-1

警告:PDOStatement::execute() [pdostatement.execute]: SQLSTATE[HY093]: 参数号无效:参数未定义

<?php
$firstname = $_POST['first-name'];
$lastname = $_POST['last-name'];
$company = $_POST['company'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$city = $_POST['city'];
$state = $_POST['state'];
$zip = $_POST['zip'];
$country = $_POST['country'];
$type = $_POST['type'];
$source = "IP-Demo";

// query
$sql = "INSERT INTO Contact (first-name,last-name,Company,email,phone,city,state,zip,country,type,source)
    VALUES (:first-name,:last-name,:Company,:email,:phone,:city,:state,:zip,:country,:type,:source)";

$q = $conn->prepare($sql);
$q->execute(array(
    ':first-name'=>$firstname,
    ':last-name'=>$lastname,
    ':Company'=>$company,
    ':email'=>$email,
    ':phone'=>$phone,
    ':city'=>$city,
    ':state'=>$state,
    ':zip'=>$zip,
    ':country'=>$country,
    ':type'=>$type,
    ':source'=>$source
));
4

3 回答 3

1

您的查询包含几个需要反引号的对象名称,至少是这些:

  • first-name
  • last-name
  • type

编辑:顺便说一句,刚刚尝试了您的代码并prepare()失败了:

PHP 致命错误:未捕获异常 'PDOException' 并带有消息 'SQLSTATE[42000]:语法错误或访问冲突:1064 您的 SQL 语法有错误;检查与您的 MySQL 服务器版本相对应的手册,以获取在 '-name,last-name,Company,email,phone,city,state,zip,country,type,source) 附近使用的正确语法

于 2013-04-04T14:45:05.020 回答
0

您的语句假定type为保留字而不是列名,因此它提供 10 列和 11 个参数

尝试在列名的前面和末尾设置`字符

于 2013-04-04T14:42:57.007 回答
0

当使用一个真正的 db 抽象库而不是那个不方便和有限的 PDO 时,所有的代码将只有几行。更不用说它永远不会因为忘记报价这样愚蠢的原因而失败。

$allowed = explode(',','first-name,last-name,Company,email,phone,city,state,zip,country,type');
$data = $db->filterArray($_POST,$allowed);
$db->query("INSERT INTO Contact SET ?u", $data);
于 2013-04-04T15:14:39.870 回答