So I have a website that will upload a volunteer html form to our php database, I have most of the PHP working but a few main parts.

Part1: PDOStatement::execute(): SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens in /home/petrzilk/public_html/Database/update.php on line 192 I know this means that I have too many tokens because some of the inputs are empty, how do I fix something like this.

Part2: I have sanitized inputs but my arrays of check boxes would no work unless I user $_POST, is that still secure? Everything else is Sanitized and my dates are read in the format YYYY-MM-DD so from my understanding if I sanitize ints it will only keep numbers and addition and subtraction symbols so it should work.

And lastly I just want to make sure that everything I am doing is secure and correct. I am a beginner at this but I want to avoid every volubility I can.


Recommended Answers

All 4 Replies

insert into VolunDB
(fname, middle, lname, address, city, state, zip, county, mailing, hphone, ,mphone, wphone, ext, fax, email, ethgroup, other1, occupation, poe, dob, gender, disastervoln, scounty, other2, vskills, interpt, cdl, cpryn, faid, translate, other3, license1, verf1, num1, exp1, license2, verf2, num2, exp2, license3, verf3, num3, exp3, license4, verf4, num4, exp4, license5, verf5, num5, exp5, lsrd, syes, bcert, pauth, etrain, dist1, tdate1, dist2, tdate2, dist3, tdate3, dist4, tdate4, dist5, tdate5, felony, felonys, ehome, erelationship, ehphone, eaddress, ecity, ezip, hdyhau, bdesc) 
values (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)

The number of question marks should match the number of columns. Start counting ;) Next, the number of bindParam's should match the number of question marks.

The problem is that you use 1 on on all bindParam lines, they should increment.

I did check that, there ae 76 fields and 76 question marks, the reason I feel it is givng the error is because some fields are not filled out, if someone doesn't have anything that fits into something they will leave it blank and so it is an empty variable trying to be added which I don't know if that is why it is causing it to fail. I don't know if there is a way to fix that or if I would have to go into every input statement and check if it is empty and manually add something if it is empty.

Part one works and everything uploads fine now, thanks for point that out Pritaeas, I don't know how I skipped over it. My last question stands though, is that code secure?

You sanitize your input and use parameter binding, so you have a head start.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.