CODEWITHSUNDEEP
php
w.doe
w.doe

Reputation: 9

there seems to be an error on line 39, i am unable to figure out what it is, please point me to my error?

created a login page however upon execution I am greeted by the following error :

number of bound variables does not match number of tokens in ..\login1.php line 39

Following is the code from login1.php, what have I done wrong?

 // query

    $result = $handle->prepare("SELECT * FROM user WHERE username= ? AND password = ?");
    $result->bindParam('?', $user, PDO::PARAM_STR);
    $result->bindParam('?', $password, PDO::PARAM_STR);
    $result->execute(); //line 39
    $rows = $result->fetch(PDO::FETCH_NUM);

Upvotes: 1

Views: 72

Answers (3)

imposterSyndrome
imposterSyndrome

Reputation: 897

you are confusing two different ways of binding values. if you are going to use generic placeholders (i.e ?) then you need to pass the execute() an array of values in the correct order e.g. $result->execute([$user,$password]).

if you are going to bind values then your placeholders need to be unique e.g. "... WHERE username = :user AND password = :pass

$result->bindParam(':user', $user, PDO::PARAM_STR);
 $result->bindParam(':pass', $password, PDO::PARAM_STR);

the benefit of the latter (which you are trying to use) is you can bind it once but use it in several places, e.g. "...SELECT * FROM TABLE t, INNER JOIN TABLE_B b ON (t.col = b.col) WHERE b.id = :id AND t.id = :id ....

$result->bindParam(':id', $id, PDO::PARAM_INT);

even if you aren't going to bind individually but use the execute([array]) then you can still name your binds such as 

$result->execute([':bind1' => $val1,':bind2'=>$val2 etc....])

it's always better to specify your binds to minimise the chance of binding the wrong value

Upvotes: 1

Ahmed Nasr
Ahmed Nasr

Reputation: 119

try to do it this way

$result = $handle->prepare("SELECT * FROM user WHERE username= ? AND password = ?");
$result->bindParam(1, $user, PDO::PARAM_STR);
$result->bindParam(2, $password, PDO::PARAM_STR);
$result->execute(); //line 39
$rows = $result->fetch(PDO::FETCH_NUM);

Upvotes: 0

Gopi
Gopi

Reputation: 620

In the bindParam, instead of using question mark '?' use the parameter index postion like 

$result->bindParam(1, $user, PDO::PARAM_STR);
$result->bindParam(2, $password, PDO::PARAM_STR);

Upvotes: 0

Related Questions