i read few topics here but i dont find right answer.
I am getting this error:
Warning: PDOStatement::execute() [pdostatement.execute]: SQLSTATE[HY093]: Invalid
parameter number: number of bound variables does not match number of tokens in
....
PHP code:
$sarray[':item1'.$i] = $ws->getCell($item1.$i)->getValue();
$sarray[':item2'.$i] = $ws->getCell($item2.$i)->getValue();
$sarray[':item3'.$i] = $ws->getCell($item3.$i)->getValue();
$sql = update ...
$sql1 = $DB->prepare($sql);
$sql1->execute($sarray);
And after executing i am getting Error(it is at top).
Problem:
Problem is that, $sarray[':item1'.$i] and $sarray[':item2'.$i] have same definition and if add third $sarray[':item3'.$i] it makes fault, but i dont know how to fix it.
Thanks for any response.
Related
today I encounter an issue after upgrading from PHP 7.4 to PHP 8.1.
All the time I was using this code to establish an MySQL connection:
<?php
$kundencode=$_SESSION['kdnr'];
$i=0;
$q = $pdo->prepare("SELECT * FROM qi_rechnungen WHERE kdnr='$kundencode' ORDER BY rgnr DESC");
$q->execute([$_SESSION['id']]);
$res = $q->fetchAll();
foreach ($res as $row) {
$i++;
?>
This worked fine, but when using PHP 8.1 my system throws:
Fatal error: Uncaught PDOException: SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens in /home/clients-de/public_html/rechnungen2.php:60 Stack trace: #0 /home/clients-de/public_html/rechnungen2.php(60): PDOStatement->execute(Array) #1 {main} thrown in...
I can't see any mistake!?
What's the difference here between PHP 7.4 and 8.1?
Thank you for help...
The change that you encountered is that before PHP 8, PDO's error mode was set to silent by default. If it encountered any errors, it would just ignore them. This has now changed to the exception mode; every time an error is encountered, an exception will be thrown. So the issue was there before, it just remained unreported.
About the actual issue: you should really read up about prepared statements, they will make your code a lot safer. You're not providing any placeholders for prepared variables in your query, but you are passing them in the following line (which results in the exception):
$q->execute([$_SESSION['id']]);
As far as I see, the session ID is completely unnecessary for your query, but you could pass your customer number as a variable. The following should fix your issue:
$q = $pdo->prepare("SELECT * FROM qi_rechnungen WHERE kdnr=? ORDER BY rgnr DESC");
$q->execute([$kundencode]);
First of all, you shouldn't inline raw variables in query, use param binding.
Invalid parameter number: number of bound variables does not match number of tokens
This means that count of array passed into PDO::execute() method is different with count of params in query.
For your case, maybe this solution helps you:
// let's assume there is '5'
$kundencode=$_SESSION['kdnr'];
$q = $pdo->prepare("SELECT * FROM qi_rechnungen WHERE kdnr=:kundencode ORDER BY rgnr DESC");
// pass $kundencode into query
$q->bindValue('kundencode', $kundencode);
// SELECT * FROM qi_rechnungen WHERE kdnr='5' ORDER BY rgnr DESC
$q->execute();
If you want to pass $_SESSION['id'] into query, you must specify it in query template explicitly
#vixducis : That's exactly what I finally did yesterday - and got it to work as desired:
$q = $pdo->prepare("SELECT * FROM qi_domains WHERE kdnr = ? AND aktiv = ? ORDER BY id DESC");
$q->execute([$_SESSION['kdnr'], 0]);
So let me thank you all for your kind support!
I use PDO to execute sql
"INSERT INTO zhushou_cost_uid
(uid,imei,wmac,imsi,channel,supplier,uuid,brand,device_model,os,os_version,app_version,promotion_method,log_source,takeup_date)
VALUES
('863207010118070','863207010118070','02037ff459cb','460025323359694','sc-hjcx_ins_cgq','','�ܟ*c�1�]�y�.���#���h���!�o ��z�!Y�~��t8�KOd�xd]���sm����n%$����H����[?�p���M����','KINGSUN','KINGSUN S6','Android','4.1.2','3.2','','1','2015-11-29 03:21:21')",
PHP code:
$db = $this->getWritableDB();
$stmt = $db->prepare($sql);
$exec = $stmt->execute();
the data of uuid is dirty data, and in our log it is
"uuid":"�ܟ*c�1�]�y�.���#��\u0015�h\u001a���!\u001c�\u0013o �\u0013�z�\u0000!Y�~��t8�KOd�xd]�\u0001��sm\u0016����\u0001n\u0013%$����H����[\u0003?�p���M��\u001a��"
I got the result
SQLSTATE[HY093]: Invalid parameter number: no parameters were bound.
When I try to copy the sql onto the terminator, exiting the mysql login status. I think there is something wrong in uuid. But I can not figure out it. Can anyone help me? Thank you very much!
$stmt = $db->prepare($sql);
Since you're preparing your statement, if there's anything in it that can be interpreted as a question mark or colon, it will be taken as a placeholder and you're expected to then pass values for it in the execute step. Since this is not actually what you're intending, don't prepare the statement if you don't intend to have placeholders in it. Instead:
$db->exec($sql);
Having said that, it's suspicious that you're passing a fully formed SQL query in $sql; perhaps you should be rewriting this whole thing so you do have actual placeholders in your query and are passing the actual values separately to execute.
I'm making an IS and I have a problem with updating mysql table. I'm using PHP 5.3 and PDO.
$query_update = $this->db_connection->prepare('UPDATE Client SET name =: name, surname=:surname WHERE id=:id');
$query_update->bindValue(':id', $id, PDO::PARAM_INT);
$query_update->bindValue(':name', $name, PDO::PARAM_STR);
$query_update->bindValue(':surname', $surname, PDO::PARAM_STR);
$query_update->execute();
Warning: PDOStatement::execute() [pdostatement.execute]: SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens in file on line X.
The Warning is referencing line with execute().
Thanks for help.
EDIT: It's working now, again thanks for help.
You have a space too much. Correct you query to this:
$this->db_connection->prepare('UPDATE Client SET name =:name, surname=:surname WHERE id=:id');
// -----------------------------------------------------^
This lead to only two variables being used in the query, which didn't match the 3 variables you provided.
(Your query in the current form should throw an error anyways at the same position.)
I've found so many existing questions asking about this error but none of them relate to my code's situation so despite searching for a while I've had to start a new question.
I'm writing a PDO prepared statement in PHP and i'm getting the error code:
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[HY093]: Invalid parameter number: parameter was not defined' in...
The query that has been build so far is:
SELECT * FROM esl_comments, esl_articles WHERE esl_comments.commentSet=:esl_comments.commentSet AND esl_comments.commentSetInstanceID=:esl_comments.commentSetInstanceID AND esl_comments.commentVisible=:esl_comments.commentVisible AND esl_comments.commentID=:esl_comments.commentID;
And the data is being passed to the function which attempts to execute the query just fine. I've echo'ed it and it appears as:
esl_comments.commentSet - article
esl_comments.commentSetInstanceID - esl_articles.articleID
esl_comments.commentVisible - Y
esl_comments.commentID - 2
So there are four placeholders in the query, and all four are being satisfied with data but when I try to execute the query after binding it is giving the above error.
Does anyone have any ideas what may be causing it?
Placeholders must be alphanumeric or underscore.
:esl_comments.commentSet is not a valid placeholder. Try just :commentSet instead.
(And of course the other ones will need to be replaced as well)
Today I encountered a bug (in PDO) I never saw before, but is kinda obvious when you think about it.
I got the following error:
Warning: PDOStatement::execute() [pdostatement.execute]: SQLSTATE[HY093]: Invalid parameter number:
The query I was using was similar to the following:
SELECT
x
FROM
y
WHERE
-- CHECKING IF X = :Z --
x = :y
AND
1 = 2
Obviously I had more parameters and a longer query.
Why does it give me this error?
The solution is obvious: PDO disregards comments as such and tries to bind the non-existent variable ':Z'. You can't use parameters in comments in PDO (unless you do bind them).
There's a similar bug using question marks in comments.