AltTab
Reputation: 65
PHP bound variables, Invalid parameter number error or PDO Update Statement
I built a update statement in PHP using PDO, however I keep getting this error.
ERROR: SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens
I have counted and re-counted (25) and spent a while making sure my syntax is correct and I can't understand what I am doing wrong.
Here is the code:
$sql = "UPDATE :tablename
SET entryName = :entryname,
entryAdd1 = : add1,
entryAdd2 = :add2,
entryCity = :city,
entryCounty = :county,
entryCountry = :country,
entryPC = :postcode,
entryPhone = :phone,
entryEmail = :email,
entryURL = :entryurl,
entryDesc = :entryDesc,
entryImg = :entryimg,
entryStar = :star,
entryCuststar = :custstar,
chains = :chains,
cafe = :cafe,
fishandchips = :fishandchips,
indian = :indian,
itallian = :italian,
pizzeria = :pizzeria,
tapas = :tapas,
tearooms = :tearooms
WHERE :colname = :entryid";
$statement = $conn->prepare($sql);
$statement->bindParam(":tablename", $tablename, PDO::PARAM_STR);
$statement->bindParam(":entryname", $entryname, PDO::PARAM_STR);
$statement->bindParam(":add1", $add1, PDO::PARAM_STR);
$statement->bindParam(":add2", $add2, PDO::PARAM_STR);
$statement->bindParam(":city", $entrytown, PDO::PARAM_STR);
$statement->bindParam(":county", $entrycounty, PDO::PARAM_STR);
$statement->bindParam(":country", $entrycountry, PDO::PARAM_STR);
$statement->bindParam(":postcode", $entrypostcode, PDO::PARAM_STR);
$statement->bindParam(":phone", $entryphone, PDO::PARAM_STR);
$statement->bindParam(":email", $entryemail, PDO::PARAM_STR);
$statement->bindParam(":entryurl", $entryurl, PDO::PARAM_STR);
$statement->bindParam(":entryDesc", $entrydesc, PDO::PARAM_STR);
$statement->bindParam(":entryimg", $entryicon, PDO::PARAM_STR);
$statement->bindParam(":star", $star, PDO::PARAM_STR);
$statement->bindParam(":custstar", $custstar, PDO::PARAM_STR);
$statement->bindParam(":chains", $chains, PDO::PARAM_INT);
$statement->bindParam(":cafe", $cafe, PDO::PARAM_INT);
$statement->bindParam(":fishandchips", $fishchips, PDO::PARAM_INT);
$statement->bindParam(":indian", $indian, PDO::PARAM_INT);
$statement->bindParam(":italian", $italian, PDO::PARAM_INT);
$statement->bindParam(":pizzeria", $pizzeria, PDO::PARAM_INT);
$statement->bindParam(":tapas", $tapas, PDO::PARAM_INT);
$statement->bindParam(":tearooms", $tearooms, PDO::PARAM_INT);
$statement->bindParam(":colname", $colname, PDO::PARAM_STR);
$statement->bindParam(":entryid", $entryid, PDO::PARAM_INT);
$count = $statement->execute();
I state the $conn variable further up, it's just a practice directory I was making. If anyone could point me in the right direction I would appreciate it.
Upvotes: 0
Views: 78
Answers (2)
versalle88
Reputation: 1137
You can't parameterize table/column names. Try this if you need them to be dynamic:
$sql = "UPDATE " . $tablename . "
SET entryName = :entryname,
entryAdd1 = :add1,
entryAdd2 = :add2,
entryCity = :city,
entryCounty = :county,
entryCountry = :country,
entryPC = :postcode,
entryPhone = :phone,
entryEmail = :email,
entryURL = :entryurl,
entryDesc = :entryDesc,
entryImg = :entryimg,
entryStar = :star,
entryCuststar = :custstar,
chains = :chains,
cafe = :cafe,
fishandchips = :fishandchips,
indian = :indian,
itallian = :italian,
pizzeria = :pizzeria,
tapas = :tapas,
tearooms = :tearooms
WHERE " . $colname . " = :entryid";
$statement = $conn->prepare($sql);
$statement->bindParam(":entryname", $entryname, PDO::PARAM_STR);
$statement->bindParam(":add1", $add1, PDO::PARAM_STR);
$statement->bindParam(":add2", $add2, PDO::PARAM_STR);
$statement->bindParam(":city", $entrytown, PDO::PARAM_STR);
$statement->bindParam(":county", $entrycounty, PDO::PARAM_STR);
$statement->bindParam(":country", $entrycountry, PDO::PARAM_STR);
$statement->bindParam(":postcode", $entrypostcode, PDO::PARAM_STR);
$statement->bindParam(":phone", $entryphone, PDO::PARAM_STR);
$statement->bindParam(":email", $entryemail, PDO::PARAM_STR);
$statement->bindParam(":entryurl", $entryurl, PDO::PARAM_STR);
$statement->bindParam(":entryDesc", $entrydesc, PDO::PARAM_STR);
$statement->bindParam(":entryimg", $entryicon, PDO::PARAM_STR);
$statement->bindParam(":star", $star, PDO::PARAM_STR);
$statement->bindParam(":custstar", $custstar, PDO::PARAM_STR);
$statement->bindParam(":chains", $chains, PDO::PARAM_INT);
$statement->bindParam(":cafe", $cafe, PDO::PARAM_INT);
$statement->bindParam(":fishandchips", $fishchips, PDO::PARAM_INT);
$statement->bindParam(":indian", $indian, PDO::PARAM_INT);
$statement->bindParam(":italian", $italian, PDO::PARAM_INT);
$statement->bindParam(":pizzeria", $pizzeria, PDO::PARAM_INT);
$statement->bindParam(":tapas", $tapas, PDO::PARAM_INT);
$statement->bindParam(":tearooms", $tearooms, PDO::PARAM_INT);
$statement->bindParam(":entryid", $entryid, PDO::PARAM_INT);
$count = $statement->execute();
Thanks,
Andrew
Upvotes: 0
Jordy
Reputation: 1049
Table and Column names cannot be replaced by parameters in PDO. You'd have to replace these with the actual names, offcourse you can filter out unwanted data if you wanted to, but not by using the prepared statements.
Won't work:
$sth = $dbh->prepare('SELECT name, colour, calories FROM ? WHERE calories < ?');
THIS WORKS!
$sth = $dbh->prepare('SELECT name, colour, calories FROM fruit WHERE calories < ?');
Upvotes: 1
Related Questions
- UPDATE error. SQLSTATE[HY093]: Invalid parameter number
- MySQL update using PDO with variable
- What's wrong with update query in php
- PDO Exception when binding parameters in an UPDATE query
- PDO Update Statement not working
- PHP MySQL/PDO Update Issue
- MySQL error "right syntax to use near 'update"
- Update query with PDO throws error
- Changing php script to PDO causing Syntax error during MySQL update query
- PDO - Invalid syntax for UPDATE query