3 
 $stmt = $conn->prepare("INSERT INTO user VALUES ('',:username,md5(:password),'',1,'','',:email,'',0,0,'',:cover,:dateofbirthYear:dateofbirthMonth:dateofbirthDay,NOW(),:sex,:country)");
 $stmt->execute(array(
  ':username'   => $username,
  ':password' => $password,
  ':email'   => $email,
  ':cover' => $cover,
  ':dateofbirthYear'   => $dateofbirthYear,
  ':dateofbirthMonth' => $dateofbirthMonth,
  ':dateofbirthDay'   => $dateofbirthDay,
  ':sex' => $sex,
  ':country'   => $country 
    ));

由于某种原因,此插入语句不起作用。我是 PDO 的新手,所以我不太了解它。我究竟做错了什么?

这个声明给了我这个错误:

致命错误:未捕获的异常“PDOException”和消息“SQLSTATE [HY093]:无效的参数号:绑定变量的数量与 /home/manga/public_html/new/register.php:80 中的令牌数量不匹配”堆栈跟踪:
# 0 /home/manga/public_html/new/register.php(80): PDOStatement->execute(Array)
#1 {main} 在第 80 行的 /home/manga/public_html/new/register.php 中抛出

4

3 回答 3

7

您以错误的方式准备了查询

INSERT INTO user VALUES ('',:username,md5(:password),'',1,'','',:email,'',0,0,'',
:cover,:dateofbirthYear:dateofbirthMonth:dateofbirthDay,NOW(),:sex,:country
     // ^ These need to either single or separated

对于你正在尝试的东西,你可以这样做

//Prepare the date of birth earlier
$dob = $dateofbirthYear.$dateofbirthMonth.$dateofbirthDay;

//Then pass it as a single $variable

$stmt = $conn->prepare("INSERT INTO user VALUES ('',:username,md5(:password),'',1,'','',:email,'',0,0,'',:cover,:dob,NOW(),:sex,:country)");
 $stmt->execute(array(
  ':username'   => $username,
  ':password' => $password,
  ':email'   => $email,
  ':cover' => $cover,
  ':dob'   => $dob, // <-- Problem solved
  ':sex' => $sex,
  ':country'   => $country 
    ));
 // Then it will execute
于 2013-03-09T22:42:54.883 回答
2

您收到的确切错误消息是:

SQLSTATE[HY093]:无效的参数号:绑定变量的数量与标记的数量不匹配

这意味着您传递的参数的数量/名称(array()in )与您在SQL 查询execute中拥有的参数的数量/名称不匹配。prepare()

如果将其与包含的其他问题进行比较,SQLSTATE[HY093]您会发现它通常与难以阅读的大且格式错误的代码有关。这让人很难计算。然后你对某事有疏忽,然后错误就发生了。

只需修复它并完成,例如,您不能使用三个名称中的一个参数:

,:dateofbirthYear:dateofbirthMonth:dateofbirthDay,

相反,只需为生日传递一个参数:

, :dateofbirth,

您还可以使您的代码更具可读性:

$stmt = $conn->prepare(
    "INSERT INTO user
     VALUES (
        '', :username, md5(:password), '', 1, '', '', :email, '', 0, 0, '',
        :cover, :dateofbirth, NOW(), :sex, :country
     )"
);
$stmt->execute(array(
    ':username'    => $username,
    ':password'    => $password,
    ':email'       => $email,
    ':cover'       => $cover,
    ':dateofbirth' => $dateofbirthYear . $dateofbirthMonth . $dateofbirthDay,
    ':sex'         => $sex,
    ':country'     => $country
));

然后你有一个密码哈希的安全问题:

md5(:password)

而是进行正确的密码散列,请参阅有关安全密码散列的 PHP 常见问题解答

于 2013-03-09T22:39:10.930 回答
-2

更正了准备好的查询:

$stmt = $conn->prepare("INSERT INTO user VALUES ('',:username,md5(:password),'',1,'','',:email,'',0,0,'',:cover,:dateofbirthYear,:dateofbirthMonth:,dateofbirthDay,NOW(),:sex,:country)");
//:dateofbirthYear,:dateofbirthMonth:,dateofbirthDay place holders are seprated 

$stmt->execute(array(
 ':username'   => $username,
  ':password' => $password,
  ':email'   => $email,
  ':cover' => $cover,
  ':dateofbirthYear'   => $dateofbirthYear,
  ':dateofbirthMonth' => $dateofbirthMonth,
  ':dateofbirthDay'   => $dateofbirthDay,
  ':sex' => $sex,
  ':country'   => $country 
));
于 2017-06-24T19:53:02.627 回答