问题
I'm trying to convert this login script from mySql to PDO, and the SELECT statement works fine for user_name but not for password.
The error message displayed is "SQLSTATE[HY093]: Invalid parameter number: parameter was not defined". Do I need to bind $hashedPassword differently for this statement?
<?php
session_start();
//Include database connection details & salt
$password = $_POST['password'];
$hashedPassword = sha1($salt . $password);
try {
$stmt_user = $conn->prepare("SELECT * FROM customer_info WHERE user_name = :user_name and password = :hashedPassword");
$stmt_user->bindValue(':user_name', $_POST['user_name'], PDO::PARAM_STR);
$stmt_user->bindValue(':password', $hashedPassword);
$stmt_user->execute();
session_regenerate_id();
$member = $stmt_user->fetch();
$_SESSION['SESS_USER_ID'] = $member['user_id'];
session_write_close();
header("location: launch_member_account.php");
exit();
}catch(PDOException $e) {
echo $e->getMessage();
}
?>
回答1:
The statement defines a parameter called :hashedPassword, but the bindValue() call uses an unknown parameter called :password.
$stmt_user = $conn->prepare("SELECT * FROM customer_info WHERE user_name = :user_name and password = :hashedPassword");
//---------------------------------------------------------------------------------------------------^^^^^^^^^^^^^^^^^
// Change this to match the statement.
$stmt_user->bindValue(':hashedPassword', $hashedPassword);
It doesn't matter what the parameters are named, as long as they match, so best to just make them consistent across your application.
来源:https://stackoverflow.com/questions/14111958/pdo-error-parameter-was-not-defined-even-though-ive-defined-and-bound-that-pa