dongyou1926 2016-05-06 10:48
浏览 118
已采纳

PHP无法解释的错误,无效的参数编号:绑定变量的数量与令牌的数量不匹配

I can't find a mistake in my code, and I always get the following error:

exception 'PDOException' with message 'SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens' "

when trying to submit some inputs from a form. 

if (isset($_GET['createNewBox'])) {

  if (!empty($_POST['tableName']) and !empty($_POST['commentFullAddress'])) {

    try{

        $sql = 'CREATE TABLE :tableName (
            id INT NOT NULL AUTO_INCREMENT PRIMARY KEY,
            customerid INT,
            item TEXT,
            pin INT(11) NOT NULL,
            position VARCHAR(5),
            storedate DATE NOT NULL,
            storetime TIME NOT NULL
            ) DEFAULT CHARACTER SET utf8 ENGINE=INNODB COMMENT=":commentFullAddress"';
        $statement = $pdo -> prepare($sql);
        $statement -> bindValue(':tableName', $_POST['tableName']);
        $statement -> bindValue(':commentFullAddress', $_POST['commentFullAddress']);

        if ($statement -> execute()) {

            session_start();
            $_SESSION['messageSucceed'] = "A new database has been created for the box.";
            header('Location: /?managebox');
            exit();
        }   

    } catch (PDOException $e) {

        $error_output = "Error on creating new box database: " . $e;
        include '../error.html.php';
        exit();
    }

  } else {

    session_start();
    $_SESSION['message'] = "Please do not submit empty data.";
    header("Location: /?managebox");
  }
}
  • 写回答

1条回答 默认 最新

  • dongwa3808 2016-05-06 11:17
    关注

    There are 2 things wrong with your code.

    Firstly, this:

    CREATE TABLE :tableName

    You can't bind a table in PDO, so you need to either use a variable or from a safelist.

    Then you're using quotes around the values for the binds COMMENT=":commentFullAddress"'; and those need to be removed.

    Sidenote: TBH, I don't know why you're using a prepared statement for the COMMENT, I've never seen that before.

    References:

    Plus, make sure those POST arrays contain values.

    Add error reporting to the top of your file(s) which will help find errors.

    <?php 
error_reporting(E_ALL);
ini_set('display_errors', 1);

// Then the rest of your code

    Sidenote: Displaying errors should only be done in staging, and never production.

    You also may have to change bindValue to bindParam, I said "may".

    Footnotes:

    I don't understand why you're using this code to create a table, yet alone coming from user input. That's your decision but I don't see the reason for it, unless you're trying to create some form of database hosting service.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 做个有关计算的小程序
  • ¥15 MPI读取tif文件无法正常给各进程分配路径
  • ¥15 如何用MATLAB实现以下三个公式(有相互嵌套)
  • ¥30 关于#算法#的问题:运用EViews第九版本进行一系列计量经济学的时间数列数据回归分析预测问题 求各位帮我解答一下
  • ¥15 setInterval 页面闪烁,怎么解决
  • ¥15 如何让企业微信机器人实现消息汇总整合
  • ¥50 关于#ui#的问题:做yolov8的ui界面出现的问题
  • ¥15 如何用Python爬取各高校教师公开的教育和工作经历
  • ¥15 TLE9879QXA40 电机驱动
  • ¥20 对于工程问题的非线性数学模型进行线性化