2
$sql3 = 'SELECT sched_id, date_format(sched_date_time,\'%H:%i\') AS \'Time\'
         FROM schedule
         WHERE (date_format(sched_date_time,\'%Y-%m-%d\') = \':date\') AND
                schedule.film_id = :film_id';

$sth2 = $pdo->prepare($sql3);
$sth2->bindValue(':date', '2021-12-18');
// date_format($date,"%Y-%m-%d")
$sth2->bindValue(':film_id', $row1['film_id']);
$sth2->execute();

I am getting the following error

"Invalid parameter number: number of bound variables does not match number of tokens"

I belive this is being caused by the colon in the variable $sql3 in the SQL Function date_format().

How do I escape the colon so that I can keep it for formatting without the PDO thinking its a declaration for a placeholder?

I have to use \\ before the colon to escape it as per answers in other questions but I continue to get the error.

I am using XAMPP as a portable/temporary development enviroment. XAMPP uses MariaDB as its database.

Slava Rozhnev
  • 9,510
  • 6
  • 23
  • 39
Keelan McCarthy
  • 67
  • 4

1 Answers1

2

To prevent the need to escape quotes, define the SQL statement within double quotes:

$sql3 = "SELECT sched_id, date_format(sched_date_time,'%H:%i') AS 'Time'
FROM schedule
WHERE (date_format(sched_date_time,'%Y-%m-%d') = :date) 
AND schedule.film_id = :film_id";

$sth2 = $pdo->prepare($sql3);
$sth2->bindValue(':date','2021-12-18', PDO::PARAM_STR);
// date_format($date,"%Y-%m-%d")
$sth2->bindValue(':film_id',$row1['film_id'], PDO::PARAM_INT);
$sth2->execute();

As per the bindValue documentation, you can also explicitly set the type of the value.

Jacob Mulquin
  • 3,458
  • 1
  • 19
  • 22
  • 1
    There shouldn't be any need for the `'`s around `:date` inside the SQL string. The database engine will take care of any quoting/escaping of the parameter values if necessary. – ADyson Dec 16 '21 at 22:03
  • Good spot, been a while since I have done PDO stuff. – Jacob Mulquin Dec 16 '21 at 22:06
  • then probably it's not a good idea to answer on the topic – Your Common Sense Dec 16 '21 at 22:09
  • Is the answer incorrect? – Jacob Mulquin Dec 16 '21 at 22:14
  • it's rather misleading because "define the SQL statement within double quotes" doesn't solve any problem, least one incorrectly stated in the question – Your Common Sense Dec 16 '21 at 22:18
  • OK what would be the correct answer in this case? – Jacob Mulquin Dec 16 '21 at 22:24
  • Not reproducible or was caused by a typo. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers. – Your Common Sense Dec 16 '21 at 22:27
  • I disagree. If a future developer is creating these strings with single quotes and they saw this answer it would help them realise that using double quotes is easier as it involves less escaping. More helpful than "you made a typo". – Jacob Mulquin Dec 16 '21 at 22:31
  • again, double quotes are irrelevant to the problem. this suggestion isn't an answer and helps no one. but well, stack overflow is full of this kind of stuff, one more post won't make any difference. – Your Common Sense Dec 16 '21 at 22:35
  • If it helps Keelan McCarthy to start using double quotes for their SQL strings then I would consider it helpful. Indeed this site gets too many questions to be pedantic over a single answer. – Jacob Mulquin Dec 16 '21 at 22:37
  • 2
    Actually switching to double quotes fixed the problem. I am also incorrectly using single quotes around place holders, doing so causes an error and in unnecessary. – Keelan McCarthy Dec 17 '21 at 00:15
  • 1
    Also escaping the single quotes on '%H:%i' made the semi colon apart of the query string leading to the PDO thinking it was a placeholder declaration as a semi colon outside of single quotes in SQL has no value or application as far as I know. PDO clearly has been designed to pick up on this. – Keelan McCarthy Dec 17 '21 at 00:18
  • 1
    @KeelanMcCarthy you took everything wrong. No slash makes it to PDO. It's **taking out single quotes around :date which you mistakenly put there** solved the problem. Whereas again, switching quotes changes ABSOLUTELY NOTHING. [All slashes disappear from the string](https://3v4l.org/svCap). [That's basic PHP syntax](https://www.php.net/manual/en/language.types.string.php). Jacob Mulquin holds no credit for the solution as it was suggested by someone else. And I bear no illusion it will humble some commenter here. – Your Common Sense Dec 17 '21 at 07:05