0

I don't get it. Here I have a block of code that's supposed to update a selected row in my DB and I get this error: SQLSTATE[HY093]: Invalid parameter number: no parameters were bound.

$id = $_GET['id'];

$blog = DB::getInstance()->query("SELECT * FROM blog WHERE id=$id");

if (isset($_POST['title'])) {

    try {

        $conn = new PDO('mysql:host=' . Config::get('mysql/host') . ';dbname=' . Config::get('mysql/db'), Config::get('mysql/username'), Config::get('mysql/password'));
        $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

        $title = isset($_POST['title']) ? $_POST['title'] : '';
        $category = isset($_POST['category']) ? $_POST['category'] : '';
        $intro = isset($_POST['intro']) ? $_POST['intro'] : '';
        $body = isset($_POST['body']) ? $_POST['body'] : '';

        $sql = "UPDATE blog SET title='$title', category='$category', intro='$intro', body='$body' WHERE id=$id";

        $result = $conn->prepare($sql);

        $result->execute();

        echo $result->rowCount() . ' record updated successfully';

        Redirect::to('manage_blog.php');

    } catch (PDOException $e) {
        echo $sql . '<br />' . $e->getMessage();
    }
}

Funny thing is, I'm using exactly the same block of code () to update a different table and that works 100%.

$job_id = $_GET['job_id'];

$jobs = DB::getInstance()->query("SELECT * FROM jobs WHERE job_id=$job_id");

if (isset($_POST['job_title'])) {
    try {

        $conn = new PDO('mysql:host=' . Config::get('mysql/host') . ';dbname=' . Config::get('mysql/db'), Config::get('mysql/username'), Config::get('mysql/password'));
        $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

        $job_title = isset($_POST['job_title']) ? $_POST['job_title'] : '';
        $date = isset($_POST['date']) ? $_POST['date'] : '';
        $location = isset($_POST['location']) ? $_POST['location'] : '';
        $type = isset($_POST['type']) ? $_POST['type'] : '';
        $description = isset($_POST['description']) ? $_POST['description'] : '';
        $education = isset($_POST['education']) ? $_POST['education'] : '';
        $experience = isset($_POST['experience']) ? $_POST['experience'] : '';
        $competencies = isset($_POST['competencies']) ? $_POST['competencies'] : '';
        $how_apply = isset($_POST['how_apply']) ? $_POST['how_apply'] : '';

        $sql = "UPDATE jobs SET job_title='$job_title', date='$date', location='$location', type='$type', description='$description', education='$education', experience='$experience', competencies='$competencies', how_apply='$how_apply' WHERE job_id=$job_id";

        $result = $conn->prepare($sql);

        $result->execute();

        echo $result->rowCount() . ' record updated successfully';

        Redirect::to('manage_jobs.php');

    } catch (PDOException $e) {
        echo $sql . '<br />' . $e->getMessage();
    }
}

I'm at a loss for words.

Deon
  • 109
  • 2
  • 13
  • 1
    Use prepared statements properly (see the PDO docs for examples). One of your interpolated variables potentially contains something that looks like a placeholder causing the error. – Jonnix Sep 15 '15 at 14:18
  • It's sorted, thanks. Used proper prepared statments – Deon Sep 15 '15 at 14:27

0 Answers0