Search code examples
phpmysqlsqlpdo

Fatal error: Uncaught PDOException: SQLSTATE[HY093] (2)

I was working on an edit user page and this error appeared:

Fatal error: Uncaught PDOException: SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match the number of tokens in C:\Program Files\xampp\htdocs\ecommerce\admin\members.php:115 Stack trace: #0 C:\Program Files\xampp\htdocs\ecommerce\admin\members.php(115): PDOStatement->execute(Array) #1 {main} thrown in C:\Program Files\xampp\htdocs\ecommerce\admin\members.php on line 115

<?php
/*


manage members page


*/

session_start();
$pageTitle = 'Members';
if (isset($_SESSION['Username'])) {

    include 'init.php';
    $do = isset($_GET['do']) ? $_GET['do'] : 'manage';
    //start manage page
    if ($do == 'Manage') {
    } elseif ($do == 'Edit') { //edit page
        $userid =  isset($_GET['userid']) && is_numeric($_GET['userid']) ? intval($_GET['userid']) : 0;

        $stmt = $con->prepare("SELECT * FROM users WHERE UserID = ? LIMIT 1");
        $stmt->execute(array($userid));
        $row = $stmt->fetch();
        $count = $stmt->rowCount();

        if ($stmt->rowCount() > 0) {


?>

            <h1 class="text-center">
                Edit Member
            </h1>
            <div class="container">
                <form class="form-horizontal" action="?do=Update" method="POST">
                    <input type="hidden" name="userid" value="<?php echo $userid ?>">
                    <div class="form-group-lg">
                        <label for="" class="col-sm-2 control-label">username</label>
                        <div class="col-sm-10 col-md-4 ">
                            <input type="text" name="username" value="<?php echo $row['Username'] ?>" class="form-control" autocomplete="off">
                        </div>
                    </div>
                    <div class="form-group-lg">
                        <label for="" class="col-sm-2 control-label">Password</label>
                        <div class="col-sm-10 col-md-4 ">
                            <input name="newpassword" type="hidden" value="<?php echo $row['Password'] ?>">
                            <input name="oldpassword" type="password" class="form-control" autocomplete="new-password">
                        </div>
                    </div>
                    <div class="form-group-lg">
                        <label for="" class="col-sm-2 control-label">Email</label>
                        <div class="col-sm-10 col-md-4 ">
                            <input type="email" name="email" value="<?php echo $row['Email'] ?>" class="form-control">
                        </div>
                    </div>

                    <div class="form-group-lg">
                        <label for="" class="col-sm-2 control-label">Full name</label>
                        <div class="col-sm-10 col-md-4 ">
                            <input type="text" name="full" value="<?php echo $row['FullName'] ?>" class="form-control">
                        </div>
                    </div>
                    <div class="form-group-lg">
                        <div class="col-sm-offset-2 col-sm-10 col-md-4 ">
                            <input type="submit" name="submit" value="Save" class="btn-lg btn-primary ">
                        </div>
                    </div>
                </form>
            </div>

<?php
        } else {
            echo 'theres no such id';
        }
    } else if ($do == 'Update') {
        echo "<h1 class='text-center'>Update Member</h1>";
        echo "<div class='container'>";
        if ($_SERVER['REQUEST_METHOD'] == 'POST') {

            $id = $_POST['userid'];
            $user = $_POST['username'];
            $email = $_POST['email'];
            $name = $_POST['full'];
            //password trick
            //condition ? true : false;
            $pass = empty($_POST['newpassword']) ? $_POST['oldpassword'] : sha1($_POST['newpassword']);
            // validate the form
            $formErrors = array();
            if(strlen($user) < 4) {
                $formErrors[] = '<div class="alert alert-danger">username cant be less than <strong>4 characters</strong></div>';
            }
            if(strlen($user) > 20) {
                $formErrors[] = '<div class="alert alert-danger">username cant be more than <strong>20 characters</strong></div>';
            }
            if(empty($user)) {
                $formErrors[] = '<div class="alert alert-danger">username cant be <strong>empty</strong></div>';
            }
            if(empty($name)) {
                $formErrors[] = '<div class="alert alert-danger">fullname cant be <strong>empty</strong></div>';
            }
            if(empty($email)) {
                $formErrors[] = '<div class="alert alert-danger">email cant be <strong>empty</strong></div>';
            }

            foreach($formErrors as $error) {
                echo $error;
            }

            //check if there is no errors proceed the update operation
            if(empty($formErrors)) {

            //update the database

            $stmt = $con->prepare("UPDATE users SET Username = ?, Email = ?, FullName = ? WHERE UserID = ?");
            $stmt->execute(array($user, $email, $name, $pass, $id));

            //echo success message
            echo "<div class='alert alert-success'>$stmt->rowCount() . ' Record updated'</div>";
            }

        } else {
            echo 'sorry you cant browse this page directly';
        }
        echo "</div>";
    }
} else {
    header('Location: index.php');

    exit();
}
Solution 
  • $stmt = $con->prepare("UPDATE users SET Username = ?, Email = ?, FullName = ? WHERE UserID = ?");
        $stmt->execute(array($user, $email, $name, $pass, $id));

    You are missing Password field in your update query. Or remove $pass from the execute array. The count of the arguments are mismatching