BY Answer SEPARATOR ',' ) AS Answer, r.ReplyType, QuestionMarks, 
GROUP_CONCAT(DISTINCT StudentAnswer ORDER BY StudentAnswer SEPARATOR ',') AS StudentAnswer, ResponseTime, MouseClick, StudentMark
FROM Student s
INNER JOIN Student_Answer sa ON (s.StudentId = sa.StudentId)
INNER JOIN Student_Response sr ON (sa.StudentId = sr.StudentId)
INNER JOIN Question q ON (sa.QuestionId = q.QuestionId)
INNER JOIN Answer an ON q.QuestionId = an.QuestionId
LEFT JOIN Reply r ON q.ReplyId = r.ReplyId
LEFT JOIN Option_Table o ON q.OptionId = o.OptionId
";

// Initially empty
$where = array('q.SessionId = ?');
$parameters = array($_POST["session"]);
$parameterTypes = 'i';

// Check whether a specific student was selected
if($_POST["student"] !== 'All') {
    $where[] = 'sa.StudentId = ?';
    $parameters[] = $_POST["student"];
    $parameterTypes .= 'i';
}

// Check whether a specific question was selected
// NB: This is not an else if!
if($_POST["question"] !== 'All') {
    $where[] = 'q.QuestionId = ?';
    $parameters[] = $_POST["question"];
    $parameterTypes .= 'i';
}

$selectedstudentanswerqry .= "
GROUP BY sa.StudentId, q.QuestionId
ORDER BY StudentAlias, q.SessionId, QuestionNo
";

// If we added to $where in any of the conditionals, we need a WHERE clause in
// our query
if(!empty($where)) {
    $selectedstudentanswerqry .= ' WHERE ' . implode(' AND ', $where);
    global $mysqli;
    $selectedstudentanswerstmt=$mysqli->prepare($selectedstudentanswerqry); //line 320 error
    // You only need to call bind_param once
    $selectedstudentanswerstmt->bind_param($parameterTypes,implode($parameters)); //line 322 error
}




// get result and assign variables (prefix with db)
$selectedstudentanswerstmt->execute(); 
$selectedstudentanswerstmt->bind_result($detailsStudentAlias,$detailsStudentForename,$detailsStudentSurname,$detailsSessionId,$detailsQuestionNo, 
$detailsQuestonContent,$detailsOptionType,$detailsNoofAnswers,$detailsAnswer,$detailsReplyType,$detailsQuestionMarks,$detailsStudentAnswer,$detailsResponseTime,
$detailsMouseClick,$detailsStudentMark);
$selectedstudentanswerstmt->store_result();
$selectedstudentanswernum = $selectedstudentanswerstmt->num_rows();