警告:PDOStatement::execute():SQLSTATE[HY093]:参数编号无效:参数未在第 24 行的 C:\wamp\www\PDO.php 中定义
Warning: PDOStatement::execute(): SQLSTATE[HY093]: Invalid parameter number: parameter was not defined in C:\wamp\www\PDO.php on line 24
今天,我在尝试我的代码时遇到了这个错误:参数未定义...
请帮帮我:
<?php
$user = 'dbuser';
$pass = 'pwd';
$db = new PDO( 'mysql:host=localhost;
dbname=registration', $user, $pass );
$form = $_POST;
$firstname = $form[ 'firstname' ];
$lastname = $form[ 'lastname' ];
$username = $form[ 'username' ];
$email = $form[ 'email' ];
$password = $form[ 'password1' ];
$dateofbirth = $form[ 'dateofbirth' ];
$monthofbirth = $form[ 'monthofbirth' ];
$yearofbirth = $form[ 'yearofbirth' ];
$gender = $form[ 'gender' ];
$sql = "INSERT INTO members ( firstname, lastname, username, email,
password, dateofbirth, monthofbirth, yearofbirth, gender )
VALUES ( :firstname, :lastname, :username,
:email, :password1, :dateofbirth, :monthofbirth, :yearofbirth,
:gender )";
$query = $db->prepare( $sql );
$query->execute( array( ':firstname'=>$firstname, ':lastname'=> $lastname,
':username'=>$username, ':email'=>$email, ':password'=>$password,
':dateofbirth'=>$dateofbirth, ':monthofbirth'=>$monthofbirth,
':yearofbirth'=>$yearofbirth, ':gender'=>$gender ) );
$result = $query->execute( array( ':firstname'=>$firstname, ':lastname'=>$lastname,
':username'=>$username, ':email'=>$email, ':password'=>$password,
':dateofbirth'=>$dateofbirth, ':monthofbirth'=>$monthofbirth,
':yearofbirth'=>$yearofbirth, ':gender'=>$gender ) );
if ( $result ){
echo "<p>Thank you. You have been registered</p>";
} else {
echo "<p>Sorry, there has been a problem inserting your details. Please contact admin.</p>";
}
?>
在您传递给 PDO::prepare 的查询字符串中,您有这个参数:
:email, :password1
但是您传递给 PDOStatement::execute 的数组没有 :password1 键,而是有一个 :password 键。这是一个简单的错字:请改正其中一个。
不过,在将实际提交的数据存储到数据库之前对其进行清理可能是个好主意。电子邮件地址之类的东西可以使用类似以下内容轻松验证:
if (!filter_var($email, FILTER_VALIDATE_EMAIL))
{
printf(
'%s is not a valid email address, please fill in correct values',
$email
);
//rebuild form, and return response to client
}
else
{
//carry on validating data, eventually insert it in the DB
}
同样重要的是不要忘记使用 isset 检查 post 参数,如果你不这样做,你的代码会产生很多通知
今天,我在尝试我的代码时遇到了这个错误:参数未定义... 请帮帮我:
<?php
$user = 'dbuser';
$pass = 'pwd';
$db = new PDO( 'mysql:host=localhost;
dbname=registration', $user, $pass );
$form = $_POST;
$firstname = $form[ 'firstname' ];
$lastname = $form[ 'lastname' ];
$username = $form[ 'username' ];
$email = $form[ 'email' ];
$password = $form[ 'password1' ];
$dateofbirth = $form[ 'dateofbirth' ];
$monthofbirth = $form[ 'monthofbirth' ];
$yearofbirth = $form[ 'yearofbirth' ];
$gender = $form[ 'gender' ];
$sql = "INSERT INTO members ( firstname, lastname, username, email,
password, dateofbirth, monthofbirth, yearofbirth, gender )
VALUES ( :firstname, :lastname, :username,
:email, :password1, :dateofbirth, :monthofbirth, :yearofbirth,
:gender )";
$query = $db->prepare( $sql );
$query->execute( array( ':firstname'=>$firstname, ':lastname'=> $lastname,
':username'=>$username, ':email'=>$email, ':password'=>$password,
':dateofbirth'=>$dateofbirth, ':monthofbirth'=>$monthofbirth,
':yearofbirth'=>$yearofbirth, ':gender'=>$gender ) );
$result = $query->execute( array( ':firstname'=>$firstname, ':lastname'=>$lastname,
':username'=>$username, ':email'=>$email, ':password'=>$password,
':dateofbirth'=>$dateofbirth, ':monthofbirth'=>$monthofbirth,
':yearofbirth'=>$yearofbirth, ':gender'=>$gender ) );
if ( $result ){
echo "<p>Thank you. You have been registered</p>";
} else {
echo "<p>Sorry, there has been a problem inserting your details. Please contact admin.</p>";
} ?>
在您传递给 PDO::prepare 的查询字符串中,您有这个参数:
:email, :password1
但是您传递给 PDOStatement::execute 的数组没有 :password1 键,而是有一个 :password 键。这是一个简单的错字:请改正其中一个。
不过,在将实际提交的数据存储到数据库之前对其进行清理可能是个好主意。电子邮件地址之类的东西可以使用类似以下内容轻松验证:
if (!filter_var($email, FILTER_VALIDATE_EMAIL))
{
printf(
'%s is not a valid email address, please fill in correct values',
$email
);
//rebuild form, and return response to client
}
else
{
//carry on validating data, eventually insert it in the DB
}
同样重要的是不要忘记使用 isset 检查 post 参数,如果你不这样做,你的代码会产生很多通知