Uncaught PDOException: SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens`

Question

I keep getting an error Uncaught PDOException: SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens at 'password' => $hashedpwd]); (I have marked it in my code as well where the error is as in commented it out)

Full error: Fatal error: Uncaught PDOException: SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens in /srv/disk7/3574321/www/userinfo.mywebcommunity.org/backend/signupbackend.php:78 Stack trace: #0 /srv/disk7/3574321/www/userinfo.mywebcommunity.org/backend/signupbackend.php(78): PDOStatement->execute(Array) #1 {main} thrown in /srv/disk7/3574321/www/userinfo.mywebcommunity.org/backend/signupbackend.php on line 78 I have marked that line as in commented out (line 78) Sorry, I have some other code which I have commented out in my code, so I did removed it before posting here as I am not using it,letting you know cause here I only have 75 lines so people don't get confused. But, I have marked the exact line that I have error in.

I went to through multiple questions on SO, but nothing worked for me. I even checked again, but I am only passing 3 values into INSERT and executing 3 values as well, so I am not sure what am I doing wrong. Can anyone reckon something? Also, my code is for signing up for a user on my website and store their details in database using SQL.

My code:

<?php 
if(isset($_POST["signup_submit"])) {
   
    require "../database_files/database_for_signup.php";
    require "../index.php";

    $username = $_POST['username'];
    $email = $_POST['mail'];
    $password = $_POST['password'];
    $repeatPassword = $_POST['repeatpassword'];

    if (empty($username) || empty($email) || empty($password) || empty($repeatPassword)) {
        header("Location: ../index.php?error=emptyfields&username=" .$username."&mail=" .$email);
        exit();
    } else if(!filter_var($email, FILTER_VALIDATE_EMAIL) && !preg_match("/^[a-zA-Z0-9]*$/",$username)) {
        header("Location: ../index.php?error=invalidmailusername");
       exit();
    } else if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
        header("Location: ../index.php?error=invalidmail&username=".$username);
        exit();
    } else if (!preg_match("/^[a-zA-Z0-9]*$/",$username)) {
        header("Location: ../index.php?error=invalidusername&mail=".$email);
        exit();
    } else if($password != $repeatPassword) {
        header("Location: ../index.php?error=passwordcheck&username=".$username."&mail=".$email);
        exit();
    } else {


        try {
            $sql = $conn->prepare("SELECT username FROM signup_info");
            $sql->bindParam(":username", $_POST['username']);

            $sql->execute();
        } catch(PDOException $e) {

            echo 'Caught exception: ',  $e->getMessage(), "\n";
        }


$resultCheck = $sql->setFetchMode(PDO::FETCH_ASSOC);
        
            if($sql->rowCount() > 0) {
                header("Location: ../index.php?error=usertaken&mail=".$email);
                exit();
            } else {

                try {
                    $sql = $conn->prepare('INSERT INTO signup_info(username, email, `password`) VALUES(:username,:email,:`password`)');

                } catch(PDOException $e) {

                    echo 'Caught exception: ',  $e->getMessage(), "\n";
                }
                  
                    $hashedpwd = password_hash($password, PASSWORD_DEFAULT);
                  

                    $sql->execute(['username' => $username,
                    'email' => $email,
                    'password' => $hashedpwd]);  //error here

  
  $sql->bind_param("sss", $username, $email, $hashedpwd);
  $sql->execute();
                    header("Location: ../index.php?signup=success");
                    exit();
                }
            }
        }
    
           


?>

the way you are reporting errors is wrong. it doesn't tell you **where** the error occurred. **Remove all try catch statements** statements from the code - they are useless and, as you learned the hard way, even harmful. Now you will clearly see the problem is with the SELECT query, not INSERT — Your Common Sense, Sep 12 '20 at 04:39
@YourCommonSense It does tell where the error is: `Fatal error: Uncaught PDOException: SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens in /srv/disk7/3574321/www/userinfo.mywebcommunity.org/backend/signupbackend.php:78 Stack trace: #0 /srv/disk7/3574321/www/userinfo.mywebcommunity.org/backend/signupbackend.php(78): PDOStatement->execute(Array) #1 {main} thrown in /srv/disk7/3574321/www/userinfo.mywebcommunity.org/backend/signupbackend.php on line 78 ` — iachi, Sep 12 '20 at 04:41
There are only 75 lines in your code, and this error message says the error is on the line 78. You get this error from some other file. — Your Common Sense, Sep 12 '20 at 04:43
@YourCommonSense I have bunch of code that I have commented out, and I removed it before posting it here as it's of no use (that code was mysqli not PDO). Also, I try removing try and catch but still have the same error. — iachi, Sep 12 '20 at 04:45
what do you think is this: :` password `? where did you get the idea a placeholder should be written this way? — Your Common Sense, Sep 12 '20 at 04:50
Ah, yeah I have already removed it as it was mentioned in one of the answers, but I still get the same error. — iachi, Sep 12 '20 at 04:53
you don't get "the same" error. all errors are different. your have a pile of errors in your code. so keep fixing them. or, better yet, scratch it all and start over. — Your Common Sense, Sep 12 '20 at 05:26
@YourCommonSense By "same error" I meant it displays the error as I mentioned above in my question even after doing what have been said in comment section and in the answer. — iachi, Sep 12 '20 at 05:29
See. Stack Overflow is not what you think. It is not a service to "make my heavily edited and commented out code work". It's for answering questions. You've got your answer straight. You are supposed to learn what does the error message mean and **use this knowledge** to fix all other similar errors. — Your Common Sense, Sep 12 '20 at 05:46

score 0 · Answer 1 · answered Sep 12 '20 at 04:17

0

the problem of your code isn't there. look at these two lines :

        $sql = $conn->prepare("SELECT username FROM signup_info");
        $sql->bindParam(":username", $_POST['username']);

Your are binding a parameter when you have not any. you must try something like this :

        $sql = $conn->prepare("SELECT username FROM signup_info WHERE username = :username");
        $sql->bindParam(":username", $_POST['username']);

answered Sep 12 '20 at 04:17

Amiros

1

I tried this, but I still have the same error. – iachi Sep 12 '20 at 04:38
@iachi you have another error, I think you shouldn't use `password` with a back quote around it. – Amiros Sep 12 '20 at 04:49

Uncaught PDOException: SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens`

1 Answers1