Invalid parameter number: no parameters were bound when doing an INSERT in MySQL

Navigation
3

I have encountered this problem when doing an INSERT in MySQL. I receive the data from a form that the user completes (it is a textarea to leave comments in the news). In this form I have several buttons enabled to post videos or tweets, and it is in this last case that I am failing.

INSERT I do it this way: 

$statement = $conexion->prepare("INSERT INTO comentarios (tipologia, texto,texto_sin_etiquetas, quien_comenta, en_que_hilo) VALUES (
                                  'noticia',
                                  '$comentario',
                                  '$comentario_plano',
                                  '$quien_comenta',
                                  '$id_noticia'
                                )");
$statement->execute();

Operation is correct except when adding any tweets. In that case, it returns the following error:

  

SQLSTATE [HY093]: Invalid parameter number: no parameters were bound in C: \ xampp \ htdocs \ project \ news.php on line 106

I've checked a few times that all the variables when a tweet is added are correct, and that's the way it is.

If I try to publish a comment without including a tweet, and then I edit it to include one, it is updated without any problem.

I've gotten it to work for me this way: 

$statement = $conexion->prepare("UPDATE comentarios SET texto = :texto, texto_sin_etiquetas = :texto_sin_etiquetas, fecha_edicion = :fecha_edicion, editado_por = :editado_por, veces_editado = veces_editado + 1 WHERE ID = :ID");
$statement->execute(array(
                        ":texto" => $comentario,
                        ":texto_sin_etiquetas" => $comentario_plano,
                        ":fecha_edicion" => $fecha_total_actual,
                        ":editado_por" => $usuario['gamertag'],
                        ":ID" => $id_comentario
                      ));
    
asked by JetLagFox 10.10.2018 в 22:34
source

2 answers

0

I see that the variable "news" is missing the $ of PHP variables, leaving your query 

$statement = $conexion->prepare("INSERT INTO comentarios (tipologia, texto,texto_sin_etiquetas, quien_comenta, en_que_hilo) VALUES (
                              '$noticia', // <= aquí está tu error
                              '$comentario',
                              '$comentario_plano',
                              '$quien_comenta',
                              '$id_noticia'
                            )");
$statement->execute();

Although I recommend that you shield your variables so that in the other answer it indicates that you have a basic security flaw

    
answered by 10.10.2018 в 23:06
0

Your problem in itself can not identify it, as I see everything is correct but not at the same time, you should have a prepared query, if you are using PDO (do not specify this in your question) mi suggestion would be the following; 

$sql = "INSERT INTO comentarios (tipologia, texto,texto_sin_etiquetas, quien_comenta, en_que_hilo) 
VALUES (:tipologia,
        :comentario,
        :comentario_plano,
        :quien_comenta,
        :id_noticia)";

        $statement =$conexion->prepare($sql);
        $statement ->execute(array(":tipologia"=> "noticia", 
                                    ":comentario"=>$comentario,
                                    ":comentario_plano" => $comentario_plano, 
                                    ":quien_comenta" => $quien_comenta,
                                    ":id_noticia" => $id_noticia  ));

Now if you use mysqli : 

$statement = $conn->prepare("INSERT INTO comentarios (tipologia, texto,texto_sin_etiquetas, quien_comenta, en_que_hilo) 
VALUES (:tipologia,
        :comentario,
        :comentario_plano,
        :quien_comenta,
        :id_noticia)");
    $statement ->bindParam(':tipologia', "noticia");
    $statement ->bindParam(':comentario', $comentario);
    $statement ->bindParam(':comentario_plano', $comentario_plano);
    $statement ->bindParam(':quien_comenta', $quien_comenta);
    $statement ->bindParam(':id_noticia', $id_noticia);
    $stmt->execute();

I recommend this for security reasons, you should always avoid passing direct variables in your queries, you never know that it comes within them and we avoid possible injections SQL .

Using the :noticia markers for example, note the 2 points that are prefixed in the VALUES

part

You can further expand on this community question: link

    
answered by 10.10.2018 в 22:59
Angular 6 does not load Jquery when browsing between views Error showing a Flutter image