Warning: Pdostatement::Execute(): SQLstate[Hy093]: Invalid Parameter Number: Parameter Was Not Defined In...Filetext

Warning: PDOStatement::execute(): SQLSTATE[HY093]: Invalid parameter number: parameter was not defined in...filetext

If you use positional parameters, the array of parameters you pass to execute() must be an ordinal array. Likewise, if you use named parameters, the array must be an associative array.

Here's a test to confirm the behavior:

$stmt = $db->prepare("SELECT ?, ? ,?");

$params = array( 'a', 'b', 'c' );
// OK
if ($stmt->execute($params)) {
  print_r($stmt->fetchAll());
}

$params = array( 'A'=>'abc', 'B'=>'def', 'C'=>'ghi' );
// ERROR!
if ($stmt->execute($params)) {
  print_r($stmt->fetchAll());
}

$stmt = $db->prepare("SELECT :A, :B, :C");

$params = array( 'a', 'b', 'c' );
// ERROR!
if ($stmt->execute($params)) {
  print_r($stmt->fetchAll());
}

$params = array( 'A'=>'abc', 'B'=>'def', 'C'=>'ghi' );
// OK
if ($stmt->execute($params)) {
  print_r($stmt->fetchAll());
}

Note that in current versions of PHP, the associative array keys don't have to be prefixed with : as @prodigitalson comments. The : prefix used to be required in array keys in older versions of PHP.

It's also worth mentioning that I've encountered bugs and unpredictable behavior when I tried to mix positional parameters and named parameters in a single query. You can use either style in different queries in your app, but chose one style or another for a given query.

PDO valid characters for placeholders

The easiest way to find out, is to just check the source code:

BINDCHR     = [:][a-zA-Z0-9_]+;

You can use alphanumeric + underscore.

Warning: PDOStatement::execute() [pdostatement.execute]: SQLSTATE[HY093]: Invalid parameter number: parameter was not defined in

You have synatax error in your query and you are trying to pass wrong param.where is your $user_id so it should be $email because you are receiving $email and $password

Change

$stmt->bindParam(":user_id", $user_id, PDO::PARAM_STR);

With

$stmt->bindParam(":email", $email, PDO::PARAM_STR);

And Change

$stmt = $this->pdo->prepare("SELECT 'user_id' FROM 'users' WHERE 'email' = :email AND 'password' = :password");

With

$stmt = $this->pdo->prepare("SELECT user_id FROM users WHERE email = :email AND password = :password");

PDOStatement::execute(): SQLSTATE[HY093]: Invalid parameter number: parameter was not defined

:UnitID != :UnitId

Parameters are case-sensitive.

PDO valid characters for placeholders

The easiest way to find out, is to just check the source code:

BINDCHR     = [:][a-zA-Z0-9_]+;

You can use alphanumeric + underscore.

Warning: PDOStatement::execute(): SQLSTATE[HY093]: Invalid parameter number: parameter was not defined?

:English title is not a valid placeholder name. PDO/SQL cannot distinguish whether you mean one placeholder :English followed by the keyword title (which would be the usual SQL syntax, and is how it's interpreted, and is invalid syntax), or whether you mean a placeholder with a space in the middle.

You'll have to name your placeholder :englishTitle or something similar, without space. The same goes for your table name.

You're also missing parentheses:

INSERT INTO english_books VALUES (:englishTitle)

Warning: PDOStatement::execute(): SQLSTATE[HY093]: Invalid parameter number: parameter was not defined in C:\wamp\www\PDO.php on line 24

In the query string you're passing to PDO::prepare you have this parameter:

:email, :password1

But the array you're passing to PDOStatement::execute doesn't have a :password1 key, it has a :password key instead. It's a simple typo: fix either one or the other.

It might be a good idea to sanitize the actual submitted data before storing it in the DB, though. Things like an email address are easily verified using something like:

if (!filter_var($email, FILTER_VALIDATE_EMAIL))
{
    printf(
        '%s is not a valid email address, please fill in correct values',
         $email
    );
    //rebuild form, and return response to client
}
else
{
    //carry on validating data, eventually insert it in the DB
}

It's also important not to forget to check the post params using isset, if you don't your code can, and will, generate a lot of notices

---

Related Topics