CODEWITHSUNDEEP
phpmysqlpdoprepared-statement
webGuy
webGuy

Reputation: 163

PHP PDO prepare and execute

I am getting the following error:

Warning: PDOStatement::execute(): SQLSTATE[HY093]: Invalid parameter number: parameter was not defined

Unfortunately I dont see the problem:

    $sql = "UPDATE work 
            SET status = :status, date_from = :dateFrom
            WHERE id = :id
            ";
    $query = $database->prepare($sql);
    $query->execute(array(
        ':status' => $status,
        ':date_from' => $dateFrom,
        ':id' => $id
    ));

Upvotes: 0

Views: 1528

Answers (2)

Daniel Santos
Daniel Santos

Reputation: 457

The prepared method will generate a precompiled query with no values, the execute method will generate an array of values associated to each empty parameter, the rest happens at a level lower than SQL, where the query is precompiled, and values are fetched only afterwards to avoid the so famous SQL injection. Just sharing this so you kind of follow what is actualy happening.

Upvotes: 0

RiggsFolly
RiggsFolly

Reputation: 94642

Its a spelling error

:dateFrom !== :date_from

So change code to 

$sql = "UPDATE work 
            SET status = :status, date_from = :dateFrom
            WHERE id = :id
            ";
    $query = $database->prepare($sql);
    $query->execute(array(
        ':status' => $status,
        ':dateFrom' => $dateFrom,
        ':id' => $id
    ));

Upvotes: 4

Related Questions