Search code examples
phpexecutionexecute

Warning: PDOStatement::execute() [pdostatement.execute]: SQLSTATE[HY093]: Invalid parameter number: parameter was not defined in


Code is listed below:

<?php 
    class User {
         protected $pdo;enter code here

         function __construct($pdo){
            $this->pdo = $pdo;
         }
    public function checkInput($var){
           $var = htmlspecialchars($var);
           $var = trim($var);
           $var = stripcslashes($var);
           return $var;
    }

    public function login($email,$password){
        $stmt = $this->pdo->prepare("SELECT 'user_id' FROM 'users' WHERE 'email' = :email AND 'password' = :password");
        $stmt->bindParam(":user_id", $user_id, PDO::PARAM_STR);
        $stmt->bindParam(":password", $password, PDO::PARAM_STR);
        $stmt->execute();

        $user = $stmt->fetch(PDO::FETCH_OBJ);
        $count = $stmt->rowCount();

        if($count > 0){
            $_SESSION['user_id'] = $user->user_id;
            header('Location: home.php');
        }else{
            return false;
        }
    }    
    }
?>

Solution

  • You have synatax error in your query and you are trying to pass wrong param.where is your $user_id so it should be $email because you are receiving $email and $password

    Change

    $stmt->bindParam(":user_id", $user_id, PDO::PARAM_STR);
    

    With

    $stmt->bindParam(":email", $email, PDO::PARAM_STR);
    

    And Change

    $stmt = $this->pdo->prepare("SELECT 'user_id' FROM 'users' WHERE 'email' = :email AND 'password' = :password");
    

    With

    $stmt = $this->pdo->prepare("SELECT user_id FROM users WHERE email = :email AND password = :password");