PDO: Invalid parameter number: mixed named and positional parameters
Change
LIMIT :offset, :limit
to
LIMIT ?, ?
and
$stmt->bindParam(':offset', $offset, PDO::PARAM_INT);
$stmt->bindParam(':limit', $limit, PDO::PARAM_INT);
to:
$stmt->bindValue($index+1, $offset, PDO::PARAM_INT);
$stmt->bindValue($index+2, $limit, PDO::PARAM_INT);
PHP PDO Invalid parameter number: mixed named and positional parameters
Your problem is exactly what the error message says, you are using positional parameters (?
) and named parameters (:year
) in the same query, which is not allowed. You need to consistently use one or the other e.g.
$name = $_GET['name'];
$stmt = $pdo->prepare("SELECT `st_id`, `st_name` FROM `students` WHERE st_name LIKE ? or st_phone LIKE ? AND atd_year = ?");
$param = array("%$name%", "%$name%", $_GET['yid']);
$stmt-> execute($param);
or using named parameters:
$name = $_GET['name'];
$stmt = $pdo->prepare("SELECT `st_id`, `st_name` FROM `students` WHERE st_name LIKE :name or st_phone LIKE :phone AND atd_year = :year");
$param = array(':name' => "%$name%", ':phone' => "%$name%", ':year' => $_GET['yid']);
$stmt-> execute($param);
PHP PDO: SQLSTATE[HY093]: Invalid parameter number: mixed named and positional parameters
Use a properly parametrized query. And the assignments in an UPDATE
statement must be separated by ,
, not AND
.
$stmt = $this->db->prepare("UPDATE matches SET `winner` = :setone
, `looser` = :settwo
, `winner_score` = :getChallengerScore
, `looser_score` = :getOpponentScore
, `opponent_blob` = :fileOpponentData
, `challenger_blob` = :fileChallengerData
WHERE `id` = :matchID");
$stmt->execute(array(
':setone' => $setone,
':settwo' => $settwo,
':getChallengerScore' => $getChallengerScore,
':getOpponentScore' => $getOpponentScore,
':fileOpponentData' => $fileOpponentData,
':fileChallengerData' => $fileChallengerData,
':matchID' => $matchID
));
Invalid parameter number: mixed named and positional parameters
This
$insertPage = $db->prepare("
INSERT INTO about (name, position, detail, imageType, imageData)
VALUES (:name, :position, :detail, {$imageProperties['mime']}, {$imageData})
");
$insertPage->execute([
'name' => $name,
'position' => $position,
'detail' => $detail,
'imageType' => $imageProperties['mime'],
'imageData' => $imageData
]);
should be
$insertPage = $db->prepare("
INSERT INTO about (name, position, detail, imageType, imageData)
VALUES (:name, :position, :detail, :imageType, :imageData)
");
$insertPage->execute([
'name' => $name,
'position' => $position,
'detail' => $detail,
'imageType' => $imageProperties['mime'],
'imageData' => $imageData
]);
note the change in the VALUES section of the INSERT query. This will fix the error you get. I'm not digging in what you are trying to achieve with this query and with the point that from my perspective it is better to store images in the filesystem and urls in the DB
SQLSTATE[HY093]: Invalid parameter number: mixed named and positional parameters
I believe the problem is with the Doctrine ORM support for NativeSQL.
I don't find any examples in the documentation of the setParameters
method being used for named parameters. All of the examples I see of that method being used are for positional, rather than named.
All of the examples for named parameters use the setParameter
(with no "s") method. And they only show a single occurrence of a matching placeholder in the SQL.
As a test (and as a possible workaround), try making each placeholder in the SQL text unique, and then set each one separately.
It looks like "named parameter" support may be somewhat incomplete (compared to what we are used to with Oracle and other ORM frameworks). It looks like Doctrine may have better support for the positional notation. (Which is great for simple statements, but it can be a real bear when you have lots of parameters, and you need to make changes to a SQL statement. That's where the benefit of named parameters really begins to shine... if they are supported right.)
Here's a link to the Doctrine ORM documentation http://doctrine-orm.readthedocs.org/en/latest/reference/query-builder.html?highlight=setParameters (Search for setParameters
on that page for examples.)
(See my comments on your question.)
That may not really answer your question, but it may get you moving in the right direction. Be careful out there.
PDO: Invalid parameter number: mixed named and positional parameters - question mark in comments
The solution is obvious: PDO disregards comments as such and sees the ? as a positional parameter. Removing the ? in your comment solves this problem.
There's a similar bug using unbound parameters in comments.
PDO PHP MYSQL mixed named and positional parameters
One thing I love about having a stable job is that I no longer have to worry about what my stackoverflow posts look like to potential employers. In that spirit, Your Common Sense and juergen d can both "take a walk" for being such uncooperative "so-and-sos".
This an AJAX response requested by the jQueryUI autocomplete({ source }) option.
Here's my finished, working code...
<?php
require_once('inc.connect.php');
if( $_SERVER['REQUEST_METHOD'] == 'GET' )
{
if( isset( $_REQUEST ))
{
$type = array_keys($_REQUEST)[0];
if( in_array( $type, ['category', 'sub_category', 'names', 'report_searches', 'report_favs'] ))
{
$value = $_REQUEST[$type];
$id = $type . '_id';
$name = $type . '_name';
$table = 'research_' . $type;
$where = $name;
$like = '%' . $value . '%';
$value === null ? $where_like = null : $where_like = ' WHERE ' . $where . ' LIKE ?';
$sql_db = new PDO('mysql:host=' . MYSQL_HOST . ';dbname=' . MYSQL_DBNAME . ';charset=UTF8', MYSQL_USERNAME, MYSQL_PASSWORD);
$sql_statement = 'SELECT ' . $id . ', ' . $name . ' FROM ' . $table . $where_like;
$sql_prepare = $sql_db->prepare( $sql_statement );
if( !($value === null) ) $sql_prepare->bindParam(1, $like);
try{
if( $sql_prepare->execute() )
{
while( $sql_result = $sql_prepare->fetch(PDO::FETCH_ASSOC) )
{
$return[$sql_result[$id]] = $sql_result[$name];
}
echo json_encode($return);
}
}
catch(PDOException $e)
{
echo $e->getMessage();
}
}
}
}
Fatal error: Uncaught PDOException: SQLSTATE[HY093]: Invalid parameter number: mixed named and positional parameters in
you can't use :param and ? use :id instead of ?
but for update you could use
'UPDATE ' . $this->table . '
set name = :name,
course = :course
WHERE id = :id ;';
public function updateStudent(){
$query = 'UPDATE ' . $this->table . '
set name = :name,
course = :course
WHERE id = :id ;';
$stmt = $this->conn->prepare($query);
$this->id = htmlspecialchars(strip_tags($this->id));
$this->name = htmlspecialchars(strip_tags($this->name));
$this->course = htmlspecialchars(strip_tags($this->course));
$stmt->bindParam(':id', $this->id);
$stmt->bindParam(':name', $this->name);
$stmt->bindParam(':course', $this->course);
if($stmt->execute()){
return true;
}
//print error
printf("Error: %s.\n", $stmt->error);
return false;
}
Related Topics
Pass a Percent (%) Sign in a Url and Get Exact Value of It Using PHP
Laravel - Model Class Not Found
Tilde Operator in Regular Expressions
How to Send Emails with Arabic Content via PHP's Mail Function
Mod_Rewrite, PHP and the .Htaccess File
Process Mathematical Equations in PHP
Best Way to Clear a PHP Array's Values
Laravel Validation: Exists with Additional Column Condition - Custom Validation Rule
Get Variables from the Outside, Inside a Function in PHP
How to Include a PHP.Ini File in Another PHP.Ini File
How to Get the Last N Items in a PHP Array as Another Array
How to Download Large Files Through PHP Script
Setting Document Root for Laravel Project on Apache Virtual Host
Dynamic Shipping Fee Based on Custom Radio Buttons in Woocommerce
Pdo Prepared Statement Fetch() Returning Double Results
Remove All Non-Numeric Characters from a String; [^0-9] Doesn't Match as Expected