MySQL参数错误

时间:2013-07-28 23:18:07

标签: php

我正在尝试让我的查询为这个PHP工作,但我得到一个“无效的参数编号:绑定变量的数量与令牌的数量不匹配”这是我的PHP的片段:

<?php

/*
Our "config.inc.php" file connects to database every time we include or require
it within a php script.  Since we want this script to add a new user to our db,
we will be talking with our database, and therefore,
let's require the connection to happen:
*/
require("configmob.php");

//if posted data is not empty
if (!empty($_POST)) {
//If the username or password is empty when the user submits
//the form, the page will die.
//Using die isn't a very good practice, you may want to look into
//displaying an error message within the form instead.  
//We could also do front-end form validation from within our Android App,
//but it is good to have a have the back-end code do a double check.
if (empty($_POST['FirstName']) || empty($_POST['LastName'])) {


    // Create some data that will be the JSON response 
    $response["success"] = 0;
    $response["message"] = "Please Enter Both a First Name and a Last Name.";

    //die will kill the page and not execute any code below, it will also
    //display the parameter... in this case the JSON data our Android
    //app will parse
    die(json_encode($response));
}

//if the page hasn't died, we will check with our database to see if there is
//already a user with the username specificed in the form.  ":user" is just
//a blank variable that we will change,Spot FROM Reservation WHERE Date = ':Date' AND Time = ':Time' AND Spot = ':Spot' ";
//now lets update what :user should be

$query = "Select * FROM Reservation WHERE Date = ':Date' AND TimeIn = ':TimeIn' AND Spot = ':Spot'"; 
$query_params = array(':Date' => $_POST['Date'] , ':TimeIn' => $_POST['Time'] , ':Spot' => $_POST['Spot']
);

//Now let's make run the query:
try {
    // These two statements run the query against your database table. 
    $stmt   = $db->prepare($query);
    $result = $stmt->execute($query_params);
}
catch (PDOException $ex) {
    // For testing, you could use a die and message. 
    //die("Failed to run query: " . $ex->getMessage());

    //or just use this use this one to product JSON data:
    $response["success"] = 0;
    $response["message"] = $ex->getMessage();
    die(json_encode($response));
}

//fetch is an array of returned data.  If any data is returned,
//we know that the username is already in use, so we murder our
//page
$row = $stmt->fetch();
if ($row) {
    // For testing, you could use a die and message. 
    //die("This username is already in use");

    //You could comment out the above die and use this one:
    $response["success"] = 0;
    $response["message"] = "I'm sorry, this Reservation is already Taken";
    die(json_encode($response));
}

//If we have made it here without dying, then we are in the clear to 
//create a new user.  Let's setup our new query to create a user.  
//Again, to protect against sql injects, user tokens such as :user and :pass
$query = "INSERT INTO Reservation (Fname, Lname, Garno, Gname, EmpID, CustID, License, Floor, Spot, TimeIn, TimeOut, Date, Confirmation)
        VALUES (:Fname, :Lname, :Garno, :Gname, :EmpID, :CustID, :License, :Floor, :Spot, :TimeIn, :TimeOut, :Date, :Confirmation) ";


//Again, we need to update our tokens with the actual data:
$query_params = array(
    ':Fname' => $_POST['FirstName'],
    ':Lname' => $_POST['LastName'],
    ':Gname' => $_POST['Garage'],
    ':Date' => $_POST['Date'],
    ':TimeIn' => $_POST['Time'],
    ':Spot' => $_POST['Spot'],
    ':Confirmation' => $_POST['Confirmation'],

);

//time to run our query, and create the user
try {
    $stmt   = $db->prepare($query);
    $result = $stmt->execute($query_params);
}
catch (PDOException $ex) {
    // For testing, you could use a die and message. 
    //die("Failed to run query: " . $ex->getMessage());

    //or just use this use this one:
    $response["success"] = 0;
    $response["message"] = $ex->getMessage();
    die(json_encode($response));
}

//If we have made it this far without dying, we have successfully added
//a new user to our database.  We could do a few things here, such as 
//redirect to the login page.  Instead we are going to echo out some
//json data that will be read by the Android application, which will login
//the user (or redirect to a different activity, I'm not sure yet..)
$response["success"] = 1;
$response["message"] = "Reservation Added!!";
echo json_encode($response);

//for a php webservice you could do a simple redirect and die.
//header("Location: loginmob.php"); 
//die("Redirecting to loginmob.php");


} else {
?>
<h1>Register</h1> 
<form action="register.php" method="post"> 
    Username:<br /> 
    <input type="text" name="username" value="" /> 
    <br /><br /> 
    Password:<br /> 
    <input type="password" name="password" value="" /> 
    <br /><br /> 
    <input type="submit" value="Register New User" /> 
</form>
<?php
}

?>

感谢您的帮助!

1 个答案:

答案 0 :(得分:1)

这是我在你的第二个陈述中发现的:

$query = "Select * FROM Reservation WHERE Date = ':Date' AND TimeIn = ':Time' AND Spot = ':Spot'"; 
$query_params = array(':Date' => $_POST['Date'] , ':TimeIn' => $_POST['Time'] , ':Spot' => $_POST['Spot']
);

您的:TimeIn应该是:Time,如下所示:

$query_params = array(':Date' => $_POST['Date'] , ':Time' => $_POST['Time'] , ':Spot' => $_POST['Spot']

更新

同样在您的第二个查询中,您遗失了:Garno,请尝试以下操作:

$query = "INSERT INTO Reservation (Fname, Lname, Garno, Gname, EmpID, CustID, License, Floor, Spot, TimeIn, TimeOut, Date, Confirmation)
        VALUES (:Fname, :Lname, :Garno, :Gname, :EmpID, :CustID, :License, :Floor, :Spot, :TimeIn, :TimeOut, :Date, :Confirmation) ";


//Again, we need to update our tokens with the actual data:
$query_params = array(
    ':Fname' => $_POST['FirstName'],
    ':Lname' => $_POST['LastName'],
    ':Garno' => $_POST['Garno'], // Hopefully $_POST['Garno'] is what you want.
    ':EmpID' => $_POST['EmpID'], // Hopefully $_POST['EmpID'] is what you want.
    ':CustID' => $_POST['CustID'], // Hopefully $_POST['CustID'] is what you want.
    ':License' => $_POST['License'], // Hopefully $_POST['License'] is what you want.
    ':Floor' => $_POST['Floor'], // Hopefully $_POST['Floor'] is what you want.
    ':TimeOut' => $_POST['TimeOut'], // Hopefully $_POST['TimeOut'] is what you want.
    ':Gname' => $_POST['Garage'], // You don't need this, remove this.
    ':Date' => $_POST['Date'],
    ':TimeIn' => $_POST['Time'],
    ':Spot' => $_POST['Spot'],
    ':Confirmation' => $_POST['Confirmation'],

);