It's all the day that I'm stuck with this simple prepared statement:
// $conn it's my PDO Object
// and $intervention my params'array
$s = $conn->prepare("INSERT INTO intervention(firm_id,category,subject,amount,start_date,end_date) VALUES(:firm_id,':category',':subject',:amount,':start_date',':end_date')");
$result = $s->execute(array(
'firm_id' => $firm_id ,
'category' => $intervention["category"] ,
'subject' => $intervention["subject"] ,
'amount'=> $intervention["amount"] ,
'start_date'=> $intervention["start_date"],
'end_date'=>$intervention["end_date"]
));
The execute will give me:
Warning: PDOStatement::execute(): SQLSTATE[HY093]: Invalid parameter number: :category
Can someone help me understand what is wrong with this simple code?
In this part of the query:
VALUES(:firm_id,':category',
:category is taken as a literal string and not as a parameter name, because of the quotes enclosing it.
There should be no quotes around parameter names, as in:
...VALUES(:firm_id, :category,...
There is the same mistake for the other non-numeric parameters of the rest of the query.
Parameters name should not have a quotes. The prepared statement will do the replacement properly. Pay attention too at the number of parameters you write in the query and what will you bind on execute method.
Related
I got this error when using the code below (everything is in a try catch block):
SQLSTATE[HY093]: Invalid parameter number: number of bound variables
does not match number of tokens
$item_q = 4;
$item_no = 12;
$update = $db->prepare("UPDATE stock
SET quantity = quantity - :item_q
WHERE item_number = :item_no");
$update->execute([':item_q' => $item_q]);
$update->execute([':item_no' => $item_no]);
It is something with the :item_q that is causing problem and i do not what it is. It works when I replace the :item_q in the sql query with a number. I am happy for some help! :)
Issue
Currently you're executing twice with one parameter bound each time.
Solution
You want to either bind the parameters first then execute, or execute with both parameters bound.
Executing with both bound values in PDOStatement::execute() function
$update->execute([":item_q" => $item_q, ":item_num" => $item_no]);
Executing after binding parameters with PDOStatement::bindParam() function
$update->bindParam(":item_q", $item_q, PDO::PARAM_INT);
$update->bindParam(":item_num", $item_no, PDO::PARAM_STR);
$update->execute();
Problem is with executing your statement two times.
$update->execute([':item_q' => $item_q]);
$update->execute([':item_no' => $item_no]);
Combine it into one as
$update->execute([':item_q' => $item_q,':item_no' => $item_no]);
Try this and let me know if it doesn't work
$update->execute([':item_q' => $item_q,':item_no' => $item_no]);
After long research I could not find a exact solution for the PDOException SQLSTATE[HY093]
I am using yii 2 frame work and i have problem when using between condition.
$query = SalesOrder::find()->where(['between','created_date', ':fromDate', ':toDate']);
$query->addParams([':fromDate' => $salesReport->fromDate,':toDate' => $salesReport->toDate]);
$query->all();
tried differently same problem.
$qString1=':fromDate';
$qString2=':toDate';
$query = SalesOrder::find()->where(['between','created_date',$qString1,$qString2]);
$query->addParams([':fromDate' => $salesReport->fromDate],[':toDate' => $salesReport->toDate]);
$query->all();
Caused by: PDOException
SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens
You can not pass parameter name in this case. try :
$query = SalesOrder::find()->where(['between','created_date', $salesReport->fromDate, $salesReport->toDate]);
$query->all();
Or, If you'd like to use parameter, try :
$query = SalesOrder::find()->where('created_date BETWEEN :fromDate AND :toDate');
$query->addParams([':fromDate' => $salesReport->fromDate],[':toDate' => $salesReport->toDate]);
$query->all();
$Query = pg_query_params($db, 'SELECT username FROM users WHERE id = $1 AND password=(crypt(\'$2\',password)) LIMIT 1', array(33,'thepassword'));
"bind message supplies 2 parameters, but prepared statement "" requires 1"
The problem seem around the '$2' parameter, heredoc string doesnt works.
Suggestions ?
Single quotes are used in SQL for string literals. That means that this:
'$2'
is just a string that contains the characters $ and 2 rather than a placeholder. If you want a placeholder, you need to leave out the quotes:
$Query = pg_query_params($db, '...password=(crypt($2,password))...', array(33,'thepassword'));
That gives you the placeholder rather than the string literal.
For an SQL query involving multiple tables, how do I construct such PDO statement like this?
Because this doesn't work:
$stmt = $pdo -> prepare("UPDATE category, product
SET product.category_id = category.id,
product.xxx = :product.xxx,
category.yyy = :category.yyy
WHERE product.category_slug = category.slug
AND product.aaa = :product.aaa"
);
$stmt->execute(array(
'product.xxx' => '',
'category.yyy' => '',
'product.aaa' => ''
));
Which gives these errors:
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[HY093]:
Invalid parameter number: parameter was not defined'
PDOException: SQLSTATE[HY093]: Invalid parameter number: parameter was not defined
How do I make this work? PDO doesn't seem to allow period dots in marked parameters? I guess I'm doomed with underscores?
Here are the allowed characters for named placeholders:
[:][a-zA-Z0-9_]+;
Alphanumeric and underscores.
Ref. https://github.com/php/php-src/blob/master/ext/pdo/pdo_sql_parser.re (this is the source)
I'm having some difficulty with implementing fulltext() searching into my queries. Now the parameters in the AGAINST() segment won't invoke an error - unless they're wrapped in single-quotes.
Error: PDOStatement::execute(): SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens
Which makes sense as they shouldn't be literals, instead, they should be strings, so the values aren't be bound, right? But in order for this query to function the parameters in AGAINST() must be surrounded by single quotes.
MATCH(features) AGAINST(':feature_set :feature_unset')
$bind_array[":feature_set"] = $feature_set;
$bind_array[":feature_unset"] = $feature_unset;
$stmt = $conn->prepare($query);
$stmt->execute($bind_array);
:feature_set :feature_unset
Would return a string formatted like so:
+Softaculous -Free Domain -Site Builder -Fantastico
Does anyone know of a solution for this? Much appreciated, thanks!
Try it this way
$query = '... MATCH(features) AGAINST(:against IN BOOLEAN MODE)';
$bind_array[":against"] = $feature_set . ' ' . $feature_unset;
$stmt = $conn->prepare($query);
$stmt->execute($bind_array);
Here is SQLFiddle demo.