PDOStatement::execute(): SQLSTATE[HY093]: Invalid parameter number: parameter was not...defined? [closed] - php

Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 2 years ago.
Improve this question
I'm stuck on a simple PDO execute since like 1 hour. Probably simple thing but can't figure it out.
Warning: PDOStatement::execute(): SQLSTATE[HY093]: Invalid parameter number: parameter was not defined in D:\PROJETS\site_webs\MY_WEBSITE\gestionGH\document_req.php on line 38
(38 is the "execute" line.)
Even by assigning directly values to the $variables, it still show the error
include("inc/connection.php");
$box = $_GET["box"];
$type = $_GET["type"];
$action = $_GET["action"];
$contenu = $db->quote($_GET["contenu"]);
$pro_nom = $db->quote($_GET["pro_nom"]);
$pro_num = $_GET["pro_num"];
if ($action == "creer")
{
$type = 'e';
$pro_nom = 'classique';
$contenu = 'contenu';
$pro_prix = 0;
$pro_tva = 0;
$actif = 'oui';
/*
$add = $db->query("INSERT INTO produit (pro_type,pro_nom,pro_texte,actif)
VALUES ('$type',$pro_nom,$contenu,'oui')");*/
$add = $db->prepare("INSERT INTO produit (pro_num, pro_type, pro_nom, pro_texte, pro_prix, pro_tva, actif)
VALUES (NULL, :pro_type, :pro_nom, :pro_texte, :pro_prix, :pro_tva, :actif)");
$add->bindParam(":pro_type", $type, PDO::PARAM_STR);
$add->bindParam(":pro_nom", $pro_nom, PDO::PARAM_STR);
$add->bindParam(":pro_text", $contenu, PDO::PARAM_STR);
$add->bindParam(":pro_prix", $pro_prix, PDO::PARAM_STR);
$add->bindParam(":pro_tva", $pro_tva, PDO::PARAM_STR);
$add->bindParam(":actif", $actif, PDO::PARAM_STR);
$add->execute();
Last, replacing everything with a direct request such as this works fine :
$add = $db->prepare("INSERT INTO produit (pro_num, pro_type, pro_nom, pro_texte, pro_prix, pro_tva, actif) VALUES (NULL, 'e', 'pro_nom', 'pro_texte', 0 , 0, 'oui')");

Related

Warning: mysqli_stmt::bind_param(): Number of elements in type definition string doesn't match number of bind variables 11 [closed]

Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 4 years ago.
Improve this question
My code against SQL injection isn't working (error message in title).
I simplified my code, but its still not working.
<?php
include "conf.php";
$db = new mysqli($MYSQL_HOST, $MYSQL_USER, $MYSQL_PASS, $MYSQL_DB);
$ltime =10;
$url= 1;
$title =2;
$result = $db->prepare("INSERT INTO links VALUES ('', ?, ?, ?)");
$result->bind_param('ss', $url, $title, $ltime);
$result->execute();
I created DB and all variables are integer, first value is ID and it is created with an auto Increment flag.

You have to put three "s" in the bind_param method, because there are three variables to bind
$result = $db->prepare("INSERT INTO links VALUES (NULL, ?, ?, ?)");
$result->bind_param('sss', $url, $title, $ltime);
I's also better to pass a null NULL value for the autoincremented field instead of an empty string

You have:
$result->bind_param('ss', $url, $title, $ltime);
but it should be
$result->bind_param('sss', $url, $title, $ltime);
The first function parameter of
bool mysqli_stmt::bind_param ( string $types , mixed &$var1 [, mixed &$... ] )
determines the type of each single bound variable/sql-parameter. You have three sql-parameters, so your first function parameter must specify three types (three times s in this case), not just two.
And on a side-node: I'd rather assign the return value of mysqli::prepare to a variable with the name $statement than $result.

Fatal error: Call to a member function bindParam() on boolean in D:\xampp\htdocs\ipack\insertstatus.php on line 14 [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 7 years ago.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Improve this question
I am getting an error while running this code:
Fatal error: Call to a member function bindParam() on boolean in D:\xampp\htdocs\ipack\insertstatus.php on line 9
<?php
header('Access-Control-Allow-Origin: *');
include 'dbconnection.php';
$jobno = "AFE/0001/2015";
$jobseq = 0;
//to get INTJOBNO
$intjobno = "";
$data = $dbh->query("select INTJOBNO from PRTJOBHD where JOBNO = :jobno and JOBSEQ = :jobseq");
$data->bindParam(':jobno',$jobno,PDO::PARAM_STR);
$data->bindParam(':jobseq',$jobseq,PDO::PARAM_STR);
$data->execute();
foreach($data as $row) {
$intjobno = $row['INTJOBNO'];
echo $intjobno;
}
>

Have a look at this answer: PDO's query vs execute. You cannot bind parameters to PDO query, you need to use prepare instead.
header('Access-Control-Allow-Origin: *');
include 'dbconnection.php';
$jobno = "AFE/0001/2015";
$jobseq = 0;
//to get INTJOBNO
$intjobno = "";
$data = $dbh->prepare("select INTJOBNO from PRTJOBHD where JOBNO = :jobno and JOBSEQ = :jobseq");
$data->bindParam(':jobno',$jobno,PDO::PARAM_STR);
$data->bindParam(':jobseq',$jobseq,PDO::PARAM_STR);
$data->execute();
foreach($data as $row) {
$intjobno = $row['INTJOBNO'];
echo $intjobno;
}

PDO::query() returns a PDOStatement object, or FALSE on failure.
Source
It means your query has failed for some reason.
In this case you are using the wrong function to do what you want to do.
You need to prepare your statement since you want to bind two parameters in your query.
Use $dbh->prepare() instead of $dbh->query().

Query breaks when data contains single quote [closed]

Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
Hello guys i need your help with this php code,
and trying to create survey name using text box..but what happens is that $survey_name = $_POST['txtSurveyName']; does not save any input with e.g. Department's but it saves Departments.
I noticed that the problem is with the single quotes, how can write this code to accept the single quotes?
here is the full code:
**$survey_name = $_POST['txtSurveyName'];**
$survey_status = $_POST['status'];
// Save question
$sql = "INSERT INTO survey(survey_name, status) VALUES('{$survey_name}','{$survey_status}')";
$result = mysql_query($sql);
// Redirect to landing page

As much as I hate this answer I will still tell you that you need to escape your strings:
$survey_name = mysql_real_escape_string($_POST['txtSurveyName']);
But I would suggest using PDO or MySQLi prepared statements. Better for your security.
So easy with PDO:
//prepare query
$stmt = $pdoInstance->prepare('INSERT INTO survey(survey_name, status) VALUES(:name, :status)');
//bind params
$stmt->bindParam(':name', $name, PDO::PARAM_STR);
$stmt->bindParam(':status', $status, PDO::PARAM_STR);
if ($stmt->execute()) {
//success
}
This way your code is more secure and I feel better that I did not suggest something horrible.

From: http://us2.php.net/mysql_real_escape_string
$survey_name = $_POST['txtSurveyName'];
$survey_status = $_POST['status'];
$sql = sprintf("INSERT INTO survey(survey_name, status) VALUES('%s','%s')'",
mysql_real_escape_string($survey_name),
mysql_real_escape_string($survey_status));
$result = mysql_query($sql);

Change your query to escape specials chars :
$sql = "INSERT INTO survey(survey_name, status) VALUES(\"{$survey_name}\",\"{$survey_status}\")";
or
$sql = "INSERT INTO survey(survey_name, status) VALUES('".addslashes($survey_name)."','".addslashes($survey_status)."')";

PDO Invalid parameter number: parameter was not defined [closed]

Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
Im having a strange issue with a select with PDO, so I came here to ask for your help.
I have this code below and Im getting this error:
Warning: PDOStatement::execute(): SQLSTATE[HY093]: Invalid parameter number:
parameter was not defined in `$verifyUser->execute();`
Somebody there have an ideia why this can be happening?
My Php Code:
if(!$_SESSION['result'])
{
header('Location: index.php');
}
else
{
$userId = $_SESSION['result']['id'];
$verifyUser = $pdo->prepare("SELECT * FROM aadmins where id = :userId");
$verifyUser->bindValue(":id", $userId);
$verifyUser->execute();
$num_rows = $verifyUser->rowCount();
$result = $verifyUser->fetch(PDO::FETCH_ASSOC);
}

You are using :userId in SQL query, while in bindValue you are using :id.
$verifyUser = $pdo->prepare("SELECT * FROM aadmins where id = :userId");
$verifyUser->bindValue(":id", $userId);
But it should be the same in query and bindvalue.
$verifyUser = $pdo->prepare("SELECT * FROM aadmins where id = :id");
$verifyUser->bindValue(":id", $userId);

PDOException error when running SQL Query in PDO [closed]

Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 9 years ago.
Improve this question
I am trying to run this SQL Query using PHP PDO:
$stmt = $pdo_conn->prepare("select * from billing_pdf_archive where invoice_number = :invoice_number and sequence = :sequence ");
$stmt->execute(array(
':invoicenumber' => $_GET["inv"],
':sequence' => $_GET["seq"]
)
);
$result = $stmt->fetch();
Note: $_GET["inv"] and $_GET["seq"] show data when echoed
but i am getting this error
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[HY093]: Invalid parameter number: parameter was not defined' in /home/integra/public_html/lifeline/billing/resendpdfinvoice.php:94 Stack trace: #0 /home/integra/public_html/lifeline/billing/resendpdfinvoice.php(94): PDOStatement->execute(Array) #1 {main} thrown in /home/integra/public_html/lifeline/billing/resendpdfinvoice.php on line 94
i cannot work out what is wrong with it

where invoice_number = :invoice_number
^---- underscore here
$stmt->execute(array(':invoicenumber' => $_GET["inv"],
^---no underscore here

See here
invoicenumber!=invoice_number

It appears that your query contains :invoice_number when your execution statement asks for :invoicenumber. Try setting them to the same value (:invoice_number for example)
$stmt = $pdo_conn->prepare("select * from billing_pdf_archive"
. " where invoice_number = :invoice_number and sequence = :sequence ");
$stmt->execute(array(
':invoice_number' => $_GET["inv"],
':sequence' => $_GET["seq"]
));
$result = $stmt->fetch();

Categories