dongyou1926 2016-05-06 10:48
浏览 118
已采纳

PHP无法解释的错误,无效的参数编号:绑定变量的数量与令牌的数量不匹配

I can't find a mistake in my code, and I always get the following error:

exception 'PDOException' with message 'SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens' "

when trying to submit some inputs from a form. 

if (isset($_GET['createNewBox'])) {

  if (!empty($_POST['tableName']) and !empty($_POST['commentFullAddress'])) {

    try{

        $sql = 'CREATE TABLE :tableName (
            id INT NOT NULL AUTO_INCREMENT PRIMARY KEY,
            customerid INT,
            item TEXT,
            pin INT(11) NOT NULL,
            position VARCHAR(5),
            storedate DATE NOT NULL,
            storetime TIME NOT NULL
            ) DEFAULT CHARACTER SET utf8 ENGINE=INNODB COMMENT=":commentFullAddress"';
        $statement = $pdo -> prepare($sql);
        $statement -> bindValue(':tableName', $_POST['tableName']);
        $statement -> bindValue(':commentFullAddress', $_POST['commentFullAddress']);

        if ($statement -> execute()) {

            session_start();
            $_SESSION['messageSucceed'] = "A new database has been created for the box.";
            header('Location: /?managebox');
            exit();
        }   

    } catch (PDOException $e) {

        $error_output = "Error on creating new box database: " . $e;
        include '../error.html.php';
        exit();
    }

  } else {

    session_start();
    $_SESSION['message'] = "Please do not submit empty data.";
    header("Location: /?managebox");
  }
}
  • 写回答

1条回答 默认 最新

  • dongwa3808 2016-05-06 11:17
    关注

    There are 2 things wrong with your code.

    Firstly, this:

    CREATE TABLE :tableName

    You can't bind a table in PDO, so you need to either use a variable or from a safelist.

    Then you're using quotes around the values for the binds COMMENT=":commentFullAddress"'; and those need to be removed.

    Sidenote: TBH, I don't know why you're using a prepared statement for the COMMENT, I've never seen that before.

    References:

    Plus, make sure those POST arrays contain values.

    Add error reporting to the top of your file(s) which will help find errors.

    <?php 
error_reporting(E_ALL);
ini_set('display_errors', 1);

// Then the rest of your code

    Sidenote: Displaying errors should only be done in staging, and never production.

    You also may have to change bindValue to bindParam, I said "may".

    Footnotes:

    I don't understand why you're using this code to create a table, yet alone coming from user input. That's your decision but I don't see the reason for it, unless you're trying to create some form of database hosting service.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 拟通过pc下指令到安卓系统,如果追求响应速度,尽可能无延迟,是不是用安卓模拟器会优于实体的安卓手机?如果是,可以快多少毫秒?
  • ¥20 神经网络Sequential name=sequential, built=False
  • ¥16 Qphython 用xlrd读取excel报错
  • ¥15 单片机学习顺序问题!!
  • ¥15 ikuai客户端多拨vpn,重启总是有个别重拨不上
  • ¥20 关于#anlogic#sdram#的问题,如何解决?(关键词-performance)
  • ¥15 相敏解调 matlab
  • ¥15 求lingo代码和思路
  • ¥15 公交车和无人机协同运输
  • ¥15 stm32代码移植没反应