PHP Mysql绑定变量的PDO数量与令牌数量不匹配
问题描述:
您好我环顾四周,但似乎无法找到一个答案太我的问题。PHP Mysql绑定变量的PDO数量与令牌数量不匹配
这是我第一次使用PDO,所以我是一个完整的新手。
我有一个数据负载拆分到2个表,并希望将它们合并为一个,还有其他方式做到这一点,但没有进入复杂的原因,我试图这样做.. 。
我生成表的记录,我想将数据从
拷贝构造我的发言
来看,它在一个循环
,但我得到以下错误
SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens
我已经通过和三重检查我有相同数量的变量,所以为什么“令牌不匹配我不知道”,就像我说这是非常新的,所以我可能错过了亲会认为明显的东西。
-
这也许值得一提的是,我没有在表中增加了每一个栏,还有其他列,但我已经离开他们了准备语句... 继承人我的代码:
//$dbh = new PDO($hostname_Seriously, $DB_USER, $DB_PASSWORD); $dbh = new PDO('mysql:host=localhost;dbname=seriouslysoulful_summers', $username_Seriously, $password_Seriously); $stmt = $dbh->prepare("INSERT INTO records_rec (oldid_rec, firstname_rec, artist_rec, aside_rec, bside_rec, label_rec, condition_rec, genere_rec, price_rec, collection_rec, active_rec, info_rec, notes_rec, order_rec, alabelimage_rec, blabelimage_rec, asound_rec, bsound_rec, featured_rec, format_rec) VALUES (:oldid_rec, :firstname_rec, :artist_rec, :aside_rec, :bside_rec, :label_rec, :condition_rec, :genere_rec, :price_rec, :collection_rec, :active_rec, :info_rec, :notes_rec, :order_rec, :alabelimage_rec, :blabelimage_rec, asound_rec, bsound_rec, :featured_rec, :format_rec)"); $stmt->bindParam(':oldid_rec', $id); $stmt->bindParam(':firstname_rec', $firstname); $stmt->bindParam(':artist_rec', $artist); $stmt->bindParam(':aside_rec',$aside); $stmt->bindParam(':bside_rec',$bside); $stmt->bindParam(':label_rec',$label); $stmt->bindParam(':condition_rec',$condition); $stmt->bindParam(':genere_rec',$genere); $stmt->bindParam(':price_rec',$price); $stmt->bindParam(':collection_rec',$collection); $stmt->bindParam(':active_rec',$active); $stmt->bindParam(':info_rec',$info); $stmt->bindParam(':notes_rec',$notes); $stmt->bindParam(':order_rec',$order); $stmt->bindParam(':alabelimage_rec',$alabel); $stmt->bindParam(':blabelimage_rec',$blabel); $stmt->bindParam(':asound_rec',$asound); $stmt->bindParam(':bsound_rec',$bsound); $stmt->bindParam(':featured_rec',$featured); $stmt->bindParam(':format_rec',$format); $reccount = 0; //do{ $id = $row_rs_original['id_prod']; $firstname = mysql_real_escape_string($row_rs_original['firstname_prod']); $artist = mysql_real_escape_string($row_rs_original['artist_prod']); $aside = mysql_real_escape_string($row_rs_original['a_side_prod']); $bside = mysql_real_escape_string($row_rs_original['b_side_prod']); $label = mysql_real_escape_string($row_rs_original['label_prod']); $condition = mysql_real_escape_string($row_rs_original['condition_prod']); $genere = $row_rs_original['genre_prod']; $price = $row_rs_original['price_prod']; $collection = mysql_real_escape_string($row_rs_original['collection_prod']); $active = $row_rs_original['active_prod']; $info = mysql_real_escape_string($row_rs_original['info_prod']); $notes = mysql_real_escape_string($row_rs_original['notes_prod']); $order = $row_rs_original['order_prod']; $alabel = mysql_real_escape_string($row_rs_original['labelimage_A_prod']); $blabel = mysql_real_escape_string($row_rs_original['labelimage_B_prod']); $asound = mysql_real_escape_string($row_rs_original['soundfile_A_prod']); $bsound = mysql_real_escape_string($row_rs_original['soundfile_B_prod']); $featured = $row_rs_original['featured_prod']; $format = $row_rs_original['format_prod']; $stmt->execute(); $reccount = $reccount +1; //} while ($row_rs_original = mysql_fetch_assoc($rs_original)); echo($reccount." - records added...");
答
缺少冒号
:blabelimage_rec, **:**asound_rec, **:**bsound_rec, :featured_rec, :format_rec
答
看起来像马克·贝克已经回答了你的追求离子,但我想添加一些帮助我很多的提示。
PDO不需要mysql_escape_string
只要一切进入查询与用户输入的交易是使用准备语句(像你上面)你不需要逃脱输入与mysql_real_escape_string [ 1]。
// Don't worry about SQL injection since all of the user
// defined inputs are being escaped by the PDO package
$sql = "INSERT INTO "
. "`users` "
. "SET "
. "`name` = :name";
$query = $pdo->prepare($sql);
$query->bindParam(':name', $name);
$query->execute();
但一定要知道,SQL注入仍然是可能的,如果你不绑定用户输入:
// SQL injection can totally happen here
$sql = "INSERT INTO "
. "`users` "
. "SET "
. "`name` = $name";
$query = $pdo->prepare($sql);
$query->execute();
[1] http://www.php.net/manual/en/pdo.prepared-statements.php
尝试让你的SQL尽可能短
对于简单的SQL语句,它越短,维护越容易,并且出错的可能性也越小。你可以使用一个替代INSERT语法[2]:
INSERT INTO
`users`
SET
`name` = 'Steve';
等同于:
INSERT INTO
`users`
(
`name`
)
VALUES
(
'Steve'
);
这意味着对于像你这样大的语句,可以有效一半其大小,因为你不知道需要重复所有的列名:
$sql = "INSERT INTO "
. "`records_rec` "
. "SET "
. "`oldid_rec` = :oldid_rec, "
. "`firstname_rec` = :firstname_rec, "
. "`artist_rec` = :artist_rec, "
. "`aside_rec` = :aside_rec, "
. "`bside_rec` = :bside_rec, "
. "`label_rec` = :label_rec, "
. "`condition_rec` = :condition_rec, "
. "`genere_rec` = :genere_rec, "
. "`price_rec` = :price_rec, "
. "`collection_rec` = :collection_rec, "
. "`active_rec` = :active_rec, "
. "`info_rec` = :info_rec, "
. "`notes_rec` = :notes_rec, "
. "`order_rec` = :order_rec, "
. "`alabelimage_rec` = :alabelimage_rec, "
. "`blabelimage_rec` = :blabelimage_rec, "
. "`asound_rec` = :asound_rec, "
. "`bsound_rec` = :bsound_rec, "
. "`featured_rec` = :featured_rec, "
. "`format_rec` = :format_rec";
$dbh = new PDO(<info goes here>);
$stmt = $dbh->prepare($sql);
// Bind your params here...
[2] http://dev.mysql.com/doc/refman/5.5/en/insert.html
一定要让SQL语句多行和漂亮
我开始格式化我的SQL语句是多行(如上),从那以后我有像这样的错误更少。它确实占用了很多空间,但我认为最后它是值得的。通过将所有内容组合在一起,它会使错误像拇指一样突出。
快乐编码!
我不能满足这个足够! – Mawg 2015-09-08 06:20:56