PHP Mysql PDO绑定变量数与令牌数不匹配
我在这里到处找了找,但似乎找不到我问题的答案 这是我第一次使用PDO,所以我是一个完全的新手 我将大量数据拆分为两个表,并希望将它们合并到一个表中,还有其他方法可以做到这一点,但不必讨论我为什么要这样做的复杂原因 我生成要从中复制数据的表的记录集 构造我的语句 循环运行它 但是我得到了以下错误PHP Mysql PDO绑定变量数与令牌数不匹配,php,mysql,pdo,prepared-statement,Php,Mysql,Pdo,Prepared Statement,我在这里到处找了找,但似乎找不到我问题的答案 这是我第一次使用PDO,所以我是一个完全的新手 我将大量数据拆分为两个表,并希望将它们合并到一个表中,还有其他方法可以做到这一点,但不必讨论我为什么要这样做的复杂原因 我生成要从中复制数据的表的记录集 构造我的语句 循环运行它 但是我得到了以下错误 SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match the number of toke
SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match the number of tokens
我经历过三次检查,我有同样数量的变量,所以为什么“令牌不匹配,我不知道”,就像我说的,这是很新的,所以我可能忽略了一些专业人员会认为显而易见的东西。
- 可能值得一提的是,我并没有添加到表中的每一列,还有其他列,但我在准备好的语句中没有添加它们。。。
这是我的密码:
//$dbh = new PDO($hostname_Seriously, $DB_USER, $DB_PASSWORD); $dbh = new PDO('mysql:host=localhost;dbname=seriouslysoulful_summers', $username_Seriously, $password_Seriously); $stmt = $dbh->prepare("INSERT INTO records_rec (oldid_rec, firstname_rec, artist_rec, aside_rec, bside_rec, label_rec, condition_rec, genere_rec, price_rec, collection_rec, active_rec, info_rec, notes_rec, order_rec, alabelimage_rec, blabelimage_rec, asound_rec, bsound_rec, featured_rec, format_rec) VALUES (:oldid_rec, :firstname_rec, :artist_rec, :aside_rec, :bside_rec, :label_rec, :condition_rec, :genere_rec, :price_rec, :collection_rec, :active_rec, :info_rec, :notes_rec, :order_rec, :alabelimage_rec, :blabelimage_rec, asound_rec, bsound_rec, :featured_rec, :format_rec)"); $stmt->bindParam(':oldid_rec', $id); $stmt->bindParam(':firstname_rec', $firstname); $stmt->bindParam(':artist_rec', $artist); $stmt->bindParam(':aside_rec',$aside); $stmt->bindParam(':bside_rec',$bside); $stmt->bindParam(':label_rec',$label); $stmt->bindParam(':condition_rec',$condition); $stmt->bindParam(':genere_rec',$genere); $stmt->bindParam(':price_rec',$price); $stmt->bindParam(':collection_rec',$collection); $stmt->bindParam(':active_rec',$active); $stmt->bindParam(':info_rec',$info); $stmt->bindParam(':notes_rec',$notes); $stmt->bindParam(':order_rec',$order); $stmt->bindParam(':alabelimage_rec',$alabel); $stmt->bindParam(':blabelimage_rec',$blabel); $stmt->bindParam(':asound_rec',$asound); $stmt->bindParam(':bsound_rec',$bsound); $stmt->bindParam(':featured_rec',$featured); $stmt->bindParam(':format_rec',$format); $reccount = 0; //do{ $id = $row_rs_original['id_prod']; $firstname = mysql_real_escape_string($row_rs_original['firstname_prod']); $artist = mysql_real_escape_string($row_rs_original['artist_prod']); $aside = mysql_real_escape_string($row_rs_original['a_side_prod']); $bside = mysql_real_escape_string($row_rs_original['b_side_prod']); $label = mysql_real_escape_string($row_rs_original['label_prod']); $condition = mysql_real_escape_string($row_rs_original['condition_prod']); $genere = $row_rs_original['genre_prod']; $price = $row_rs_original['price_prod']; $collection = mysql_real_escape_string($row_rs_original['collection_prod']); $active = $row_rs_original['active_prod']; $info = mysql_real_escape_string($row_rs_original['info_prod']); $notes = mysql_real_escape_string($row_rs_original['notes_prod']); $order = $row_rs_original['order_prod']; $alabel = mysql_real_escape_string($row_rs_original['labelimage_A_prod']); $blabel = mysql_real_escape_string($row_rs_original['labelimage_B_prod']); $asound = mysql_real_escape_string($row_rs_original['soundfile_A_prod']); $bsound = mysql_real_escape_string($row_rs_original['soundfile_B_prod']); $featured = $row_rs_original['featured_prod']; $format = $row_rs_original['format_prod']; $stmt->execute(); $reccount = $reccount +1; //} while ($row_rs_original = mysql_fetch_assoc($rs_original)); echo($reccount." - records added...");
:blabelimage_rec, **:**asound_rec, **:**bsound_rec, :featured_rec, :format_rec
看起来马克·贝克已经回答了你的问题,但我想补充一些对我帮助很大的技巧 PDO不需要
mysql\u escape\u字符串
只要进入您的查询中处理用户输入的所有内容都使用了一个准备好的语句(如上面所述),您就不需要使用
mysql\u real\u escape\u string
[1]来转义输入
// Don't worry about SQL injection since all of the user
// defined inputs are being escaped by the PDO package
$sql = "INSERT INTO "
. "`users` "
. "SET "
. "`name` = :name";
$query = $pdo->prepare($sql);
$query->bindParam(':name', $name);
$query->execute();
但请注意,如果不绑定用户输入,SQL注入仍然是可能的:
// SQL injection can totally happen here
$sql = "INSERT INTO "
. "`users` "
. "SET "
. "`name` = $name";
$query = $pdo->prepare($sql);
$query->execute();
[1]
尽量使SQL尽可能短
对于简单的SQL语句,它越短,维护就越容易,犯错误的可能性就越小。您可以使用另一种插入语法[2]:
INSERT INTO
`users`
SET
`name` = 'Steve';
相当于:
INSERT INTO
`users`
(
`name`
)
VALUES
(
'Steve'
);
这意味着对于像您这样的大型语句,您可以有效地将其大小减半,因为您不需要重复所有列名:
$sql = "INSERT INTO "
. "`records_rec` "
. "SET "
. "`oldid_rec` = :oldid_rec, "
. "`firstname_rec` = :firstname_rec, "
. "`artist_rec` = :artist_rec, "
. "`aside_rec` = :aside_rec, "
. "`bside_rec` = :bside_rec, "
. "`label_rec` = :label_rec, "
. "`condition_rec` = :condition_rec, "
. "`genere_rec` = :genere_rec, "
. "`price_rec` = :price_rec, "
. "`collection_rec` = :collection_rec, "
. "`active_rec` = :active_rec, "
. "`info_rec` = :info_rec, "
. "`notes_rec` = :notes_rec, "
. "`order_rec` = :order_rec, "
. "`alabelimage_rec` = :alabelimage_rec, "
. "`blabelimage_rec` = :blabelimage_rec, "
. "`asound_rec` = :asound_rec, "
. "`bsound_rec` = :bsound_rec, "
. "`featured_rec` = :featured_rec, "
. "`format_rec` = :format_rec";
$dbh = new PDO(<info goes here>);
$stmt = $dbh->prepare($sql);
// Bind your params here...
$sql=“插入到”
. “`records\u rec`”
. “设置”
. “`oldid\u rec`=:oldid\u rec,”
. “`firstname\u rec`=:firstname\u rec,”
. “`artist\u rec`=:artist\u rec,”
. “`aside\u rec`=:aside\u rec,”
. “`bside\u rec`=:bside\u rec,”
. “`label\u rec`=:label\u rec,”
. “`condition\u rec`=:condition\u rec,”
. “`genere\u rec`=:genere\u rec,”
. “`price\u rec`=:price\u rec,”
. “`collection\u rec`=:collection\u rec,”
. “`active\u rec`=:active\u rec,”
. “`info\u rec`=:info\u rec,”
. “`notes\u rec`=:notes\u rec,”
. “`order\u rec`=:order\u rec,”
. “`alabelimage\u rec`=:alabelimage\u rec,”
. “`blabelimage_rec`=:blabelimage_rec,”
. “`asound\u rec`=:asound\u rec,”
. “`bsound\u rec`=:bsound\u rec,”
. “`featured\u rec`=:featured\u rec,”
. “`format_rec`=:format_rec”;
$dbh=新的PDO();
$stmt=$dbh->prepare($sql);
//把你的情人绑在这里。。。
[2]
一定要使您的SQL语句多行且漂亮
我开始将我的SQL语句格式化为多行(如上所述),从那时起,我就很少出现这样的错误。它确实占用了很多空间,但我认为最终还是值得的。通过把所有的东西排成一行,它会让错误像拇指酸痛一样突出
快乐编码 我对这件事的评价太高了!