Jump to content

Recommended Posts

hey all,

I've finally took a leap towards the brighter side of coding.. and Ive started to convert my code from php to opp pdo ect..

However the errors Ive been through my cms's and well anything to do with inserting into a database is rather confusing..

ERRORS such as invalid parameter number,.

 

What does this mean?

 

Here's the code that im getting the error from:

<?php

	//if form has been submitted process it
	if(isset($_POST['submit'])){

		$_POST = array_map( 'stripslashes', $_POST );

		//collect form data
		extract($_POST);

		//very basic validation
		if($title ==''){
			$error[] = 'Please enter the title.';
		}

		if($short_desc ==''){
			$error[] = 'Please enter a short description.';
		}
		if($full_desc ==''){
			$error[] = 'Please enter a full description.';
		}

		if(!isset($error)){

			try {

				//insert into database
				$stmt = $handler->prepare('INSERT INTO calendar_event (title,short_desc,full_desc,date) VALUES (:title, :short_desc, :full_desc, :date)') ;
				$stmt->execute(array(
					':title' => $title,
					':short_desc' => $short_desc,
					':ful_desc' => $full_desc,
					':date' => date('Y-m-d')
				));

				//redirect to index page
				header('Location: index.php?action=added');
				exit;

			} catch(PDOException $e) {
			    echo $e->getMessage();
			}

		}

	}

	//check for any errors
	if(isset($error)){
		foreach($error as $error){
			echo '<p class="error">'.$error.'</p>';
		}
	}
	?>

	<form action='' method='post'>
	<table class="admin_table_defaults">
	<tr>
		<th width="10px">Title</th>
		<th width="200px">Date</th>
		<th width="200px"> </th>
		<th></th>
	</tr>
	<tr>
		<td><input type='text' name='title' value='<?php if(isset($error)){ echo $_POST['title'];}?>'></td>
		<td><input type='date' name='date' value='<?php if(isset($error)){ echo $_POST['date'];}?>'></td>
		<td><td>
	</tr>
	</table>
	<table class="admin_table_defaults">
	<tr>
		<th style="text-align:left;"> Short Description <span class="small_text">  : NB - Please avoid using images, align properties, stick to text format. <br/><b style="background:#fff;font-size:14px;">Note : There's a character max of 100 characters for this field</b></span></th>
	</tr>
	<tr>
		<td><textarea name='short_desc' cols='60' rows='10' ><?php if(isset($error)){ echo $_POST['short_desc'];}?></textarea></td>
	</tr>
	<tr>
	</table>
	<table class="admin_table_defaults">
	<tr>
		<th style="text-align:left;"> Full Description: <span class="small_text"></th>
	</tr>
	<tr>
		<td><textarea name='full_desc' cols='60' rows='10'><?php if(isset($error)){ echo $_POST['full_desc'];}?></textarea></td>
	</tr>
	<tr>
		<td><input class="admin_submit_btn"type='submit' name='submit' value='Submit'></td>
	</tr>
	<tr>
	</table>
	</tr>
	</table>

	</form>

Any help will be greatly appreciated 

 

Thanks in advance..

  

 

 

Link to comment
https://forums.phpfreaks.com/topic/291218-errorr-reporting-help/
Share on other sites

“ful_desc” and “full_desc” are two different identifiers. You need to choose one and stick to it.

 

Besides that, I have no idea why you catch all PDO exceptions and print the message on the screen. Do you really want all users to see your database issues on their screen? Do you realize that the default behaviour of exceptions is much smarter? They send the message to the appropriate device according to your display_errors and your log_errors setting. In a development environment, you'll want the messages on the screen for easier debugging, so you turn display_errors on and log_errors off. On a live site, you want the messages in a log file and not on the screen, so you turn display_errors off and log_errors on.

The error you get has to do with this code:

$stmt = $handler->prepare('INSERT INTO calendar_event (title,short_desc,full_desc,date) VALUES (:title, :short_desc, :full_desc, :date)') ;

$stmt->execute(array(
   ':title' => $title,
   ':short_desc' => $short_desc,
   ':ful_desc' => $full_desc,
   ':date' => date('Y-m-d')
));

More specifically, the 'placeholders' like :title, :short_desc, etc...

When you try to bind the parameters of your query with actual values, PDO/PHP will throw an error at you if you don't have the right amount of 'parameters' to replace the placeholders.

 

For example, if you have a query like:

'SELECT * FROM user WHERE username = :username and title = :title'

and you try to bind the parameters like this:

$stmt->execute(array(
':title' => $title
))

PHP won't be happy, because the :username is not there. It will then throw you this error:

Invalid parameter number: number of bound variables does not match number of tokens

Same thing if you make a mistake while typing your placehodlers VS the name that you pass in the array. If for the same request I would do:

$stmt->execute(array(
':title' => $title,
':usernameWithATypo' => $username
))

Notice how ':usernameWithATypo' is not the same as the ':username' we had in our query....

 

If you do this, PHP won't be happy and will throw you a similar error message:

Invalid parameter number: parameter was not defined in

We could argue that the 'Invalid parameter number' isn't technically OK, because we sent the right amount of parameters expected, only one that wasn't correctly spelled... but still, that's the error that PHP will throw.

 

As for catching the errors that PDO sends, it's true that it's not a good practice. What you want to do in your 'live' website, is to display a nice error page to your users. To do this, you can use the method 'set_exception_handler' - Also, here's a post I wrote about it if you're interested to know more.  So, in summary, you probably don't need the 'try catch' for PDO exception and you can just let them 'bubble up'. And, if you specify a function with set_exception_handler', this function will be called each time an exception is raised and not catch. Which makes it way easier ;)

What you want to do in your 'live' website, is to display a nice error page to your users. To do this, you can use the method 'set_exception_handler'

 

No, you don't. It makes absolutely no sense whatsoever to create an error handler specifically for exceptions. What's so special about them? Should a “normal” fatal error get a different error page, or what?

 

In fact, it's funny that people feverishly catch exceptions and write their own error handlers, but nobody seems to realize that PHP itself already has those functionalities: If a fatal error is triggered, display_errors is off and no output has been generated, PHP automatically emits a 500 response code. Now your webserver simply needs to deliver a custom 500 error page. No code required.

 

There may be some edge cases where the standard error features are not accessible or not sufficient, but most of the time, custom error handlers are completely unnecesary and just repeat core features.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.