'SQLSTATE[HY093]: Invalid parameter number: parameter was not defined'
'SQLSTATE[HY093]: Invalid parameter number: parameter was not defined'
我不断收到上述错误。这是我的设置发生的地方:
$InsertSQL = "insert into reports.NonVarassetInvoices(State, CLLI, Type, Vendor, DateReceived, InvoiceNumber, InvoiceDate, TotalInvoiceAmount, ProjectWONumber, CAF, SentForApprovalDate, Approver
, ApprovalReceivedDate, ReleaseDate, ReleaseNumber, SentToAPDate, InvoicerName, Status, HoldReason, Notes)
select ':State', ':CLLI', (select Id from pmdb.PicklistChild where ParentId in(select Id from pmdb.PicklistParent where Value = ':Type') order by Sequence)
, ':Vendor', ':DateReceived', ':InvoiceNumber', ':InvoiceDate', :TotalInvoiceAmount, ':ProjectWONumber', ':CAF', ':SentForApprovalDate', ':Approver'
, ':ApprovalReceivedDate', ':ReleaseDate', ':ReleaseNumber', ':SentToAPDate', ':InvoicerName'
, (select Id from pmdb.PicklistChild where ParentId in(select Id from pmdb.PicklistParent where Value = ':Status') order by Sequence)
, (select Id from pmdb.PicklistChild where ParentId in(select Id from pmdb.PicklistParent where Value = ':HoldReason') order by Sequence), ':Notes'";
$stmt = $conn->prepare($InsertSQL);
$stmt->bindParam(':State', $State, PDO::PARAM_STR);
$stmt->bindParam(':CLLI', $CLLI, PDO::PARAM_STR);
$stmt->bindParam(':Type', $Type, PDO::PARAM_INT);
$stmt->bindParam(':Vendor', $Vendor, PDO::PARAM_STR);
$stmt->bindParam(':DateReceived', $DateReceived, PDO::PARAM_STR);
$stmt->bindParam(':InvoiceNumber', $InvoiceNumber, PDO::PARAM_STR);
$stmt->bindParam(':InvoiceDate', $InvoiceDate, PDO::PARAM_STR);
$stmt->bindParam(':TotalInvoiceAmount', $TotalInvoiceAmount, PDO::PARAM_INT);
$stmt->bindParam(':ProjectWONumber', $ProjectWONumber, PDO::PARAM_STR);
$stmt->bindParam(':CAF', $CAF, PDO::PARAM_STR);
$stmt->bindParam(':SentForApprovalDate', $SentForApprovalDate, PDO::PARAM_STR);
$stmt->bindParam(':Approver', $Approver, PDO::PARAM_STR);
$stmt->bindParam(':ApprovalReceivedDate', $ApprovalReceivedDate, PDO::PARAM_STR);
$stmt->bindParam(':ReleaseDate', $ReleaseDate, PDO::PARAM_STR);
$stmt->bindParam(':ReleaseNumber', $ReleaseNumber, PDO::PARAM_STR);
$stmt->bindParam(':SentToAPDate', $SentToAPDate, PDO::PARAM_STR);
$stmt->bindParam(':InvoicerName', $InvoicerName, PDO::PARAM_STR);
$stmt->bindParam(':Status', $Status, PDO::PARAM_INT);
$stmt->bindParam(':HoldReason', $HoldReason, PDO::PARAM_INT);
$stmt->bindParam(':Notes', $Notes, PDO::PARAM_STR);
$stmt->execute();
我也试过 execute(array(':State => $State ...)); 我得到了同样的错误。
我不知道这到底是什么意思,但我查看了其他几个具有相似名称的问题。据我所知,他们没有回答我的确切问题。
我错过了什么吗?我该如何解决这个问题?
更新
我已经根据以下答案更新了我的插入 SQL:
$InsertSQL = "insert into reports.NonVarassetInvoices(State, CLLI, Type, Vendor, DateReceived, InvoiceNumber, InvoiceDate, TotalInvoiceAmount, ProjectWONumber, CAF, SentForApprovalDate, Approver
, ApprovalReceivedDate, ReleaseDate, ReleaseNumber, SentToAPDate, InvoicerName, Status, HoldReason, Notes)
select :State, :CLLI, (select Id from pmdb.PicklistChild where ParentId in(select Id from pmdb.PicklistParent where Name = 'NonVInvoiceType') Value = :Type and IsActive = 1)
, :Vendor, :DateReceived, :InvoiceNumber, :InvoiceDate, :TotalInvoiceAmount, :ProjectWONumber, :CAF, :SentForApprovalDate, :Approver
, :ApprovalReceivedDate, :ReleaseDate, :ReleaseNumber, :SentToAPDate, :InvoicerName
, (select Id from pmdb.PicklistChild where ParentId in(select Id from pmdb.PicklistParent where Name = 'NonVStatus') and Value = :Status and IsActive = 1)
, (select Id from pmdb.PicklistChild where ParentId in(select Id from pmdb.PicklistParent where Name = 'NonVHoldReason') and Value = :HoldReason and IsActive = 1), :Notes";
现在我收到 500 Internal Server Error 消息和空白屏幕。如果我像这样将 Params 放入执行语句中:
$stmt->execute(array(':State'=>$State,':CLLI'=>$CLLI,':Type'=>$Type,':Vendor'=>$Vendor,':DateReceived'=>$DateReceived,':InvoiceNumber'=>$InvoiceNumber,':InvoiceDate'=>$InvoiceDate
,':TotalInvoiceAmount'=>$TotalInvoiceAmount,':ProjectWONumber'=>$ProjectWONumber
,':CAF'=>$CAF,':SentForApprovalDate'=>$SentForApprovalDate,':Approver'=>$Approver,':ApprovalReceivedDate'=>$ApprovalReceivedDate,':ReleaseDate'=>$ReleaseDate
,':ReleaseNumber'=>$ReleaseNumber,':SentToAPDate'=>$SentToAPDate
,':InvoicerName'=>$InvoicerName,':Status'=>$Status,':HoldReason'=>$HoldReason,':Notes'=>$Notes));
然后我得到这个错误:
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: [Microsoft][ODBC Driver 11 for SQL Server][SQL Server]Incorrect syntax near 'Value'
您的 sql 语句中实际上没有任何参数;它们都是您引用的文字字符串:
... where Value = ':Type' ...
^ ^ these need to go
因此您需要删除所有这些占位符周围的单引号。
除此之外,您只能对值使用占位符,而不能对列名、table 名称等使用占位符
所以如果没有引号也行不通:
... select ':State', ':CLLI' ...
如果是可变列名,您需要将它们插入字符串中,为了避免 sql 注入,您需要先根据白名单检查它们。
// check all column names agains a white-list
...
// insert them into your string
... select `{$State}`, `{$CLLI}` ...
// etc.
我不断收到上述错误。这是我的设置发生的地方:
$InsertSQL = "insert into reports.NonVarassetInvoices(State, CLLI, Type, Vendor, DateReceived, InvoiceNumber, InvoiceDate, TotalInvoiceAmount, ProjectWONumber, CAF, SentForApprovalDate, Approver
, ApprovalReceivedDate, ReleaseDate, ReleaseNumber, SentToAPDate, InvoicerName, Status, HoldReason, Notes)
select ':State', ':CLLI', (select Id from pmdb.PicklistChild where ParentId in(select Id from pmdb.PicklistParent where Value = ':Type') order by Sequence)
, ':Vendor', ':DateReceived', ':InvoiceNumber', ':InvoiceDate', :TotalInvoiceAmount, ':ProjectWONumber', ':CAF', ':SentForApprovalDate', ':Approver'
, ':ApprovalReceivedDate', ':ReleaseDate', ':ReleaseNumber', ':SentToAPDate', ':InvoicerName'
, (select Id from pmdb.PicklistChild where ParentId in(select Id from pmdb.PicklistParent where Value = ':Status') order by Sequence)
, (select Id from pmdb.PicklistChild where ParentId in(select Id from pmdb.PicklistParent where Value = ':HoldReason') order by Sequence), ':Notes'";
$stmt = $conn->prepare($InsertSQL);
$stmt->bindParam(':State', $State, PDO::PARAM_STR);
$stmt->bindParam(':CLLI', $CLLI, PDO::PARAM_STR);
$stmt->bindParam(':Type', $Type, PDO::PARAM_INT);
$stmt->bindParam(':Vendor', $Vendor, PDO::PARAM_STR);
$stmt->bindParam(':DateReceived', $DateReceived, PDO::PARAM_STR);
$stmt->bindParam(':InvoiceNumber', $InvoiceNumber, PDO::PARAM_STR);
$stmt->bindParam(':InvoiceDate', $InvoiceDate, PDO::PARAM_STR);
$stmt->bindParam(':TotalInvoiceAmount', $TotalInvoiceAmount, PDO::PARAM_INT);
$stmt->bindParam(':ProjectWONumber', $ProjectWONumber, PDO::PARAM_STR);
$stmt->bindParam(':CAF', $CAF, PDO::PARAM_STR);
$stmt->bindParam(':SentForApprovalDate', $SentForApprovalDate, PDO::PARAM_STR);
$stmt->bindParam(':Approver', $Approver, PDO::PARAM_STR);
$stmt->bindParam(':ApprovalReceivedDate', $ApprovalReceivedDate, PDO::PARAM_STR);
$stmt->bindParam(':ReleaseDate', $ReleaseDate, PDO::PARAM_STR);
$stmt->bindParam(':ReleaseNumber', $ReleaseNumber, PDO::PARAM_STR);
$stmt->bindParam(':SentToAPDate', $SentToAPDate, PDO::PARAM_STR);
$stmt->bindParam(':InvoicerName', $InvoicerName, PDO::PARAM_STR);
$stmt->bindParam(':Status', $Status, PDO::PARAM_INT);
$stmt->bindParam(':HoldReason', $HoldReason, PDO::PARAM_INT);
$stmt->bindParam(':Notes', $Notes, PDO::PARAM_STR);
$stmt->execute();
我也试过 execute(array(':State => $State ...)); 我得到了同样的错误。
我不知道这到底是什么意思,但我查看了其他几个具有相似名称的问题。据我所知,他们没有回答我的确切问题。
我错过了什么吗?我该如何解决这个问题?
更新
我已经根据以下答案更新了我的插入 SQL:
$InsertSQL = "insert into reports.NonVarassetInvoices(State, CLLI, Type, Vendor, DateReceived, InvoiceNumber, InvoiceDate, TotalInvoiceAmount, ProjectWONumber, CAF, SentForApprovalDate, Approver
, ApprovalReceivedDate, ReleaseDate, ReleaseNumber, SentToAPDate, InvoicerName, Status, HoldReason, Notes)
select :State, :CLLI, (select Id from pmdb.PicklistChild where ParentId in(select Id from pmdb.PicklistParent where Name = 'NonVInvoiceType') Value = :Type and IsActive = 1)
, :Vendor, :DateReceived, :InvoiceNumber, :InvoiceDate, :TotalInvoiceAmount, :ProjectWONumber, :CAF, :SentForApprovalDate, :Approver
, :ApprovalReceivedDate, :ReleaseDate, :ReleaseNumber, :SentToAPDate, :InvoicerName
, (select Id from pmdb.PicklistChild where ParentId in(select Id from pmdb.PicklistParent where Name = 'NonVStatus') and Value = :Status and IsActive = 1)
, (select Id from pmdb.PicklistChild where ParentId in(select Id from pmdb.PicklistParent where Name = 'NonVHoldReason') and Value = :HoldReason and IsActive = 1), :Notes";
现在我收到 500 Internal Server Error 消息和空白屏幕。如果我像这样将 Params 放入执行语句中:
$stmt->execute(array(':State'=>$State,':CLLI'=>$CLLI,':Type'=>$Type,':Vendor'=>$Vendor,':DateReceived'=>$DateReceived,':InvoiceNumber'=>$InvoiceNumber,':InvoiceDate'=>$InvoiceDate
,':TotalInvoiceAmount'=>$TotalInvoiceAmount,':ProjectWONumber'=>$ProjectWONumber
,':CAF'=>$CAF,':SentForApprovalDate'=>$SentForApprovalDate,':Approver'=>$Approver,':ApprovalReceivedDate'=>$ApprovalReceivedDate,':ReleaseDate'=>$ReleaseDate
,':ReleaseNumber'=>$ReleaseNumber,':SentToAPDate'=>$SentToAPDate
,':InvoicerName'=>$InvoicerName,':Status'=>$Status,':HoldReason'=>$HoldReason,':Notes'=>$Notes));
然后我得到这个错误:
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: [Microsoft][ODBC Driver 11 for SQL Server][SQL Server]Incorrect syntax near 'Value'
您的 sql 语句中实际上没有任何参数;它们都是您引用的文字字符串:
... where Value = ':Type' ...
^ ^ these need to go
因此您需要删除所有这些占位符周围的单引号。
除此之外,您只能对值使用占位符,而不能对列名、table 名称等使用占位符
所以如果没有引号也行不通:
... select ':State', ':CLLI' ...
如果是可变列名,您需要将它们插入字符串中,为了避免 sql 注入,您需要先根据白名单检查它们。
// check all column names agains a white-list
...
// insert them into your string
... select `{$State}`, `{$CLLI}` ...
// etc.