Today I encountered a bug (in PDO) I never saw before, but is kinda obvious when you think about it.
I got the following error:
Warning: PDOStatement::execute() [pdostatement.execute]: SQLSTATE[HY093]: Invalid parameter number:
The query I was using was similar to the following:
SELECT
x
FROM
y
WHERE
-- CHECKING IF X = :Z --
x = :y
AND
1 = 2
Obviously I had more parameters and a longer query.
Why does it give me this error?
The solution is obvious: PDO disregards comments as such and tries to bind the non-existent variable ':Z'. You can't use parameters in comments in PDO (unless you do bind them).
There's a similar bug using question marks in comments.
Related
I have an error since yesterday on my crud and I'm becoming crazy.
For editing entries in my database, I have two files:
edit.php with the editing form identified by the parameter id
see code
doedit.php that actually modify the entry in database
see code
and the warning returned is :
PDOStatement::execute(): SQLSTATE[HY093]: Invalid parameter number: parameter was not defined in /Users/joseteixeira/Sites/TP-PHP/admin/doedit.php on line 47
Any idea on what might have gone wrong ?
In your doedit.php, you have this line in your query:
`p` = p,
Change this to:
`p` = :p,
Your error says that "parameter" was not defined, so kindly remove parameter from bindValue function.
$statement->bindValue(":slug", $slug);
In your SQL statement please use
p = :p
You have missed: while assigning value.
I think you forgot to put a : before p (should be :p) on 28 number line in your doedit file.
I am Getting Warning Like Warning: PDO::query() expects parameter 1 to be string, object given in C:\xampp\htdoc And Values are not Going to insert in database.
Can anybody please me I am Stuck With Problem From Many Days
Here is code:-
<?php
if(isset($_POST['btn_Add']))
{
// Step 1: Establish a connection
$conn = new PDO("mysql:host=localhost; dbname=DbName", 'root', '');
$MaxId ="2";
$Feild_1 =$_POST['txt_Feild1']; //datatype int
$Feild_2 =$_POST['txt_Feild2']; //datatype varchar
$Feild_3 =$_POST['txt_Feild3']; //varchar
// Step 2: Construct a query
$insert_query=$conn->prepare("Insert INTO Dbname (Max_Id, Feild_1, Feild_2, Feild_3)
values (:Max_Id,:Feild_1, :Feild_2, :Feild_3,");
// Step 3: Send the query
$result=$conn->query($insert_query);
// STEP 4:Bind The Placeholder name to specific Script variables
$insert_query->bindParam(':Max_Id', $Max_Id);
$insert_query->bindParam(':Feild_1', $Field_1);
$insert_query->bindParam(':Feild_2', $Field_1);
$insert_query->bindParam(':Feild_3', $Field_1);
//Step 5 Execute Query
$insert_query->execute();
}//OUTER IF END
?>
PDO Warning :-Warning: PDO::query() expects parameter 1 to be string, object given in C:\xampp\htdocs\BSNL Project\Add_Pin_Unpin_File(Without Auto Increment).php on line 109
[]
Step 1 - Fix your SQL:
So, with the code you've given, you've actually got an SQL error. If we take the SQL out of the PHP, it looks like...
Insert INTO Dbname (Max_Id, Feild_1, Feild_2, Feild_3)
values (:Max_Id,:Feild_1, :Feild_2, :Feild_3,
So the issue with this is that, first, you have a trailing comma that shouldn't be there, and you're missing a trailing ) that closes the values part of the query.
As a side note, you're using Dbname as a table name. Whether this is correct or not, we don't know, that depends on you.
Step 2 - Use PDO correctly:
The warning message you've provided is;
PDO Warning :-Warning: PDO::query() expects parameter 1 to be string, object given in C:\xampp\htdocs\BSNL Project\Add_Pin_Unpin_File(Without Auto Increment).php on line 109
If you look at the documentation the query method expects at least one parameter which has to be a string. This method returns an instance of PDOStatement and runs an execute straight away. As far as I know, it does not support prepared statements.
So the warning comes because you've called prepare with your SQL statement which returns an object of type PDOStatment, and then pass that returned object as the first parameter which as expected throws a warning saying that you've not passed a string.
By simply removing the line $result=$conn->query($insert_query); you will remove the warning message without causing other issues as it's not necessary anyway as you bind and then execute the query manually afterwards.
If there are further issues, then I'd suggest you have a look at setting the exception mode on your PDO connection variable and seeing what comes up.
Step 3 - Fix your binds
The final issue that I can see is with the following...
$insert_query->bindParam(':Max_Id', $Max_Id);
You bind $Max_Id but earlier in your code, you actually create the variable $MaxId.
The same goes for the fields. You bind $Field_1, but your actual variable is $Feild_1.
Finally, you're binding the same variable for multiple placeholders which doesn't seem quite right when you appear to have defined different variables for each one.
You need to call execute for the prepared queries.
http://php.net/manual/en/pdostatement.execute.php
$insert_query->execute();
(Side-note: Blocking ! in question titles doesn't stop smart-arses like me putting U+203C Double Exclamation Mark instead :p)
After a quick round of debugging, I found this:
$query = <<<END
SELECT
`column1`, `column2`,
SOME_FUNCTION(`column3`) -- process in PHP instead?
FROM `tablename`
WHERE `condition` BETWEEN ? AND ?
END;
$stmt = $pdo->prepare($query);
$stmt->execute(array(1,10));
And got this:
Uncaught Exception » RuntimeException » PDOException:
SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens
Do you see the problem?
The question mark in the comment -- process in PHP instead? is interpreted as a token to bind a parameter to! PDO then expects three parameters instead of the two that were passed.
Now, obviously the simple solution was to just rewrite the comment, but this feels like I'm avoiding what may be a bigger issue.
Is there perhaps something wrong with PDO, or is there an option I can set to have it understand MySQL comments?
You can have comments, but not those with ? in them or other things like :x that would be interpreted as placeholders.
PDO does not understand SQL syntax. It's treating all that text as something that needs to be examined for placeholders. When emulating prepared statements this is what will happen.
This question already has answers here:
Warning: PDOStatement::bindValue(): SQLSTATE[HY093]: Invalid parameter number: Columns/Parameters are 1-based
(2 answers)
Closed 6 years ago.
My code is:
.....
.....
$sql = 'SELECT '.$return_fields.' FROM '.$table.' WHERE '.$search_field.'=:'.$search_field;
$stmt = $conn->prepare($sql);
$stmt->bindParam($search_field, $search_val);
$stmt->execute();
....
....
where $search_field = 'reg_user_linked', $search_val = 'aa#gmail.com'.
This error occurs when execute the statement and I couldn't figure out why:
Invalid parameter number: Columns/Parameters are 1-based
Can anyone help?
After hours of trying, I found out that this error only occurs when I was in debugging mode. If I ran the code and print the result, it works.....
Does anyone know why this happens? (My IDE is NetBeans 7.2, debug tool is xdebug)...
When binding the parameter you need to specify the : in the parameter name:
$stmt->bindParam(':' . $search_field, $search_val);
You are getting an error because this is missing and the code falls back to expecting an integer value to indicate the parameter position (as if you were using ?-style parameters).
Note this description of the first parameter for PDOStatement::bindParam() from the documentation.
parameter
Parameter identifier. For a prepared statement using named placeholders, this will be a parameter name of the form :name. For a
prepared statement using question mark placeholders, this will be the
1-indexed position of the parameter.
I've found so many existing questions asking about this error but none of them relate to my code's situation so despite searching for a while I've had to start a new question.
I'm writing a PDO prepared statement in PHP and i'm getting the error code:
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[HY093]: Invalid parameter number: parameter was not defined' in...
The query that has been build so far is:
SELECT * FROM esl_comments, esl_articles WHERE esl_comments.commentSet=:esl_comments.commentSet AND esl_comments.commentSetInstanceID=:esl_comments.commentSetInstanceID AND esl_comments.commentVisible=:esl_comments.commentVisible AND esl_comments.commentID=:esl_comments.commentID;
And the data is being passed to the function which attempts to execute the query just fine. I've echo'ed it and it appears as:
esl_comments.commentSet - article
esl_comments.commentSetInstanceID - esl_articles.articleID
esl_comments.commentVisible - Y
esl_comments.commentID - 2
So there are four placeholders in the query, and all four are being satisfied with data but when I try to execute the query after binding it is giving the above error.
Does anyone have any ideas what may be causing it?
Placeholders must be alphanumeric or underscore.
:esl_comments.commentSet is not a valid placeholder. Try just :commentSet instead.
(And of course the other ones will need to be replaced as well)