Uncaught PDOException: SQLSTATE[HY093]: Invalid parameter number

Question

My probleme is when i create this code , this error:

Fatal error: Uncaught PDOException: SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens in E:\xampp\htdocs\I100Tech eCommerce\admin\index.php:26 Stack trace: #0 E:\xampp\htdocs\I100Tech eCommerce\admin\index.php(26): PDOStatement->execute(Array) #1 {main} thrown in E:\xampp\htdocs\I100Tech eCommerce\admin\index.php on line 25

is appears in the front of me. The error is in the line 25 in execute() methode . I don't understand this error and how to fix it , thank you :)

<?php 
    session_start();
    $nonavbar='';
    $pagetitle = 'Login';
    include "init.php";
    // check if user coming frpm http request
    if($_SERVER['REQUEST_METHOD'] == 'POST'){
        $username = $_POST['user'];
        $password = $_POST['pass'];
        $hashedpass = sha1($password);
    // check if the user exist in the database
    $stmt = $con->prepare("SELECT 
                                 userID,username,password
                           FROM 
                                 users 
                            WHERE  
                                 username = ?  
                            AND 
                                password = ?
                            AND 
                                groupeID=? 
                            LIMIT 1");
                            
    $stmt->execute(array($username,$hashedpass));//error in this line
    $row = $stmt->fetch();
    $count = $stmt->rowCount();
    // if count > 0 this mean the database conain record about this username

    if($count > 0){
        $_SESSION['username'] = $username;//register session name
        $_SESSION['ID'] = $row['userID'];
        header('Location: dashboard.php');// redirect link for user
        exit();
    }
}
    ?>
    <form class="login" action="<?php echo $_SERVER['PHP_SELF'] ?>" method="POST">
        <h4 class="text-center">Admin Login</h4>
        <input class="form-control" type="text" name="u" placeholder="user name" autocomplet="off"/>
        <input class="form-control" type="password" name="pass" placeholder="password" autocomplet="new-password"/>
        <input class="btn btn-primary btn-block" type="submit" name="user" value="login"/>
    </form>
   

    
<?php include $tpl . 'footer.php'; ?>

Answer 1

in the prepare statement, you have three variables username, password and groupID, and you have bind only two variables, so, you should add the third one in the execute statement or remove the ? for the groupID and set a real value.