Uncaught PDOException: SQLSTATE[HY093]

General PHP Help
#1

Hello. I’m trying to update a database but I get an error: Fatal error : Uncaught PDOException: SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens in C:\xampp\htdocs\egypt\admin\edit.php:17 Stack trace: #0 C:\xampp\htdocs\egypt\admin\edit.php(17): PDOStatement->execute(Array) #1 {main} thrown in C:\xampp\htdocs\egypt\admin\edit.php on line 17 when I select the button to update the records.

I’ve checked the example I’m following, and though I have more fields, the example has the same bound variables and tokens. I assumed I would too.

Don’t know how to solve this so any help will be appreciated.

Here is the PHP:

> <?php
> require_once("dbcon/dbc.php");
> 

> if(!empty($_POST["save_record"])) {
> 	
> 	$id = isset($_POST['id']) ? $_POST['id'] : NULL;

> 	$pagelinks = isset($_POST['pagelinks']) ? $_POST['pagelinks'] : '';

> 	$title = isset($_POST['title']) ? $_POST['title'] : '';

> 	$asideleft = isset($_POST['asideleft']) ? $_POST['asideleft'] : '';

> 	$body = isset($_POST['body']) ? $_POST['body'] : '';

> 	$asideright = isset($_POST['asideright']) ? $_POST['asideright'] : '';

> 	$sourceref = isset($_POST['sourceref']) ? $_POST['sourceref'] : '';

> 	$sourceimg = isset($_POST['sourceimg']) ? $_POST['sourceimg'] : '';

> 	
> 	$result = $dbh->prepare('UPDATE pages SET id = ?, pagelinks = ?, title = ?, asideleft = ?, body = ?, asideright, sourceref = ?, sourceimg = ? WHERE id = ?');
> 	

> 	$result->execute([$id, $pagelinks, $title, $asideleft, $body, $asideright, $sourceref, $sourceimg, $_GET['id']]);

> 	
> 	if($result) {
> 		header('location:index.php');
> 	}
> }
> 	$pdo_statement = $dbh->prepare("SELECT * FROM pages where id=" . $_GET['id']);

> 	$pdo_statement->execute();

> 	$result = $pdo_statement->fetchAll();
> ?>
#2

Your query has 8 placeholders.
Your execute statement provides 9 values.
8 != 9

#3

Thanks. I did not notice the extra item.

1 Like
#4

You dont see the other flaws with your code do you?

In a properly coded form, the fields will always be isset, therefore, your isset check is pointless and the second part of the ternary will never be true.

You need to trim the entire post array and then check for empty.

Hoping the name of a button will be submitted in order for your code to work will completely fail in certain cases. You need to check the REQUEST METHOD instead.

You need to kill the script after a header redirect or it will keep running the rest of the code.

Do not SELECT *. Specify the column names you want.

#5

Thanks.

I have place exit() with in the header direct - I guess this is correct.
I have specified the fields in the SELECT part.

I thought I had the isset() correct - following instructions, so not sure what you mean. I would be grateful for an example - one will do.

I have no idea how to trim - arrays or other. I would be grateful of an example.

Finally, could you provide an example of how to check the REQUEST METHOD,

Sorry for asking for so asking for so much help, but searching the subject - for other things does not help as the information does not have my code, so cannot follow the help.

Thanks in advance.

#6

You shouldn’t be updating the id field either. The id is what identifies the row of data. Once you assign an id, it is never changed (except perhaps during development, when you may end up truncating all your data.)

Also, if you use exceptions for errors. your main code only has to deal with error free execution, since execution transfers to the exception handler upon an error, simplifying code.

Lastly, the select query should be a prepared query, with a place-holder for the input value, then supply the value as an array entry in the execute([…]) call. You are preparing this query, but are putting an external, unknown, dynamic value directly into the sql statement.

#7

So, I reviewed your recent threads. You have already been told and shown some examples of these points. You need to address these points in the existing threads, asking questions as needed, rather than to keep starting over and creating new threads. You have 4 threads about UPDATING data and 1 thread about INSERTING data. Other than a few differences in what the code is doing for these two activities, everything else with a form and form processing code uses the same programming knowledge. You need to learn as you go and build upon things you have already learned.

No one here suggested writing out code for every form field with isset() statements like that. In fact, you were told to NOT write out line after line of code for every input (you started with 30+.) After you produced all those lines with isset() statements, you were probably tired of seeing all the field names, and you couldn’t see the mistake in the main point of what you are doing, building and executing the sql statement.

The lists of suggestions you have been given in your series of threads have been to -

  1. Make your code secure.
  2. Provide a good user experience.
  3. Use simple, general-purpose, reusable code.
  4. Get your code to work or to tell you why it doesn’t.
#8

I would like to point out that I have tried the suggestions and still got errors, so I went online for examples. One showed the isset() as seen in my requests for help. I did not want to keep asking for help, so I used the online examples, only to still have error messages. I am not stating that the help given online or in this forum is wrong, but as someone new to PDO I assumed it would be and that any error messages relate to my skills in following these instructions So I thank you and all those that have helped with advice. I will go back to what was suggested and start again. I have noticed my errors so hopefully I will not have to ask for help on the same subjects again. I apologize for any frustration or inconvenience caused by me.

Sponsor our Newsletter | Privacy Policy | Terms of Service