注意:异常'PDOException',消息'SQLSTATE [HY093]:参数号无效:参数未定义'

时间:2014-08-02 16:00:28

标签: php sql security

好的,我真的很困惑。我似乎无法看到这个无效参数号码出错的地方。我可以弄清楚我哪里出错吗?

获取SQL查询并设置参数 

public function do_retrieve_stored_message_data()
    {
        $m_sql_query_string = CourseWorkSqlQuery::get_message_data();
        $m_message_data = $this->c_arr_display_stored_message_data['sanitised-message-data'];
        $m_arr_sql_query_parameters = 
        array(':message_date' => $m_message_data,
                ':message_time' => $m_message_data,
                ':message_last_value' => $m_message_data);

        $m_result = $this->c_obj_database_handle->safe_query($m_sql_query_string, $m_arr_sql_query_parameters);

SQL查询字符串 

public static function get_message_data()
    {
        $m_sql_query_string  =  "SELECT message_date, message_time, message_last_value ";
        $m_sql_query_string .=  "FROM cw_messages ";
        $m_sql_query_string .=  "WHERE message_date = :message_date ";
        $m_sql_query_string .=  "AND message_time = :message_time ";
        $m_sql_query_string .=  "AND message_last_value= :message_last_value ";
        $m_sql_query_string .=  "LIMIT 1";
        return $m_sql_query_string;
    }

数据库处理程序 

public function safe_query($p_query_string, $p_arr_params)
    {
        $m_database_query_execute_error = true;
        $m_query_string = $p_query_string;
        $m_arr_query_parameters = $p_arr_params;

        try
        {
            $m_temp = array();
            $this->c_obj_database_handle->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

            $this->c_obj_stmt = $this->c_obj_database_handle->prepare($m_query_string);

            // bind the parameters
            if (sizeof($m_arr_query_parameters) > 0)
            {
                foreach ($m_arr_query_parameters as $m_param_key => $m_param_value)
                {
                    $m_temp[$m_param_key] = $m_param_value;
                    $this->c_obj_stmt->bindParam($m_param_key, $m_temp[$m_param_key], PDO::PARAM_STR);
                }
            }

            // execute the query
            $m_execute_result = $this->c_obj_stmt->execute();

非常感谢任何帮助。

1 个答案:

答案 0 :(得分:0)

决议:

长话短说,我试图将所有3个参数分配给1个变量。所以为了改变这一点,我交换了:

旧代码 

..
..
$m_arr_sql_query_parameters = 
    array(':message_date' => $m_message_data,
            ':message_time' => $m_message_data,
            ':message_last_value' => $m_message_data);
..
..

新代码 

..
..
$m_arr_sql_query_parameters = 
    array(':message_date' => $m_message_date,
            ':message_time' => $m_message_time,
            ':message_last_value' => $m_message_last_value);
..
..

这解决了我的问题。很高兴知道你不能为一个变量分配多个paranter。请随意关闭此查询。

相关问题
最新问题