PDO 意外抛出具有多个绑定参数的绑定变量错误
我有一个 PDO 准备好的语句,其中绑定变量是在我们网站上的高级搜索功能中动态准备的(它们可能因调用而异)。
我知道实际的 SQL 调用是正确的,但由于某种原因,当我尝试将字符串变量传递到准备好的语句中时,出现以下错误:
SQLSTATE[HY093]:参数无效 number:绑定变量的数量 令牌数量不匹配
我以前遇到过此错误,并且非常熟悉正常的解决步骤。然而,我的情况却很奇怪。使用以下示例代码:
$columns = "FirstName, LastName, ID, City, State";
$sWhere = "WHERE (FirstName LIKE ? AND LastName
LIKE ? AND ID LIKE ? AND City
LIKE ? AND State LIKE ?)";
$sVal = "'tom', 'lastname', '12345', 'Diego', 'CA'";
$sql = "SELECT ".$columns." FROM table ".$sWhere;
$stmt = $db->prepare($sql);
$stmt->execute(array($sVal));
其中 $sVal 的范围可以从 'firstname'、'lastname'... 到超过 12 个变量。改变变量的数量具有相同的结果。完整的语句是:
SELECT FirstName, LastName, ID, City, State
FROM table
WHERE (FirstName LIKE ? AND LastName
LIKE ? AND ID LIKE ? AND City
LIKE ? AND State LIKE ?)
当我按原样运行查询时,返回上述错误。当我认为我的变量数量实际上不正确时,我在 $value 语句上运行 ECHO 并发现它们确实匹配。
作为辅助测试,我从 $value 的 echo 中获取输出并直接插入执行数组:
$stmt->execute(array('tom', 'lastname', '12345', 'Diego', 'CA'));
这适用于任何问题。
它不会影响我的问题,但我还在 $sVal 变量中放置了 % 符号以确保正确性:
$sVal="'%tom%', '%lastname%', '%12345%', '%Diego%', '% CA%'";
对我来说,同一个变量的回显输出可以工作,但变量本身却不能工作,这毫无意义。有什么想法吗?
I have a PDO prepared statement in which the bound variables are prepared dynamically (they can vary from call to call) in an advanced search function on our site.
I know the actual SQL call is correct but for some reason I am getting the following error when trying to pass my string variable into the prepared statement:
SQLSTATE[HY093]: Invalid parameter
number: number of bound variables does
not match number of tokens
I have had this error before and am very familiar with the normal resolution steps. However, my circumstances are quite strange. With the following sample code:
$columns = "FirstName, LastName, ID, City, State";
$sWhere = "WHERE (FirstName LIKE ? AND LastName
LIKE ? AND ID LIKE ? AND City
LIKE ? AND State LIKE ?)";
$sVal = "'tom', 'lastname', '12345', 'Diego', 'CA'";
$sql = "SELECT ".$columns." FROM table ".$sWhere;
$stmt = $db->prepare($sql);
$stmt->execute(array($sVal));
where $sVal can range from 'firstname', 'lastname'.... to over 12 variables. Changing the number of variables has the same result. The complete statement is:
SELECT FirstName, LastName, ID, City, State
FROM table
WHERE (FirstName LIKE ? AND LastName
LIKE ? AND ID LIKE ? AND City
LIKE ? AND State LIKE ?)
When I run my query as is, the error above is returned. When I thought I did in fact have an incorrect number of variables, I ran an ECHO on my $value statement and found they did match.
As a secondary test, I took the output from the echo of $value and plugged directly back into the execute array:
$stmt->execute(array('tom', 'lastname', '12345', 'Diego', 'CA'));
This works with any issue at all.
It does not affect my question but I also placed % symbols within my $sVal variable for correctness:
$sVal="'%tom%', '%lastname%', '%12345%', '%Diego%', '%CA%'";
It makes ZERO sense to me that the echo'd output of the SAME variable would work but the variable itself would not. Any ideas?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您的
$sVal不是一个数组,它只是一个简单的字符串,因此当您编写array($sVal)时,execute()会看到只有一个值。您需要 explode() 您的
$sVal字符串成为一个数组:Your
$sValis not an array, it's just a simple string, so when you writearray($sVal), theexecute()sees only one value.You need to explode() your
$sValstring to become an array:问题是
execute接受一组参数,每个参数都有自己的键。传递类似 SQL 的、以逗号分隔的字符串是行不通的,即使可以,也会使 PDO 变得无用。这是错误的:
应该这样做:
例如,如果您从 POST 中的表单接收数据,则为:
The problem is that
executeaccepts an array of parameters, with each parameter having its own key. Passing a SQL-like, comma-separated string will not work, and even if it did, it would render PDO useless.This is wrong:
This is how it is supposed to be done:
Per example, if you are receiving data from a form in POST, it would be: