Stuck Invalid parameter number: number of bound variables does not match number of tokens

Question

I've been stuck on this for quite a while and I can't seem to find another answer that matches my situation.

In my User Class:

public function register($uFirstName,$uLastName,$uCompany,$uEmail,$uPassword,$uAccess)
{
        try
        {
            $newPassword = password_hash($uPassword, PASSWORD_DEFAULT);

            $stmt = $this->db->prepare("INSERT INTO users(FirstName,LastName,Company,Email,Password,Access) VALUES (:uFirstName,uLastName,uCompany,uEmail,uPassword,uAccess)");

            $stmt->bindparam("uFirstName", $uFirstName);
            $stmt->bindparam("uLastName", $uLastName);
            $stmt->bindparam("uCompany", $uCompany);
            $stmt->bindparam("uEmail", $uEmail);
            $stmt->bindparam("uPassword", $uPassword);
            $stmt->bindparam("uAccess", $uAccess);

            $stmt->execute();

            return $stmt;
        }
        catch(PDOException $e)
        {
            echo $e->getMessage();
        }
}

In my form page:

if(isset($_POST['btn-signup']))
{
    $uFirstName = trim($_POST['regFirstName']);
    $uLastName = trim($_POST['regLastName']);
    $uCompany = trim($_POST['regCompany']);
    $uEmail = trim($_POST['regEmail']);
    $uEmailVerify = trim($_POST['regEmailVerify']);
    $uPassword = trim($_POST['regPassword']);
    $uAccess = 0;

    if ($uEmail != $uEmailVerify) {
        $error = "Emails Don't Match";
    }
    else if (!filter_var($uEmail, FILTER_VALIDATE_EMAIL)) {
        $error = "Please Enter a Valid Email";
    }
    else if (strlen($uPassword) < 6) {
        $error = "Password must be at least 6 characters";
    }
    else {
        try
        {
            $stmt = $DB_con->prepare("SELECT Email FROM users WHERE Email=:uEmail");
            $stmt->execute(array(':uEmail' => $uEmail));

            $row = $stmt->fetch(PDO::FETCH_ASSOC);

            if ($row['Email'] == $uEmail) {
                $error = "Email is Already Registered, Log In Instead";
            }
            else {
                if ($user->register($uFirstName,$uLastName,$uCompany,$uEmail,$uPassword,$uAccess)) {
                    $user->redirect('http://facebook.com');
                }
            }
        }
        catch (PDOException $e)
        {
            echo $e->getMessage();
        }
    }
}

you need to add a colon before each of the bound parameters in the sql, you have one at the start then the reset are missing. You then need to use a colon in the `bindParam(':param',$param)` calls too — Professor Abronsius, Jan 11 '16 at 15:46
@RamRaider not required http://stackoverflow.com/q/9778887/ only in the values are they needed/required *"You then need to use a colon in the bindParam(':param',$param) calls too"* — Funk Forty Niner, Jan 11 '16 at 15:48
Perhaps it works without the colon -I've never tried to be fair but the top answer in the thread to which you linked suggests that it is better to retain the colon than not — Professor Abronsius, Jan 11 '16 at 15:50
@RamRaider it is probably better, but as the core function shows, they're not "required". — Funk Forty Niner, Jan 11 '16 at 15:51
Ah sorry for such a terrible question guys! I've got the Monday fever! — Mr.Smithyyy, Jan 11 '16 at 15:51

score 3 · Accepted Answer · edited May 23 '17 at 11:59

3

Here look at your values

VALUES (:uFirstName,uLastName,uCompany,uEmail,uPassword,uAccess)

you only binded the first one and not the others.

Edit:

I see that you are not using password_verify() in your second piece of code, but only checking if the email exists.

If you have any problems with that, visit one of ircmaxell's answers https://stackoverflow.com/a/29778421/1415724

Pulled from that answer:

And on login:

$sql = "SELECT * FROM users WHERE username = ?";
$stmt = $dbh->prepare($sql);
$result = $stmt->execute([$_POST['username']]);
$users = $result->fetchAll();
if (isset($users[0]) {
    if (password_verify($_POST['password'], $users[0]->password) {
        // valid login
    } else {
        // invalid password
    }
} else {
    // invalid username
}

edited May 23 '17 at 11:59

Community

1
1

answered Jan 11 '16 at 15:49

Funk Forty Niner

74,450
15
68
141

HOLY MOLY I can't believe I missed that. Mondays :( – Mr.Smithyyy Jan 11 '16 at 15:50
2

@Mr.Smithyyy Have an *espresso* on me ;-) Cheers – Funk Forty Niner Jan 11 '16 at 15:51
:) Will accept when I can, thanks for not judging me harshly on this. – Mr.Smithyyy Jan 11 '16 at 15:52
@Mr.Smithyyy No problemo. I made an edit to my answer in regards to passwords. – Funk Forty Niner Jan 11 '16 at 15:53
@Mr.Smithyyy duh, scratch that. I noticed you are using password_hash, will take that out. Edit: done. – Funk Forty Niner Jan 11 '16 at 15:53
Do you recommend password_hash or should I look into one of the others posted above? – Mr.Smithyyy Jan 11 '16 at 15:55
@Mr.Smithyyy yes, password_hash() is the one to use. Stick with that. I deleted my edit. – Funk Forty Niner Jan 11 '16 at 15:55

Stuck Invalid parameter number: number of bound variables does not match number of tokens

1 Answers1