Getting "Invalid parameter number" when updating database, why? - php

I'm trying to make my CMS be able to edit different fields (e.g. name). When I hit "Update", though, I get the following error:
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens' in /studenthome.hallam.shu.ac.uk/STUDENTHOME10/1/b5035381/public_html/affinity/cms/process/editRecord.php: in /studenthome.hallam.shu.ac.uk/STUDENTHOME10/1/b5035381/public_html/affinity/cms/process/editRecord.php on line 28 PDOException: SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens in /studenthome.hallam.shu.ac.uk/STUDENTHOME10/1/b5035381/public_html/affinity/cms/process/editRecord.php on line 28 Call Stack: 0.0029 659144 1. {main}() /studenthome.hallam.shu.ac.uk/STUDENTHOME10/1/b5035381/public_html/affinity/cms/process/editRecord.php:0 0.0135 672928 2. PDOStatement->execute() /studenthome.hallam.shu.ac.uk/STUDENTHOME10/1/b5035381/public_html/affinity/cms/process/editRecord.php:28
Here is my code:
<?php
ini_set('display_errors', 1);
// add your includes for connections and functions
// make sure the path is correct
require ('../../includes/conn.inc.php');
require ('../../includes/functions.inc.php');
// sanitize user variables
$splayerName = safeString($_POST['playerName']);
$splayerDescription = safeString($_POST['playerDescription']);
$splayerImage = safeString($_POST['playerImage']);
$splayerRank = safeString($_POST['playerRank']);
$splayerSpec = safeString($_POST['playerSpec']);
$splayerID = safeInt($_POST['playerID']);
// build prepare statement
$sql = "UPDATE affinity SET playerName = :playerName,
playerDescription = :playerDescription,
playerImage = :playerImage,
playerRank = :playerRank,
playerSpec = :playerSpec
WHERE playerID = :playerID";
$stmt = $pdo->prepare($sql);
$stmt->bindParam(':playerName', $splayerName, PDO::PARAM_STR);
$stmt->bindParam(':playerDescription', $splayerDescription, PDO::PARAM_STR);
$stmt->bindParam(':playerImage', $splayerImage, PDO::PARAM_STR);
$stmt->bindParam(':playerRank', $splayerRank, PDO::PARAM_STR);
$stmt->bindParam(':playerRank', $splayerRank, PDO::PARAM_STR);
$stmt->bindParam(':playerSpec', $splayerSpec, PDO::PARAM_INT);
$stmt->execute();
// redirect browser
header("Location: ../cms.php");
// make sure no other code executed
exit;
?>
I'm not sure why this isn't working; how can I fix it?


:playerRank
has been bound 2 times and
:playerID
Haven't been bound.
And :
:playerSpec
Should be bound as a string, not an int.
$stmt->bindParam(':playerName', $splayerName, PDO::PARAM_STR);
$stmt->bindParam(':playerDescription', $splayerDescription, PDO::PARAM_STR);
$stmt->bindParam(':playerImage', $splayerImage, PDO::PARAM_STR);
$stmt->bindParam(':playerRank', $splayerRank, PDO::PARAM_STR);
$stmt->bindParam(':playerSpec', $splayerSpec, PDO::PARAM_STR);
$stmt->bindParam(':playerID', $splayerID, PDO::PARAM_INT);


Where's your bind for playerID? That's whats causing it. You'e binding Rank twice and ID never, and they should be in order correct?
$stmt->bindParam(':playerName', $splayerName, PDO::PARAM_STR);
$stmt->bindParam(':playerDescription', $splayerDescription, PDO::PARAM_STR);
$stmt->bindParam(':playerImage', $splayerImage, PDO::PARAM_STR);
$stmt->bindParam(':playerRank', $splayerRank, PDO::PARAM_STR);
$stmt->bindParam(':playerSpec', $splayerSpec, PDO::PARAM_INT);
$stmt->bindParam(':playerID', $splayerID, PDO::PARAM_STR);


<?php
ini_set('display_errors', 1);
// add your includes for connections and functions
// make sure the path is correct
require ('../../includes/conn.inc.php');
require ('../../includes/functions.inc.php');
// sanitize user variables
$splayerName = safeString($_POST['playerName']);
$splayerDescription = safeString($_POST['playerDescription']);
$splayerImage = safeString($_POST['playerImage']);
$splayerRank = safeString($_POST['playerRank']);
$splayerSpec = safeString($_POST['playerSpec']);
$splayerID = safeInt($_POST['playerID']);
// build prepare statement
$sql = "UPDATE affinity SET playerName = :playerName,
playerDescription = :playerDescription,
playerImage = :playerImage,
playerRank = :playerRank,
playerSpec = :playerSpec
WHERE playerID = :playerID";
$stmt = $pdo->prepare($sql);
$stmt->bindParam(':playerName', $splayerName, PDO::PARAM_STR);
$stmt->bindParam(':playerDescription', $splayerDescription, PDO::PARAM_STR);
$stmt->bindParam(':playerImage', $splayerImage, PDO::PARAM_STR);
$stmt->bindParam(':playerRank', $splayerRank, PDO::PARAM_STR);
$stmt->bindParam(':playerSpec', $splayerSpec, PDO::PARAM_STR);
$stmt->bindParam(':playerID', $splayerID, PDO::PARAM_INT);
$stmt->execute();
// redirect browser
header("Location: ../cms.php");
// make sure no other code executed
exit;
?>

Related

Fatal error: Uncaught PDOException: SQLSTATE[HY093]: Invalid parameter number: no parameters were bound [duplicate]

Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
I'm trying to create a form that when submitted will update a database that contains user's information. I am using PDO and transactions but keep getting the following error when the form is submitted
PHP Warning: PDOStatement::execute(): SQLSTATE[HY093]: Invalid parameter number: no parameters were bound in /var/www/html/resources/memfuncs.php on line 75
Here is my code:
Settings.php
if(isset($_POST['username'])){
$id = $_SESSION['id'];
$username = $_POST['username'];
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$email = $_POST['email'];
$password1 = $_POST['password1'];
$password2 = $_POST['password2'];
if ($password1 === $password2){
updatesettings($id, $username, $first_name, $last_name, $email, $password);
}
}
I haven't included the HTML for the form, although it is also in the above file.
memfuncs.php
function updatesettings($id, $username, $first_name, $last_name, $email){
global $db;
$db->beginTransaction();
try {
// UPDATE USERNAME
$st2 = $db->prepare("UPDATE users SET username = :username WHERE id = :id");
$st2->execute();
$st2->bindParam (":username", $username, PDO::PARAM_STR);
$st2->bindParam (":id", $id, PDO::PARAM_INT);
//UPDATE FIRST + LAST NAME
$st = $db->prepare("UPDATE users SET first_name = :first_name AND last_name = :last_name WHERE id = :id");
$st->execute();
$st->bindParam (":first_name", $first_name, PDO::PARAM_STR);
$st->bindParam (":last_name", $last_name, PDO::PARAM_STR);
$st->bindParam (":id", $id, PDO::PARAM_INT);
// UPDATE Email
$st3 = $db->prepare("UPDATE users SET email = :email WHERE id = :id");
$st3->execute();
$st3->bindParam(":email", $email, PDO::PARAM_STR);
$st3->bindParam(":id", $id, PDO::PARAM_INT);
// COMMIT CHANGES
$db->commit();
} catch (Exception $error){
$db->rollBack();
echo "Failed: " . $error->getMessage();
}
}
What am I doing wrong?

You need to bind the parameters before you execute the statement. It is when the statement is executed that the parameters are evaluated, so they need to be set by this point!
So your code should look like this:
$st2 = $db->prepare("UPDATE users SET username = :username WHERE id = :id");
$st2->bindParam (":username", $username, PDO::PARAM_STR);
$st2->bindParam (":id", $id, PDO::PARAM_INT);
$st2->execute();
Note that bindColumn, which is about getting the results from a query, generally should be run after execute.

You executed to early, execute() should be the last thing you do after preparing and binding:
$st3 = $db->prepare("UPDATE users SET email = :email WHERE id = :id");
$st3->bindParam(":email", $email, PDO::PARAM_STR);
$st3->bindParam(":id", $id, PDO::PARAM_INT);
$st3->execute();
So fix this in the 3 places when you execute(), also if you're going to catch exceptions catch PDOException and put $db->beginTransaction(); in the try block because that can fail!

PDO: date not inserting, suggestions?

I'm trying to insert a date into the database using the following code, I get the following error: Error: SQLSTATE[22007]: Invalid datetime format: 7 ERROR: invalid input syntax for type date: ""
So the date is not being passed, yet I can return the date from the POST: echo $_SESSION['dateOpen']; this returns the date as 2014-06-01
I'm a bit of a noob, so any suggestions are welcome. Using postgresql database.
try {
$sql2 = "INSERT INTO excavation.contexts_spatial
(area_easting,
area_northing,
context_number,
open_date,
close_date,
excavation_method,
contamination,
zooarchaeology_comments,
ceramic_comments) VALUES (
:area_easting,
:area_northing,
:context_number,
:open_date,
:close_date,
:excavation_method,
:contamination,
:zooarchaeology_comments,
:ceramic_comments)";
$stmt2 = $conn->prepare($sql2);
// prepare sql and bind parameters
$stmt2->bindParam(':area_easting', $area_easting, PDO::PARAM_INT);
$stmt2->bindParam(':area_northing', $area_northing, PDO::PARAM_INT);
$stmt2->bindParam(':context_number', $nextContext, PDO::PARAM_INT);
$stmt2->bindParam(':open_date', $open_date, PDO::PARAM_STR);
$stmt2->bindParam(':close_date', $close_date, PDO::PARAM_STR);
$stmt2->bindParam(':excavation_method', $excavation_method, PDO::PARAM_STR);
$stmt2->bindParam(':contamination', $contamination, PDO::PARAM_STR);
$stmt2->bindParam(':zooarchaeology_comments', $excavation_method, PDO::PARAM_STR);
$stmt2->bindParam(':ceramic_comments', $excavation_method, PDO::PARAM_STR);
// insert a row
$area_easting = $_SESSION['area_easting'];
$area_northing = $_SESSION['area_northing'];
$nextContext = $_SESSION['nextContext'];
$open_date = $_SESSION['dateOpen'];
$close_date = $_SESSION['dateClose'];
$excavation_method = $_SESSION['excavationMethod'];
$contamination = $_SESSION['contamination'];
$zooarchaeology_comments = $_SESSION['zooarchaeologyComments'];
$ceramic_comments = $_SESSION['ceramicComments'];
$stmt2->execute();
echo "New records created successfully in contexts spatial<br />";
}
catch(PDOException $e)
{
echo "Error: " . $e->getMessage();
}

You are executing the query twice: Once before you assign your session variables to the parameters you have bound in the query and once after.
You need to remove the first $stmt2->execute(); statement.

Trouble updating mysql with PDO statement [duplicate]

This question already has an answer here:
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
Closed 6 years ago.
I get the following error:
Fatal error: Uncaught exception 'PDOException' with message
'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an
error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near 'High_Priority =
'NO', Private_Locate = 'NO', Ticket_Revision_Number = '1' ' at line 8'
in /home3/cmschu/public_html/pl/811/edit_ticket_submit.php:102 Stack
trace: #0
/home3/cmschu/public_html/pl/811/edit_ticket_submit.php(102):
PDOStatement->execute() #1 {main} thrown in
/home3/cmschu/public_html/pl/811/edit_ticket_submit.php on line 102
when running the following PDO statement:
// configuration
include('811_common.php');
date_default_timezone_set('America/Los_Angeles');
// new data
$Member_Code = $_POST['Member_Code'];
$State = $_POST['State'];
$Ticket_Number = $_POST['Ticket_Number'];
$Start_Date = $_POST['Start_Date'];
$Arrive = $_POST['Arrive'];
$Depart = $_POST['Depart'];
$COB01_WATER = $_POST['COB01_WATER'];
$COB01_SEWER = $_POST['COB01_SEWER'];
$COB01_STORM = $_POST['COB01_STORM'];
$COB01_LIGHTS = $_POST['COB01_LIGHTS'];
$COB01_HOURLY = $_POST['COB01_HOURLY'];
$COB01_SV = $_POST['COB01_SV'];
$COB01_ONCALL = $_POST['COB01_ONCALL'];
$NEWB01_POTABLE_WATER = $_POST['NEWB01_POTABLE_WATER'];
$NEWB01_REUSE_WATER = $_POST['NEWB01_REUSE_WATER'];
$NEWB01_DATA_COM = $_POST['NEWB01_DATA_COM'];
$NEWB01_SL = $_POST['NEWB01_SL'];
$Locate_Code = $_POST['Locate_Code'];
$Ticket_Status = $_POST['Ticket_Status'];
$Int_Note = $_POST['Int_Note'];
$Bill_Status = $_POST['Bill_Status'];
$High_Priority = $_POST['High_Priority'];
$Private_Locate = $_POST['Private_Locate'];
$Ticket_Revision_Number = $_POST['Ticket_Revision_Number'];
$db_ID = $_POST['db_ID'];
// query
$sql="UPDATE billing
SET Member_Code = :Member_Code, State = :State, Ticket_Number = :Ticket_Number, Start_Date = :Start_Date, Arrive = :Arrive, Depart = :Depart,
COB01_WATER = :COB01_WATER, COB01_STORM = :COB01_STORM, COB01_SEWER = :COB01_SEWER, COB01_LIGHTS = :COB01_LIGHTS, COB01_HOURLY = :COB01_HOURLY, COB01_SV = :COB01_SV, COB01_ONCALL = :COB01_ONCALL,
NEWB01_POTABLE_WATER = :NEWB01_POTABLE_WATER, NEWB01_REUSE_WATER = :NEWB01_REUSE_WATER, NEWB01_DATA_COM = :NEWB01_DATA_COM, NEWB01_SL = :NEWB01_SL,
Locate_Code = :Locate_Code, Ticket_Status = :Ticket_Status, Int_Note = :Int_Note, Bill_Status = :Bill_Status, High_Priority = :High_Priority, Private_Locate = :Private_Locate, Ticket_Revision_Number = :Ticket_Revision_Number
WHERE db_ID LIKE :db_ID ";
$q = $db1->prepare($sql);
$q->bindValue(':Member_Code', $Member_Code, PDO::PARAM_STR);
$q->bindValue(':State', $State, PDO::PARAM_STR);
$q->bindValue(':Ticket_Number', $Ticket_Number, PDO::PARAM_STR);
$q->bindValue(':Start_Date', $Start_Date, PDO::PARAM_STR);
$q->bindValue(':Arrive', $Arrive, PDO::PARAM_STR);
$q->bindValue(':Depart', $Depart, PDO::PARAM_STR);
$q->bindValue(':COB01_WATER', $COB01_WATER, PDO::PARAM_STR);
$q->bindValue(':COB01_SEWER', $COB01_SEWER, PDO::PARAM_STR);
$q->bindValue(':COB01_STORM', $COB01_STORM, PDO::PARAM_STR);
$q->bindValue(':COB01_LIGHTS', $COB01_LIGHTS, PDO::PARAM_STR);
$q->bindValue(':COB01_HOURLY', $COB01_HOURLY, PDO::PARAM_STR);
$q->bindValue(':COB01_SV', $COB01_SV, PDO::PARAM_STR);
$q->bindValue(':COB01_ONCALL', $COB01_ONCALL, PDO::PARAM_STR);
$q->bindValue(':NEWB01_POTABLE_WATER', $NEWB01_POTABLE_WATER, PDO::PARAM_STR);
$q->bindValue(':NEWB01_REUSE_WATER', $NEWB01_REUSE_WATER, PDO::PARAM_STR);
$q->bindValue(':NEWB01_DATA_COM', $NEWB01_DATA_COM, PDO::PARAM_STR);
$q->bindValue(':NEWB01_SL', $NEWB01_SL, PDO::PARAM_STR);
$q->bindValue(':Locate_Code', $Locate_Code, PDO::PARAM_STR);
$q->bindValue(':Ticket_Status', $Ticket_Status, PDO::PARAM_STR);
$q->bindValue(':Int_Note', $Int_Note, PDO::PARAM_STR);
$q->bindValue(':Bill_Status', $Bill_Status, PDO::PARAM_STR);
$q->bindValue(':High_Priority', $High_Priority, PDO::PARAM_STR);
$q->bindValue(':Private_Locate', $Private_Locate, PDO::PARAM_STR);
$q->bindValue(':Ticket_Revision_Number', $Ticket_Revision_Number, PDO::PARAM_STR);
$q->bindValue(':db_ID', $db_ID, PDO::PARAM_INT);
$q->execute();
?></span>

HIGH_PRIORITY is a MySQL Reserved Word.
https://dev.mysql.com/doc/refman/5.7/en/keywords.html
If you want to use that as an identifier (e.g. the name of a column), references to the identifier must be properly escaped. The normal MySQL pattern is to enclose the identifier in backtick character. For example:
, Bill_Status = :Bill_Status
, `High_Priority` = :High_Priority
, Private_Locate = :Private_Locate

PHP MYSQL update syntax error

So I have a rather big form that is used to update the database. I am having trouble now with this block of code that inserts data from a form. Previously it was working but I changed the form to show "open" transactions so a user knows which transaction number to close. Now I get syntax/access violations. Rtransid is the key, if anyone was wondering. Thanks for any help.
//If there are any errors, display the form again. Otherwise, insert the data
if(!count($errors)){
$sql = "UPDATE repairorder SET
date = :date,
tech = :tech,
dispatcher = :dispatcher,
booth = :booth,
worktype = :worktype,
descript = :descript,
comment = :comment,
fstop = :fstop,
devtemp = :devtemp,
counter = :counter,
numstrips = :numstrips,
fserial = :fserial,
status = :status,
odate = :odate,
cdate = :cdate,
WHERE rtransid = :rtransid";
$stmt = $db->prepare($sql);
$stmt->bindParam(':rtransid', $_POST['rtransid'], PDO::PARAM_STR);
$stmt->bindParam(':date', $_POST['date'], PDO::PARAM_STR);
$stmt->bindParam(':tech', $_POST['tech'], PDO::PARAM_STR);
$stmt->bindParam(':dispatcher', $_POST['dispatcher'], PDO::PARAM_STR);
$stmt->bindParam(':booth', $_POST['booth'], PDO::PARAM_STR);
$stmt->bindParam(':worktype', $_POST['worktype'], PDO::PARAM_INT);
$stmt->bindParam(':descript', $_POST['descript'], PDO::PARAM_STR);
$stmt->bindParam(':comment', $_POST['$comment'], PDO::PARAM_STR);
$stmt->bindParam(':fstop', $_POST['fstop'], PDO::PARAM_STR);
$stmt->bindParam(':devtemp', $_POST['devtemp'], PDO::PARAM_STR);
$stmt->bindParam(':counter', $_POST['counter'], PDO::PARAM_STR);
$stmt->bindParam(':numstrips', $_POST['numstrips'], PDO::PARAM_STR);
$stmt->bindParam(':fserial', $_POST['fserial'], PDO::PARAM_STR);
$stmt->bindParam(':status', $_POST['status'], PDO::PARAM_STR);
$stmt->bindParam(':odate', $_POST['odate'], PDO::PARAM_STR);
$stmt->bindParam(':cdate', $_POST['cdate'], PDO::PARAM_INT);
//var_dump($stmt); //used for error control in dummy server
$stmt->execute();
}

If the error message looks like this You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE rtransid = ...' at line 1, you should update your query like so.
$sql = "UPDATE repairorder SET
date = :date,
tech = :tech,
dispatcher = :dispatcher,
booth = :booth,
worktype = :worktype,
descript = :descript,
comment = :comment,
fstop = :fstop,
devtemp = :devtemp,
counter = :counter,
numstrips = :numstrips,
fserial = :fserial,
status = :status,
odate = :odate,
cdate = :cdate
WHERE rtransid = :rtransid";
You probably miss the comma after :cdate

arbitrary value from checkbox causes hard time executing SQL statement on PDO

Sirs! I have a php script that handles multiple row update with PDO.
I want to add a checkbox that updates my database specific column by timestamp 30days from now if ticked.
The problem is ofc, when it is not ticked, there would be no value sent to its key, so I would end up with: It returns this error
Uncaught exception 'PDOException' with message SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use...
So I'm asking for help if there's turn around for this, here is my PHP code:
if (isset($_POST['submit'])) {
$stmt = $db->prepare("UPDATE `$tbl_name` SET `ssl`=:ssl, `exp`=:exp, `country`=:country, WHERE id=:id");
$stmt->bindParam(':id', $id, PDO::PARAM_INT);
$stmt->bindParam(':ssl', $ssl, PDO::PARAM_STR);
$stmt->bindParam(':exp', $exp, PDO::PARAM_STR);
$stmt->bindParam(':country', $country, PDO::PARAM_STR);
foreach ($_POST['ssl'] as $id => $ssl) {
if(isset($_POST['thirtydays'][$id])){
$exp = $_POST['thirtydays'][$id];
}
$country = $_POST['country'][$id];
$stmt->execute();
}
echo '<h1>Updated the records.</h1>';
}
exp is the timestamp column. Here is the checkbox as HTML:
<input type="checkbox" name="thirtydays[80]" value="2014-02-04 04:04:53">
<input type="text" name="country[80]" value="DE" />
<input type="text" name="ssl[80]" value="false"/>
Note the structure: thirtydays[$id], the timestamp in value is generated by date( "Y-m-d H:i:s",strtotime("+30 days"))
Hope somebody can help me. Thanks in advance and more power.

$exp=''; $country=''; $ssl='';
if (isset($_POST['submit'])) {
$stmt = $db->prepare("UPDATE `$tbl_name` SET `ssl`=:ssl, `exp`=:exp, `country`=:country WHERE id=:id");
$stmt->bindParam(':id', $id, PDO::PARAM_INT);
$stmt->bindParam(':ssl', $ssl, PDO::PARAM_STR);
$stmt->bindParam(':exp', $exp, PDO::PARAM_STR);
$stmt->bindParam(':country', $country, PDO::PARAM_STR);
foreach ($_POST['ssl'] as $id => $ssl) {
if(isset($_POST['thirtydays'][$id])){ $exp = $_POST['thirtydays'][$id]; }
$country = $_POST['country'][$id];
$stmt->execute();
}
echo '<h1>Updated the records.</h1>';

Query is executed only when checkbox is checked since if (isset($_POST['thirtydays'][$id]))
Also you set the $exp variable after you bind it to statement.
Same goes to $country variable
if (isset($_POST['submit'])) {
$stmt = $db->prepare("UPDATE `$tbl_name` SET `ssl`=:ssl, `exp`=:exp, `country`=:country WHERE id=:id");
$stmt->bindParam(':id', $id, PDO::PARAM_INT);
$stmt->bindParam(':ssl', $ssl, PDO::PARAM_STR);
foreach ($_POST['ssl'] as $id => $ssl) {
if(isset($_POST['thirtydays'][$id])){
$exp = $_POST['thirtydays'][$id];
} else {
$exp = '';
}
$country = $_POST['country'][$id];
$stmt->bindParam(':exp', $exp, PDO::PARAM_STR);
$stmt->bindParam(':country', $country, PDO::PARAM_STR);
$stmt->execute();
}
echo '<h1>Updated the records.</h1>'; }
You have comma just before WHERE in your statement. This may be the problem.

To all who wonders (probably) what's actually wrong with the OP's code: inside the UPDATE `$tbl_name` SET `ssl`=:ssl, `exp`=:exp, `country`=:country, WHERE id=:id, the comma before WHERE is a syntax error. That's all.

Categories