CODEWITHSUNDEEP
phpbindingpdo
crmepham
crmepham

Reputation: 4750

Warning: PDOStatement::execute() [pdostatement.execute]: SQLSTATE[HY093]: Invalid parameter number:

I am attempting to use the following code to search a database using words in a search field.

For some reason I am getting the following error

Warning: PDOStatement::bindValue() [pdostatement.bindvalue]: SQLSTATE[HY093]: Invalid parameter number: Columns/Parameters are 1-based in..

Here is the function code:

// Retrieve search results
    function retrieve_search_posts($searchfield){
        //test the connection
        try{
            //connect to the database
            $dbh = new PDO("mysql:host=localhost;dbname=mjbox","root", "usbw");
        //if there is an error catch it here
        } catch( PDOException $e ) {
            //display the error
            echo $e->getMessage();

        }

        $where = array();

        $words = preg_split('/[\s]+/',$searchfield);

        $total_words = count($searchfield);

        for($i = 0; $i < count($words); $i++){

            $where[] .= "`post_title` LIKE ?";

        }

        $where_string = implode(" OR ", $where);

        $query = "
                                SELECT  p.post_id, post_year, post_desc, post_title, post_date, img_file_name, p.cat_id
                                FROM    mjbox_posts p
                                JOIN    mjbox_images i
                                ON      i.post_id = p.post_id
                                        AND i.cat_id = p.cat_id
                                        AND i.img_is_thumb = 1
                                        AND post_active = 1
                                WHERE post_title LIKE ?
                                ORDER BY post_date
                                DESC";

        $stmt = $dbh->prepare($query);

        foreach($words AS $index => $word){
            $stmt->bindValue($index, $word, PDO::PARAM_STR);
        }

        $stmt->execute();

        $searcharray = $stmt->fetchAll(PDO::FETCH_ASSOC);

        return $searcharray;
    }

What have I done wrong to cause the outputted error message?

Upvotes: 0

Views: 5417

Answers (2)

DaveRandom
DaveRandom

Reputation: 88697

Firstly, you didn't use the string of ...OR LIKE clauses you carefully constructed in the loop.

Secondly, as the error says, prepared statement parameters are 1-indexed, whereas your array is 0-indexed. You need to shift all the indexes in the array up 1 in order to get it to work with your current foreach, or add 1 to them during the loop.

Try this instead:

function retrieve_search_posts($searchfield){
    //test the connection
    try{
        //connect to the database
        $dbh = new PDO("mysql:host=localhost;dbname=mjbox","root", "usbw");
    //if there is an error catch it here
    } catch( PDOException $e ) {
        //display the error
        echo $e->getMessage();

    }

    $words = preg_split('/[\s]+/',$searchfield);

    // Easy way to 1-index a 0-indexed array
    array_unshift($words, '');
    unset($words[0]);

    // Never used and meaningless - $searchfield is a string
    // $total_words = count($searchfield);

    // Tidier and more resilient than the loop
    $where_string = implode(" OR ", array_fill(0, count($words), "`post_title` LIKE ?"));

    $query = "
       SELECT  p.post_id, post_year, post_desc, post_title, post_date, img_file_name, p.cat_id
       FROM    mjbox_posts p
       JOIN    mjbox_images i
       ON      i.post_id = p.post_id
               AND i.cat_id = p.cat_id
               AND i.img_is_thumb = 1
               AND post_active = 1
       WHERE $where_string
       ORDER BY post_date
       DESC
    ";

    $stmt = $dbh->prepare($query);

    foreach ($words AS $index => $word){
        // You may want to use "%$word%" or similar below, as it is the LIKE
        // keyword in your query is doing nothing and you might as well use =
        $stmt->bindValue($index, $word, PDO::PARAM_STR);
    }

    // Handle the potential error here!
    $stmt->execute();

    return $stmt->fetchAll(PDO::FETCH_ASSOC);

}

Upvotes: 1

Felix Weelix
Felix Weelix

Reputation: 382

"1-based" isn't a very friendly error message

Wikipedia: http://en.wikipedia.org/wiki/Array_data_type#Index_origin

1-based = minimum value is 1, so 0 (first value in php/c array) is not valid

    foreach($words AS $index => $word){
        $stmt->bindValue($index+1, $word, PDO::PARAM_STR);
    }

Upvotes: 1

Related Questions