douzhuozhu9544 2015-09-02 13:38
浏览 75
已采纳

PHP:PDO MySQL错误

I don't really know MySQL but I try.

I have this script in PHP

$sql = $DB->prepare("INSERT INTO `users`(`id`, `firstname`, `lastname`, `email`, `password`) VALUES ($this->firstname, $this->lastname, $this->email, $this->password))");

and when I use

print_r($sql->errorInfo());

It is giving me this error

Warning: PDOStatement::execute(): SQLSTATE[HY093]: Invalid parameter number: no parameters were bound in C:\Bitnami\wampstack-5.5.27-0\apache2\htdocs\OOPLoginegister.php on line 115 Array ( [0] => HY093 [1] => [2] => )

If anyone could help me, I would appreciate it very much.

Thank you.

EDIT: I changed it to

$sql = $DB->prepare("INSERT INTO `users`(`firstname`, `lastname`, `email`, `password`) VALUES ($this->firstname, $this->lastname, $this->email, $this->password))");

And now it's giving me

Array ( [0] => 42000 [1] => 1064 [2] => You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@gmail.com, ff0b80f26259f9c0178aeed5198bac48))' at line 1 )

  • 写回答

4条回答 默认 最新

  • dongyuan7110 2015-09-02 13:47
    关注

    You are misusing the prepare() function. When using prepared statements, you are supposed to use either ? or :name as placeholders for your values. This prevents you from constructing a malicious SQL query from user input.

    Also, you are listing 5 fields, but only give 4 values. If id is an AUTO_INCREMENT field then it can just be omitted from the query.

    Finally, you had too many ) in your query,

    $sql = $DB->prepare("INSERT INTO `users`(`firstname`, `lastname`, `email`, `password`)
    VALUES (:firstname, :lastname, :email, :password)");

    Now you just pass an array of values to execute() to bind to the placeholders.

    $sql->execute(array(
    'firstname' => $this->firstname,
    'lastname' => $this->lastname,
    'email' => $this->email,
    'password' => $this->password
));

    P.S. Your original code didn't work because you forgot to put quotes around your strings.

    INSERT INTO `users` (`email`) VALUE ('test@example.com');
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(3条)

报告相同问题?

悬赏问题

  • ¥15 #MATLAB仿真#车辆换道路径规划
  • ¥15 java 操作 elasticsearch 8.1 实现 索引的重建
  • ¥15 数据可视化Python
  • ¥15 要给毕业设计添加扫码登录的功能!!有偿
  • ¥15 kafka 分区副本增加会导致消息丢失或者不可用吗?
  • ¥15 微信公众号自制会员卡没有收款渠道啊
  • ¥100 Jenkins自动化部署—悬赏100元
  • ¥15 关于#python#的问题:求帮写python代码
  • ¥20 MATLAB画图图形出现上下震荡的线条
  • ¥15 关于#windows#的问题:怎么用WIN 11系统的电脑 克隆WIN NT3.51-4.0系统的硬盘