PDO variable not capturing/passing value - pdo

This code works but it is one change short of proper PDO--I would need to change " $user_ID " in the where clause to " :user_ID ".
HOWEVER, when I do that, the code doesn't update the contributions by 3 (which is the goal of the code). But it does work and update contributions as long as I don't change $user_ID to :user_ID.
Can anyone see why and what I'm doing wrong from this?
$yesupdate = "UPDATE points SET contributions = contributions + 3 WHERE ID
= $user_ID";
$stmt4 = $dbh->prepare($yesupdate);
$stmt4->bindParam(':user_ID', $user_ID, PDO::PARAM_INT);
$stmt4->bindParam(':WID', $yes_WID, PDO::PARAM_INT);
$stmt4->bindParam(':approved', $e = Y, PDO::PARAM_STR);
$stmt4->bindParam(':position', $row2[0]['position'], PDO::PARAM_INT);
$stmt4->execute();
FYI, the above code is a second query that follows the below query:
$yesupdate = "UPDATE writing SET approved = :approved, position = :position
WHERE WID = :WID";
$stmt2 = $dbh->prepare($yesupdate);
$stmt2->bindParam(':WID', $yes_WID, PDO::PARAM_INT);
$stmt2->bindParam(':approved', $e = Y, PDO::PARAM_STR);
$stmt2->bindParam(':position', $row2[0]['position'], PDO::PARAM_INT);
$stmt2->execute();

Related

PDOStatement::execute(): SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens in

I'm having a problem with a prepared Update query:
$stmt = $conn->prepare("
UPDATE articles SET
title = :title,
body = :body,
intro = :intro,
datePub = :datePub,
authorID = :authorID',
author = :author',
category = :category,
tags = :tags,
language = :language,
visible = :visible,
translatedArt = :translatedArt,
relatedArts = :relatedArts,
priority = :priority,
changefreq = :changefreq
WHERE
id= :id"
);
$stmt->bindParam(':title', $title, PDO::PARAM_STR);
$stmt->bindParam(':body', $bodyArt, PDO::PARAM_STR);
$stmt->bindParam(':intro', $intro, PDO::PARAM_STR);
$stmt->bindParam(':datePub', $datePub, PDO::PARAM_INT);
$stmt->bindParam(':authorID', $author, PDO::PARAM_INT);
$stmt->bindParam(':author', $authorName, PDO::PARAM_STR);
$stmt->bindParam(':category', $cat, PDO::PARAM_INT);
$stmt->bindParam(':tags', $tags, PDO::PARAM_STR);
$stmt->bindParam(':language', $language, PDO::PARAM_STR);
$stmt->bindParam(':visible', $visibility, PDO::PARAM_INT);
$stmt->bindParam(':translatedArt', $transArt, PDO::PARAM_INT);
$stmt->bindParam(':relatedArts', $relArtCombi, PDO::PARAM_STR);
$stmt->bindParam(':priority', $priority, PDO::PARAM_STR);
$stmt->bindParam(':changefreq', $changeFreq, PDO::PARAM_STR);
$stmt->bindParam(':id', $operation, PDO::PARAM_INT);
$stmt->execute();
I'm binding 15 variables and I have 15 parameters in the query, do you have any idea on why I'm getting the error?
Thanks
Remove the apostrophe ' on
authorID = :authorID',
author = :author',
so that it can be :
authorID = :authorID,
author = :author,

PDO: Invalid parameter number: number of bound variables does not match number of tokens

I've been breaking my head over the following.
What you can see below is the result of a dynamically build INSERT together with its BINDS. The column names and tokens are being pulled from the table. I do not know them in advance. So I use build in functions to know what they are. The values are posted to me via a form. I put both together using an associative array which I use to build the INSERT command.
The array looks like this:
Array
(
[id] => 0
[datum] => 1968-05-13 16:58:02
[titel] => test 369
[categorie] => catEGORIE
[tekst] => tekst
[zichtbaar_bijlage] => 1
[zichtbaar_foto_1] => 1
[zichtbaar_foto_2] => 1
[zichtbaar_foto_3] => 1
[zichtbaar_foto_4] => 1
[zichtbaar_foto_5] => 1
[zichtbaar_foto_6] => 1
[zichtbaar_foto_7] => 1
[zichtbaar_foto_8] => 1
[zichtbaar_foto_9] => 1
[zichtbaar_foto_10] => 1
[bijlage] => verkeersbord.jpg
[foto_1] => hummel.jpg
[foto_2] => reinoutgerolf.jpg
[foto_3] => hummel.jpg
[foto_4] => verkeersbord.jpg
[foto_5] => verkeersbord.jpg
[foto_6] => 20140511vlaggen.jpg
[foto_7] => verkeersbord.jpg
[foto_8] => 20140511vlaggen.jpg
[foto_9] => verkeersbord.jpg
[foto_10] => 50-euro-1024x545.jpg
)
A dump of the INSERT command and the BINDS looks like this:
INSERT INTO some_DB.some_table (NIE_id, NIE_datum, NIE_titel, NIE_categorie, NIE_tekst, NIE_zichtbaar_bijlage, NIE_zichtbaar_foto_1, NIE_zichtbaar_foto_2, NIE_zichtbaar_foto_3, NIE_zichtbaar_foto_4, NIE_zichtbaar_foto_5, NIE_zichtbaar_foto_6, NIE_zichtbaar_foto_7, NIE_zichtbaar_foto_8, NIE_zichtbaar_foto_9, NIE_zichtbaar_foto_10, NIE_bijlage, NIE_foto_1, NIE_foto_2, NIE_foto_3, NIE_foto_4, NIE_foto_5, NIE_foto_6, NIE_foto_7, NIE_foto_8, NIE_foto_9, NIE_foto_10) VALUES (:id, :datum, :titel, :categorie, :tekst, :zichtbaar_bijlage, :zichtbaar_foto_1, :zichtbaar_foto_2, :zichtbaar_foto_3, :zichtbaar_foto_4, :zichtbaar_foto_5, :zichtbaar_foto_6, :zichtbaar_foto_7, :zichtbaar_foto_8, :zichtbaar_foto_9, :zichtbaar_foto_10, :bijlage, :foto_1, :foto_2, :foto_3, :foto_4, :foto_5, :foto_6, :foto_7, :foto_8, :foto_9, :foto_10)
$STH3->bindValue(':id', 0);
$STH3->bindValue(':datum', 1968-05-13 16:58:02);
$STH3->bindParam(':titel', test 369, PDO::PARAM_STR);
$STH3->bindParam(':categorie', catEGORIE, PDO::PARAM_STR);
$STH3->bindParam(':tekst', tekst, PDO::PARAM_STR);
$STH3->bindParam(':zichtbaar_bijlage', 1, PDO::PARAM_STR);
$STH3->bindParam(':zichtbaar_foto_1', 1, PDO::PARAM_STR);
$STH3->bindParam(':zichtbaar_foto_2', 1, PDO::PARAM_STR);
$STH3->bindParam(':zichtbaar_foto_3', 1, PDO::PARAM_STR);
$STH3->bindParam(':zichtbaar_foto_4', 1, PDO::PARAM_STR);
$STH3->bindParam(':zichtbaar_foto_5', 1, PDO::PARAM_STR);
$STH3->bindParam(':zichtbaar_foto_6', 1, PDO::PARAM_STR);
$STH3->bindParam(':zichtbaar_foto_7', 1, PDO::PARAM_STR);
$STH3->bindParam(':zichtbaar_foto_8', 1, PDO::PARAM_STR);
$STH3->bindParam(':zichtbaar_foto_9', 1, PDO::PARAM_STR);
$STH3->bindParam(':zichtbaar_foto_10', 1, PDO::PARAM_STR);
$STH3->bindParam(':bijlage', verkeersbord.jpg, PDO::PARAM_STR);
$STH3->bindParam(':foto_1', hummel.jpg, PDO::PARAM_STR);
$STH3->bindParam(':foto_2', reinoutgerolf.jpg, PDO::PARAM_STR);
$STH3->bindParam(':foto_3', hummel.jpg, PDO::PARAM_STR);
$STH3->bindParam(':foto_4', verkeersbord.jpg, PDO::PARAM_STR);
$STH3->bindParam(':foto_5', verkeersbord.jpg, PDO::PARAM_STR);
$STH3->bindParam(':foto_6', 20140511vlaggen.jpg, PDO::PARAM_STR);
$STH3->bindParam(':foto_7', verkeersbord.jpg, PDO::PARAM_STR);
$STH3->bindParam(':foto_8', 20140511vlaggen.jpg, PDO::PARAM_STR);
$STH3->bindParam(':foto_9', verkeersbord.jpg, PDO::PARAM_STR);
$STH3->bindParam(':foto_10', 50-euro-1024x545.jpg, PDO::PARAM_STR);
The INSERT command is generated by the following:
$command = "INSERT INTO $_SESSION[database].$table ($fields) VALUES ($arguments)";
echo $command;
$STH3 = $DBH->prepare($command);
foreach($binds_array as $key => $value)
{
if ($key == "id")
{
$STH3->bindValue(':id', 0);
echo "<br>--- STH3->bindValue(':id', 0);<br>";
}
elseif ($key == "datum")
{
$STH3->bindValue(':$key', $value);
echo "--- STH3->bindValue(':$key', $value);<br>";
}
else
{
$STH3->bindParam(':$key', $value, PDO::PARAM_STR);
echo "--- STH3->bindParam(':$key', $value, PDO::PARAM_STR);<br>";
};
};
For some reason this is resulting in an error:
Warning: PDOStatement::execute(): SQLSTATE[HY093]: Invalid parameter
number: number of bound variables does not match number of tokens
I've been reading up on whatever I could find on this problem but I'm not able to pinpoint the problem. As far as I can see (but I might be blind) the number of tokens and the number of variables is the same.
Any ideas?
The logic of the code, given I understood it correctly, seems fine. There is however one little problem in your code, namely your bindValues.
Both $STH3->bindValue(':$key', $value); and $STH3->bindParam(':$key', $value, PDO::PARAM_STR); suffer from the same problem: $key is enclosed in single quotes, which causes the variable not te be evaluated, but to be interpreted as is (as a string).
For variables inside a string to be evaluated in PHP, they need to be in double quotes, so the two lines of code above must become $STH3->bindValue(":$key", $value); and $STH3->bindParam(":$key", $value, PDO::PARAM_STR);.
#PLPeeters: you solved part of the problem. Many thanks for that! As mentioned in my comment to your answer I shortened the code even more to achieve more flexibility.
foreach($binds_array as $key => $value)
{
$arguments[] .= ":$key";
};
$arguments = implode(',',$arguments);
I deleted a part of the code which was default code to get the columns and put them in $fields.
$command_add = "INSERT INTO some_database.some_table ($fields) VALUES ($arguments)";
$STH3 = $DBH->prepare($command_add);
$STH3->execute($binds_array)

Yii createCommand not working

I use Yii MVC to develop code, and I have a code, that does not work;
I can't find the error, maybe you guys can;
$sql = "
select extension
from file_extension
where status = :status and extension in ('" . $extensions . "');
";
$status = FileExtension::ACTIVE_STATUS;
$cmd = Yii::app()->getDb()->createCommand($sql);
$cmd->bindParam(":status", $status, PDO::PARAM_INT);
$arrObj = $cmd->queryAll();
when I use print_r($arrObj); i get array()
Why don't I get results?
after some work, I see that my query is like:
select extension
from file_extension
where status = :status and extension in ('gif
','pdf
','chm
');
and because of the line breakes and the empty spaces, my sql query fails;
what can i do to obtain:
select extension
from file_extension
where status = :status and extension in ('gif','pdf','chm');
Try:
$extensionList = Yii::app()->db->createCommand()->select('extension')
->from('file_extension AS fe')
->where("fe.status = :status AND fe.extension IN ('gif','pdf','chm')", array(':status' => FileExtension::ACTIVE_STATUS))
->queryAll();

Yii update with join

I have a code
$command = Yii::app()->db->createCommand()
->update(
'queue q',
array('i.status_id' => $status_id)
)
->join('item i', 'q.item_id = i.item_id')
->where('IN', 'queue_id', $ids);
after I call $command->buildQuery() I get an error:
CDbCommand failed to execute the SQL statement: Invalid parameter number: parameter was not defined. The SQL statement executed was: UPDATE queue q SET i.status_id=:i.status_id
The impression is that it does not see the join and where commands.
What the problem?
Your code is valid with the newest Yii version. This MySQL-specific functionality has been added as of 1.1.14: https://github.com/yiisoft/yii/commit/ed49b77ca059c0895be17df5813ee1e83d4c916d.
The where clause should be in the update() function like this
Yii::app()->db->createCommand()
->update(
'queue q',
array('i.status_id' => $status_id),array('in', 'queue_id', $ids)
);
And regarding the JOIN part there is a open bug at https://github.com/yiisoft/yii/issues/124 (Im not sure. Correct me if Im wrong). Please let me know if there is a workaround.
You have to bind the parameters:
$command = Yii::app()->db->createCommand()
->update(
'queue q',
array('i.status_id' => ':status_id'),
array('in', 'queue_id', $ids),
array(':status_id' => $status_id),
)
->join('item i', 'q.item_id = i.item_id');
Having come across this problem a few times in my projects I have come-up with the following Yii work-around using CDbCriteria which is a little hacky, but gives the security of param count matching.
When applied to your example my code would be (guessing a little bit of your structure):
$ids = array(1,2,3,4,5);
$criteria = new CDbCriteria();
$criteria->addInCondition('i.queue_id',$ids);
$sql = '
UPDATE queue q
JOIN item i
ON q.item_id = i.item_id
SET i.status_id = :status
WHERE '.$criteria->condition;
$command = Yii::app()->db->createCommand($sql);
$command->bindValue('status',$status);
$command->bindValues($criteria->params);
$rows = $command->execute();

SQL Zend-framework update statement

What's wrong with this statement? An error is occurring, it is not reading the second line
(($var = array('tab.order' => 'tab.order+1');))
$db->update('tab', $form->getValues(), array('id =?' => $id));
$var = array('tab.order' => 'tab.order+1');
$var2 = array('tab.order >= ' . $form->getValue('order'));
$db->update('tab', $var, $var2);
Your problem is likely happening when Zend_Db does it's escaping of values in $var, and the value becomes
`tab.order+1`
You'll need to do
$var = array('tab.order' => new Zend_Db_Expr('tab.order + 1'));
to get around this.