' SQLSTATE [HY093]:参数号无效:参数未定义'

时间:2017-04-21 19:56:19

标签: php sql-server pdo bindparam

我一直收到上述错误。以下是我的设置:

$InsertSQL = "insert into reports.NonVarassetInvoices(State, CLLI, Type, Vendor, DateReceived, InvoiceNumber, InvoiceDate, TotalInvoiceAmount, ProjectWONumber, CAF, SentForApprovalDate, Approver
            , ApprovalReceivedDate, ReleaseDate, ReleaseNumber, SentToAPDate, InvoicerName, Status, HoldReason, Notes)
select ':State', ':CLLI', (select Id from pmdb.PicklistChild where ParentId in(select Id from pmdb.PicklistParent where Value = ':Type') order by Sequence)
    , ':Vendor', ':DateReceived', ':InvoiceNumber', ':InvoiceDate', :TotalInvoiceAmount, ':ProjectWONumber', ':CAF', ':SentForApprovalDate', ':Approver'
    , ':ApprovalReceivedDate', ':ReleaseDate', ':ReleaseNumber', ':SentToAPDate', ':InvoicerName'
    , (select Id from pmdb.PicklistChild where ParentId in(select Id from pmdb.PicklistParent where Value = ':Status') order by Sequence)
    , (select Id from pmdb.PicklistChild where ParentId in(select Id from pmdb.PicklistParent where Value = ':HoldReason') order by Sequence), ':Notes'";

$stmt = $conn->prepare($InsertSQL);

$stmt->bindParam(':State', $State, PDO::PARAM_STR);
$stmt->bindParam(':CLLI', $CLLI, PDO::PARAM_STR);
$stmt->bindParam(':Type', $Type, PDO::PARAM_INT);
$stmt->bindParam(':Vendor', $Vendor, PDO::PARAM_STR);
$stmt->bindParam(':DateReceived', $DateReceived, PDO::PARAM_STR);
$stmt->bindParam(':InvoiceNumber', $InvoiceNumber, PDO::PARAM_STR);
$stmt->bindParam(':InvoiceDate', $InvoiceDate, PDO::PARAM_STR);
$stmt->bindParam(':TotalInvoiceAmount', $TotalInvoiceAmount, PDO::PARAM_INT);
$stmt->bindParam(':ProjectWONumber', $ProjectWONumber, PDO::PARAM_STR);
$stmt->bindParam(':CAF', $CAF, PDO::PARAM_STR);
$stmt->bindParam(':SentForApprovalDate', $SentForApprovalDate, PDO::PARAM_STR);
$stmt->bindParam(':Approver', $Approver, PDO::PARAM_STR);
$stmt->bindParam(':ApprovalReceivedDate', $ApprovalReceivedDate, PDO::PARAM_STR);
$stmt->bindParam(':ReleaseDate', $ReleaseDate, PDO::PARAM_STR);
$stmt->bindParam(':ReleaseNumber', $ReleaseNumber, PDO::PARAM_STR);
$stmt->bindParam(':SentToAPDate', $SentToAPDate, PDO::PARAM_STR);
$stmt->bindParam(':InvoicerName', $InvoicerName, PDO::PARAM_STR);
$stmt->bindParam(':Status', $Status, PDO::PARAM_INT);
$stmt->bindParam(':HoldReason', $HoldReason, PDO::PARAM_INT);
$stmt->bindParam(':Notes', $Notes, PDO::PARAM_STR);

$stmt->execute();

我也尝试过execute(array(':State => $State ...));我得到同样的错误。

我不知道这究竟意味着什么,但我已经看过其他几个名字相似的问题。据我所知,他们没有回答我的确切问题。

我错过了什么吗?我该如何解决这个问题?

更新

我已根据以下答案更新了我的插入SQL:

$InsertSQL = "insert into reports.NonVarassetInvoices(State, CLLI, Type, Vendor, DateReceived, InvoiceNumber, InvoiceDate, TotalInvoiceAmount, ProjectWONumber, CAF, SentForApprovalDate, Approver
                                                                , ApprovalReceivedDate, ReleaseDate, ReleaseNumber, SentToAPDate, InvoicerName, Status, HoldReason, Notes)
                    select :State, :CLLI, (select Id from pmdb.PicklistChild where ParentId in(select Id from pmdb.PicklistParent where Name = 'NonVInvoiceType') Value = :Type and IsActive = 1)
                        , :Vendor, :DateReceived, :InvoiceNumber, :InvoiceDate, :TotalInvoiceAmount, :ProjectWONumber, :CAF, :SentForApprovalDate, :Approver
                        , :ApprovalReceivedDate, :ReleaseDate, :ReleaseNumber, :SentToAPDate, :InvoicerName
                        , (select Id from pmdb.PicklistChild where ParentId in(select Id from pmdb.PicklistParent where Name = 'NonVStatus') and Value = :Status and IsActive = 1)
                        , (select Id from pmdb.PicklistChild where ParentId in(select Id from pmdb.PicklistParent where Name = 'NonVHoldReason') and Value = :HoldReason and IsActive = 1), :Notes";

现在我收到500 Internal Server Error消息和一个空白屏幕。如果我将Params放入execute语句中,如下所示:

$stmt->execute(array(':State'=>$State,':CLLI'=>$CLLI,':Type'=>$Type,':Vendor'=>$Vendor,':DateReceived'=>$DateReceived,':InvoiceNumber'=>$InvoiceNumber,':InvoiceDate'=>$InvoiceDate
                        ,':TotalInvoiceAmount'=>$TotalInvoiceAmount,':ProjectWONumber'=>$ProjectWONumber
                        ,':CAF'=>$CAF,':SentForApprovalDate'=>$SentForApprovalDate,':Approver'=>$Approver,':ApprovalReceivedDate'=>$ApprovalReceivedDate,':ReleaseDate'=>$ReleaseDate
                        ,':ReleaseNumber'=>$ReleaseNumber,':SentToAPDate'=>$SentToAPDate
                        ,':InvoicerName'=>$InvoicerName,':Status'=>$Status,':HoldReason'=>$HoldReason,':Notes'=>$Notes));

然后我收到此错误:

  

致命错误:未捕获的异常' PDOException' with message' SQLSTATE [42000]:[Microsoft] [SQL Server的ODBC驱动程序11] [SQL Server]语法附近的错误语法'值'

1 个答案:

答案 0 :(得分:0)

你的sql语句实际上没有任何参数;当你引用它们时,它们都是文字字符串:

... where Value = ':Type' ...
                  ^     ^ these need to go

因此,您需要删除占位符周围的所有这些单引号。

除此之外,您只能使用占位符作为值,而不能使用列名,表名等

所以如果没有引号,这将无效:

... select ':State', ':CLLI' ...

如果是可变列名,则需要将它们插入到字符串中,并且为了避免sql注入,您需要首先针对白名单进行检查。

// check all column names agains a white-list
...
// insert them into your string
... select `{$State}`, `{$CLLI}` ...
// etc.
相关问题
最新问题