ttocskcaj Posted August 29, 2012 Share Posted August 29, 2012 I'm new to using PDO and prepared statements. I have the following code: $db = MineCMS::get()->getDatabase(); $stmt = $db->prepare("SELECT * FROM `` WHERE `?` = '?'"); $result = $stmt->execute(array($db->prefix('servers'),$by,$value)); $row = $result->fetch(); Where $db is an instance of PDO. It returns the following error: SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens What am I doing wrong? Quote Link to comment Share on other sites More sharing options...
xyph Posted August 29, 2012 Share Posted August 29, 2012 You should check out the examples in the manual. For one, you've only defined 2 parameters, but attempt to use 3 in the execute method. Another, you are trying to SELECT from... a table with an empty name? Finally, you aren't supposed to have column/table names as parameters. It won't work properly. You shouldn't be defining those from insecure sources anyways. Quote Link to comment Share on other sites More sharing options...
ttocskcaj Posted August 29, 2012 Author Share Posted August 29, 2012 Sorry, that was just a typo. It should read: $stmt = $db->prepare("SELECT * FROM `?` WHERE `?` = '?'"); which still doesn't work. Also the $by and $value get checked before that code. Quote Link to comment Share on other sites More sharing options...
Jessica Posted August 29, 2012 Share Posted August 29, 2012 Finally, you aren't supposed to have column/table names as parameters. It won't work properly. You shouldn't be defining those from insecure sources anyways. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.