current community

your communities

more stack exchange communities

Stack Exchange
tour help
careers 2.0
Take the 2-minute tour ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 1 down vote favorite
1

I have created a simple mySQL database, and I am trying to insert some test data into it using PHP. When I ran the method on Firefox I got the following message, and I can not resolve this problem:

Warning: PDOStatement::execute() [pdostatement.execute]: SQLSTATE[HY093]: Invalid parameter number:

My method to insert sample into my datebase is:

public function confirmInsert(){
    $admin="admin";
    $pass="12345v";
    $mail="[email protected]";  
    $insertSQL = "INSERT INTO 'users' ('user_name', 'user_pass, 'user_email')
            VALUES (
                    :admin, 
                    :pass,
                    :mail)";
    try {

        $stmt = $this->db->prepare($insertSQL);
        $stmt ->bindParam(':user_name',$admin, PDO::PARAM_STR);
        $stmt ->bindParam(':user_pass', $pass, PDO::PARAM_STR);
        $stmt->bindParam(':user_email', $mail,PDO::PARAM_STR);
        $stmt->execute();
        $stmt->closeCursor();
        return TRUE;
        } catch (Exception $e) {
            $e -> getMessage();
        }
}

I am running on //localhost, and using apache 2.2 and php 5.2.17. Thanks!!

share|improve this question
    
You have an unmatched opening single quote: 'user_pass –  icktoofay Jul 11 '11 at 0:52
    
@icktoofay: and even more - there shouldn't be single quotes at all, but backticks (or nothing) –  zerkms Jul 11 '11 at 0:54

2 Answers 2

up vote 3 down vote accepted

'You don't have the same name for your parameters in the query and when you bind them. You also have to remove the quotes around the fields name in the query.

Should be better that way:

public function confirmInsert(){
    $admin='admin';
    $pass='12345v';
    $mail='[email protected]';  
    $insertSQL = "INSERT INTO users (user_name, user_pass, user_email)
            VALUES (
                    :admin, 
                    :pass,
                    :mail)";
    try {

        $stmt = $this->db->prepare($insertSQL);
        $stmt ->bindParam(':admin',$admin, PDO::PARAM_STR);
        $stmt ->bindParam(':pass', $pass, PDO::PARAM_STR);
        $stmt->bindParam(':mail', $mail,PDO::PARAM_STR);
        $stmt->execute();
        $stmt->closeCursor();
        return TRUE;
        } catch (Exception $e) {
            $e -> getMessage();
        }
}
share|improve this answer
    
thanks for the reply. –  zman Jul 11 '11 at 0:56
    
with your change, it does get rid of the error message, but it still doesnt insert anything into the database. The column names as you can see in the prepare string are: 'user_name', 'user_pass, 'user_email'. When binding with bindParam, admin, pass, mail, respectively, are we changing the column names?? –  zman Jul 11 '11 at 1:02
    
No the column names stay the same, you add some errors in the usage of quotes, I've updated my answer –  Pompom6784 Jul 11 '11 at 1:07
up vote 0 down vote

I don't yet have the rights to make comments, so i have to post this as an answer..

R.E. Pompom6784's answer, using bindParam() the variable name need not match the parameter:

$stmt->bindParam(':user_name', $admin, PDO::PARAM_STR);

Should work just fine.

You are binding :user_name to accept only the variable named $admin

..if that makes things a bit clearer.

If you would like some more information on this topic, here's a good article to read through:

Why you Should be using PHP’s PDO for Database Access

It includes examples where it is necessary to have matching variable and placeholder names.

share|improve this answer

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.