dongzhou1865 2014-08-05 03:28
浏览 69
已采纳

绑定变量的数量与令牌PDO的数量不匹配

Relatively new to PDO (and OOP in general), my 3 named parameters are giving me an error. This is the function I have written to check if a value already exists in the database (so I won't have duplicate entries):

function checkTable($table, $column, $value, $con) {
    $stmt = $con->prepare("SELECT * FROM :tbl WHERE :col = :val");
    $stmt->execute(['tbl' => $table, 'col' => $column, 'val' => $value]);

    return $stmt->fetchAll();
}

Of course $con is the PDO connection (yes I have checked, it is connected and I can run normal queries on the database) I am calling the function with this piece of code:

checkTable("posts", "title", "title", $con);

I'm expecting to see true being returned, as the value I'm putting in does exist in the database, but all I'm getting is

'SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens'

EDIT: I've tested this outside a function, and this worked just as expected:

$bind = ['tbl' => "posts", 'col' => "title", 'val' => "title"];
$query = query("SELECT * FROM :tbl WHERE :col = :val", $con, $bind);
var_dump($query);

Where the query() function looks like this:

function query($query, $con, $bind = null) {
    try {
        $stmt = $con->prepare($query);
        $stmt->execute($bind);
        $stmt->setFetchMode(PDO::FETCH_ASSOC);
        $result = $stmt->fetchAll();

        return $result;
    } catch(Exception $e) {
        return false;
    }
}
  • 写回答

1条回答 默认 最新

  • dongyong2906 2014-08-05 03:30
    关注

    You cannot use table and column names for substitution within prepared statements. :tbl - is a table name. So you have only two tokens in your query :col, :val.

    Also :col would be replaced with 'column_name' (with quotes). Where condition would be looks like 'column_name'='value'.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?