无效的参数编号:绑定变量的数量与令牌的数量不匹配-PHP错误 [英] Invalid parameter number: number of bound variables does not match number of tokens - php error
本文介绍了无效的参数编号:绑定变量的数量与令牌的数量不匹配-PHP错误的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
运行以下代码时,我基本上会收到以下错误:
I basically receive the following error when running the below piece of code:
无法运行查询:SQLSTATE [HY093]:无效的参数编号:绑定变量的数量与令牌数量不匹配
Failed to run query: SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens
我是php的新手,不确定为什么会收到此错误...我已将此代码段用于INSERT (而非UPDATE)陈述式,而且运作良好。
I'm new to php and am not sure why I am receiving this error... I have used this piece of code for an INSERT (not UPDATE) statement in the past and it worked fine.
该代码已从另一个站点复制,仅被用作测试...
The code has been copied from another site, and is simply being used as a test...
// First we execute our common code to connection to the database and start the session
require("common.php");
$id = $_GET[id];
// This if statement checks to determine whether the registration form has been submitted
// If it has, then the registration code is run, otherwise the form is displayed
if(!empty($_POST))
{
// Ensure that the user has entered a non-empty password
if(empty($_POST['password']))
{
die("Please enter a password.");
}
// Ensure that the user has entered a non-empty username
if(empty($_POST['confirmpassword']))
{
// Note that die() is generally a terrible way of handling user errors
// like this. It is much better to display the error with the form
// and allow the user to correct their mistake. However, that is an
// exercise for you to implement yourself.
die("Please confirm your password.");
}
if ($_POST["password"] == $_POST["confirmpassword"]) {
// An INSERT query is used to add new rows to a database table.
// Again, we are using special tokens (technically called parameters) to
// protect against SQL injection attacks.
$query = "UPDATE Staff SET password=:password, salt=:salt WHERE id=:id";
// A salt is randomly generated here to protect again brute force attacks
// and rainbow table attacks. The following statement generates a hex
// representation of an 8 byte salt. Representing this in hex provides
// no additional security, but makes it easier for humans to read.
$salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647));
// This hashes the password with the salt so that it can be stored securely
// in your database. The output of this next statement is a 64 byte hex
// string representing the 32 byte sha256 hash of the password. The original
// password cannot be recovered from the hash.
$password = hash('sha256', $_POST['password'] . $salt);
// Next we hash the hash value 65536 more times. The purpose of this is to
// protect against brute force attacks. Now an attacker must compute the hash 65537
// times for each guess they make against a password, whereas if the password
// were hashed only once the attacker would have been able to make 65537 different
// guesses in the same amount of time instead of only one.
for($round = 0; $round < 65536; $round++)
{
$password = hash('sha256', $password . $salt);
}
try
{
// Execute the query to create the user
$stmt = $db->prepare($query);
$stmt->execute(array(
':password' => $password,
':salt' => $salt));
}
catch(PDOException $ex)
{
// Note: On a production website, you should not output $ex->getMessage().
// It may provide an attacker with helpful information about your code.
die("Failed to run query: " . $ex->getMessage());
}
// This redirects the user back to the login page after they register
header("Location: login.php");
// Calling die or exit after performing a redirect using the header function
// is critical. The rest of your PHP script will continue to execute and
// will be sent to the user if you do not die or exit.
die("Redirecting to login.php");
}
}
非常感谢
Joe
Thanks a lot, Joe
推荐答案
您缺少了:id 参数:
$stmt->execute(array(
':password' => $password,
':salt' => $salt,
':id' => $id
));
这篇关于无效的参数编号:绑定变量的数量与令牌的数量不匹配-PHP错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
