在PDO连接中的WHERE子句中使用变量
Hello I am using the followng code to update password, but I need to select which users should I update inside my SQL query there is a WHERE Clause if I put number as id like 23 it is working but I wish this id to come from the POST method which is posting the id also from the form, here is the code in this version it is giving me an error:
`SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens`
and this is the code here
<?php
class Users {
public $password = null;
public $salt = "Zo4rU5Z1YyKJAASY0PT6EUg7BBYdlEhPaNLuxAwU8lqu1ElzHv0Ri7EM6irpx5w";
public function __construct( $data = array() ) {
if( isset( $data['id'] ) ) $this->id = stripslashes( strip_tags( $data['id'] ) );
if( isset( $data['password'] ) ) $this->password = stripslashes( strip_tags( $data['password'] ) );
}
public function storeFormValues( $params ) {
//store the parameters
$this->__construct( $params );
}
public function register() {
$correct = false;
try {
$con = new PDO( DB_DSN, DB_USERNAME, DB_PASSWORD );
$con->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
$sql = "Update users SET password = :password WHERE userID = :id";
$stmt = $con->prepare( $sql );
$stmt->bindValue( "password", hash("sha256", $this->password . $this->salt), PDO::PARAM_STR );
$stmt->execute();
return "Registration Successful <br/> <a href='index.php'>Login Now</a>";
}catch( PDOException $e ) {
return $e->getMessage();
}
}
}
?>
So the question is how to put the posted WHERE userID= :id;
您好我使用followng代码来更新密码,但我需要选择我应该在SQL中更新哪些用户 查询有一个WHERE子句如果我把数字作为id就像23这样工作但我希望这个id来自POST方法,它也是从表单中发布id,这里是这个版本的代码它给了我一个 错误: p>
`SQLSTATE [HY093]:参数号无效:绑定变量数与令牌数不匹配
code> pre>
\ n 这是这里的代码 p>
&lt;?php
class Users {
public $ password = null;
public $ salt =“Zo4rU5Z1YyKJAASY0PT6EUg7BBYdlEhPaNLuxAwU8lqu1ElzHv0Ri7EM6irpx5w “;
公共函数__construct($ data = array()){
if(isset($ data ['id']))$ this-&gt; id = stripslashes(strip_tags($ data ['id']) );
if(isset($ data ['password']))$ this-&gt; password = stripslashes(strip_tags($ data ['password']));
}
公共函数storeFor mValues($ params){
//存储参数
$ this-&gt; __ construct($ params);
}
公共函数register(){
$ correct = false;
try {
$ con = new PDO(DB_DSN,DB_USERNAME,DB_PASSWORD);
$ con&gt; setAttribute(PDO :: ATTR_ERRMODE,PDO :: ERRMODE_EXCEPTION);
$ sql =“更新用户SET密码=:密码WHERE userID =:id“;
$ stmt = $ con&gt; prepare($ sql);
$ stmt-&gt; bindValue(”password“,hash(”sha256“,$ this-&gt; password。 $ this-&gt; salt),PDO :: PARAM_STR);
$ stmt-&gt; execute();
返回“注册成功&lt; br /&gt;&lt; a href ='index .php'&gt;立即登录&lt; / a&gt;“;
} catch(PDOException $ e){
返回$ e-&gt; getMessage();
}
}
}
?&gt;
code> pre>
所以问题是如何把发布的WHERE userID =:id; p>
div>
You forget to bindValue() the id:
$stmt->bindValue( "id",...);
EDIT: I know the Marc B answer was first but I just answered because the John Siniger asked to write the anwer
You never bind a value for :id. You need something like
$stmt->bindValue(':id', $_POST['id']);