PDO将不插入到MySQL数据库的非法参数编号：参数没有被定义

Question

Warning: PDOStatement::execute() [pdostatement.execute]: SQLSTATE[HY093]: Invalid parameter number: parameter was not defined

<?php 
$firstname = $_POST['first-name']; 
$lastname = $_POST['last-name']; 
$company = $_POST['company']; 
$email = $_POST['email']; 
$phone = $_POST['phone']; 
$city = $_POST['city']; 
$state = $_POST['state']; 
$zip = $_POST['zip']; 
$country = $_POST['country']; 
$type = $_POST['type']; 
$source = "IP-Demo"; 

// query 
$sql = "INSERT INTO Contact (first-name,last-name,Company,email,phone,city,state,zip,country,type,source) 
    VALUES (:first-name,:last-name,:Company,:email,:phone,:city,:state,:zip,:country,:type,:source)"; 

$q = $conn->prepare($sql); 
$q->execute(array(
    ':first-name'=>$firstname, 
    ':last-name'=>$lastname, 
    ':Company'=>$company, 
    ':email'=>$email, 
    ':phone'=>$phone, 
    ':city'=>$city, 
    ':state'=>$state, 
    ':zip'=>$zip, 
    ':country'=>$country, 
    ':type'=>$type, 
    ':source'=>$source 
)); 

Answer 1

查询包含几个对象名称是需要反引号引用，至少这些：

• first-name
• last-name
• type

编辑：顺便说一句，只是想你的代码和prepare()失败：

PHP Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-name,last-name,Company,email,phone,city,state,zip,country,type,source)

Answer 2

你的语句假定type作为保留字，而不是列名称，以便给10列和11个PARAMS

尝试集在`字符前面和列名的末尾

Answer 3

当使用real db abstraction库，而不是说不方便和有限的PDO ，所有的代码将只是几行。更不用说它永远不会失败，因为像被遗忘的报价这样愚蠢的理由。

$allowed = explode(',','first-name,last-name,Company,email,phone,city,state,zip,country,type'); 
$data = $db->filterArray($_POST,$allowed); 
$db->query("INSERT INTO Contact SET ?u", $data);