PHP Mysql綁定變量的PDO數量與令牌數量不匹配

Question

您好我環顧四周，但似乎無法找到一個答案太我的問題。

這是我第一次使用PDO，所以我是一個完整的新手。

我有一個數據負載拆分到2個表，並希望將它們合併爲一個，還有其他方式做到這一點，但沒有進入複雜的原因，我試圖這樣做.. 。

我生成表的記錄，我想將數據從

拷貝構造我的發言

來看，它在一個循環

，但我得到以下錯誤

SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens 

我已經通過和三重檢查我有相同數量的變量，所以爲什麼「令牌不匹配我不知道」，就像我說這是非常新的，所以我可能錯過了親會認爲明顯的東西。

• 這也許值得一提的是，我沒有在表中增加了每一個欄，還有其他列，但我已經離開他們了準備語句... 繼承人我的代碼：

  //$dbh = new PDO($hostname_Seriously, $DB_USER, $DB_PASSWORD); 
  $dbh = new PDO('mysql:host=localhost;dbname=seriouslysoulful_summers', $username_Seriously, $password_Seriously); 
  $stmt = $dbh->prepare("INSERT INTO records_rec (oldid_rec, firstname_rec, artist_rec, aside_rec, bside_rec, label_rec, condition_rec, genere_rec, price_rec, collection_rec, active_rec, info_rec, notes_rec, order_rec, alabelimage_rec, blabelimage_rec, asound_rec, bsound_rec, featured_rec, format_rec) 
  VALUES (:oldid_rec, :firstname_rec, :artist_rec, :aside_rec, :bside_rec, :label_rec, :condition_rec, :genere_rec, :price_rec, :collection_rec, :active_rec, :info_rec, :notes_rec, :order_rec, :alabelimage_rec, :blabelimage_rec, asound_rec, bsound_rec, :featured_rec, :format_rec)"); 
  $stmt->bindParam(':oldid_rec', $id); 
  $stmt->bindParam(':firstname_rec', $firstname); 
  $stmt->bindParam(':artist_rec', $artist); 
  $stmt->bindParam(':aside_rec',$aside); 
  $stmt->bindParam(':bside_rec',$bside); 
  $stmt->bindParam(':label_rec',$label); 
  $stmt->bindParam(':condition_rec',$condition); 
  $stmt->bindParam(':genere_rec',$genere); 
  $stmt->bindParam(':price_rec',$price); 
  $stmt->bindParam(':collection_rec',$collection); 
  $stmt->bindParam(':active_rec',$active); 
  $stmt->bindParam(':info_rec',$info); 
  $stmt->bindParam(':notes_rec',$notes); 
  $stmt->bindParam(':order_rec',$order); 
  $stmt->bindParam(':alabelimage_rec',$alabel); 
  $stmt->bindParam(':blabelimage_rec',$blabel); 
  $stmt->bindParam(':asound_rec',$asound); 
  $stmt->bindParam(':bsound_rec',$bsound); 
  $stmt->bindParam(':featured_rec',$featured); 
  $stmt->bindParam(':format_rec',$format); 
  $reccount = 0; 
  //do{ 
  $id = $row_rs_original['id_prod']; 
  $firstname = 
  mysql_real_escape_string($row_rs_original['firstname_prod']); 
  $artist = mysql_real_escape_string($row_rs_original['artist_prod']); 
  $aside = mysql_real_escape_string($row_rs_original['a_side_prod']); 
  $bside = mysql_real_escape_string($row_rs_original['b_side_prod']); 
  $label = mysql_real_escape_string($row_rs_original['label_prod']); 
  $condition = mysql_real_escape_string($row_rs_original['condition_prod']); 
  $genere = $row_rs_original['genre_prod']; 
  $price = $row_rs_original['price_prod']; 
  $collection = mysql_real_escape_string($row_rs_original['collection_prod']); 
  $active = $row_rs_original['active_prod']; 
  $info = mysql_real_escape_string($row_rs_original['info_prod']); 
  $notes = mysql_real_escape_string($row_rs_original['notes_prod']); 
  $order = $row_rs_original['order_prod']; 
  $alabel = mysql_real_escape_string($row_rs_original['labelimage_A_prod']); 
  $blabel = mysql_real_escape_string($row_rs_original['labelimage_B_prod']); 
  $asound = mysql_real_escape_string($row_rs_original['soundfile_A_prod']); 
  $bsound = mysql_real_escape_string($row_rs_original['soundfile_B_prod']); 
  $featured = $row_rs_original['featured_prod']; 
  $format = $row_rs_original['format_prod']; 
  
  $stmt->execute(); 
  
      $reccount = $reccount +1; 
  //} while ($row_rs_original = mysql_fetch_assoc($rs_original)); 
  echo($reccount." - records added..."); 
  

Answer 1

缺少冒號

:blabelimage_rec, **:**asound_rec, **:**bsound_rec, :featured_rec, :format_rec 

Answer 2

看起來像馬克·貝克已經回答了你的追求離子，但我想添加一些幫助我很多的提示。

PDO不需要mysql_escape_string
只要一切進入查詢與用戶輸入的交易是使用準備語句（像你上面）你不需要逃脫輸入與mysql_real_escape_string [ 1]。

// Don't worry about SQL injection since all of the user 
// defined inputs are being escaped by the PDO package 
$sql = "INSERT INTO " 
    . "`users` " 
    . "SET " 
    . "`name` = :name"; 

$query = $pdo->prepare($sql); 
$query->bindParam(':name', $name); 
$query->execute(); 

但一定要知道，SQL注入仍然是可能的，如果你不綁定用戶輸入：

// SQL injection can totally happen here 
$sql = "INSERT INTO " 
    . "`users` " 
    . "SET " 
    . "`name` = $name"; 

$query = $pdo->prepare($sql); 
$query->execute(); 

[1] http://www.php.net/manual/en/pdo.prepared-statements.php

嘗試讓你的SQL儘可能短
對於簡單的SQL語句，它越短，維護越容易，並且出錯的可能性也越小。你可以使用一個替代INSERT語法[2]：

INSERT INTO 
    `users` 
SET 
    `name` = 'Steve'; 

等同於：

INSERT INTO 
    `users` 
    (
    `name` 
) 
    VALUES 
    (
    'Steve' 
); 

這意味着對於像你這樣大的語句，可以有效一半其大小，因爲你不知道需要重複所有的列名：

$sql = "INSERT INTO " 
     . "`records_rec` " 
     . "SET " 
     . "`oldid_rec`  = :oldid_rec, " 
     . "`firstname_rec` = :firstname_rec, " 
     . "`artist_rec`  = :artist_rec, " 
     . "`aside_rec`  = :aside_rec, " 
     . "`bside_rec`  = :bside_rec, " 
     . "`label_rec`  = :label_rec, " 
     . "`condition_rec` = :condition_rec, " 
     . "`genere_rec`  = :genere_rec, " 
     . "`price_rec`  = :price_rec, " 
     . "`collection_rec` = :collection_rec, " 
     . "`active_rec`  = :active_rec, " 
     . "`info_rec`  = :info_rec, " 
     . "`notes_rec`  = :notes_rec, " 
     . "`order_rec`  = :order_rec, " 
     . "`alabelimage_rec` = :alabelimage_rec, " 
     . "`blabelimage_rec` = :blabelimage_rec, " 
     . "`asound_rec`  = :asound_rec, " 
     . "`bsound_rec`  = :bsound_rec, " 
     . "`featured_rec` = :featured_rec, " 
     . "`format_rec`  = :format_rec"; 

$dbh = new PDO(<info goes here>); 
$stmt = $dbh->prepare($sql); 

// Bind your params here... 

[2] http://dev.mysql.com/doc/refman/5.5/en/insert.html

一定要讓SQL語句多行和漂亮

我開始格式化我的SQL語句是多行（如上），從那以後我有像這樣的錯誤更少。它確實佔用了很多空間，但我認爲最後它是值得的。通過將所有內容組合在一起，它會使錯誤像拇指一樣突出。

快樂編碼！