1

I'm trying to get my query to work for this PHP but I'm getting a "Invalid Parameter Number: number of bound variables do not match number of tokens" This is a snippet of my PHP:

<?php

/*
Our "config.inc.php" file connects to database every time we include or require
it within a php script.  Since we want this script to add a new user to our db,
we will be talking with our database, and therefore,
let's require the connection to happen:
*/
require("configmob.php");

//if posted data is not empty
if (!empty($_POST)) {
//If the username or password is empty when the user submits
//the form, the page will die.
//Using die isn't a very good practice, you may want to look into
//displaying an error message within the form instead.  
//We could also do front-end form validation from within our Android App,
//but it is good to have a have the back-end code do a double check.
if (empty($_POST['FirstName']) || empty($_POST['LastName'])) {


    // Create some data that will be the JSON response 
    $response["success"] = 0;
    $response["message"] = "Please Enter Both a First Name and a Last Name.";

    //die will kill the page and not execute any code below, it will also
    //display the parameter... in this case the JSON data our Android
    //app will parse
    die(json_encode($response));
}

//if the page hasn't died, we will check with our database to see if there is
//already a user with the username specificed in the form.  ":user" is just
//a blank variable that we will change,Spot FROM Reservation WHERE Date = ':Date' AND Time = ':Time' AND Spot = ':Spot' ";
//now lets update what :user should be

$query = "Select * FROM Reservation WHERE Date = ':Date' AND TimeIn = ':TimeIn' AND Spot = ':Spot'"; 
$query_params = array(':Date' => $_POST['Date'] , ':TimeIn' => $_POST['Time'] , ':Spot' => $_POST['Spot']
);

//Now let's make run the query:
try {
    // These two statements run the query against your database table. 
    $stmt   = $db->prepare($query);
    $result = $stmt->execute($query_params);
}
catch (PDOException $ex) {
    // For testing, you could use a die and message. 
    //die("Failed to run query: " . $ex->getMessage());

    //or just use this use this one to product JSON data:
    $response["success"] = 0;
    $response["message"] = $ex->getMessage();
    die(json_encode($response));
}

//fetch is an array of returned data.  If any data is returned,
//we know that the username is already in use, so we murder our
//page
$row = $stmt->fetch();
if ($row) {
    // For testing, you could use a die and message. 
    //die("This username is already in use");

    //You could comment out the above die and use this one:
    $response["success"] = 0;
    $response["message"] = "I'm sorry, this Reservation is already Taken";
    die(json_encode($response));
}

//If we have made it here without dying, then we are in the clear to 
//create a new user.  Let's setup our new query to create a user.  
//Again, to protect against sql injects, user tokens such as :user and :pass
$query = "INSERT INTO Reservation (Fname, Lname, Garno, Gname, EmpID, CustID, License, Floor, Spot, TimeIn, TimeOut, Date, Confirmation)
        VALUES (:Fname, :Lname, :Garno, :Gname, :EmpID, :CustID, :License, :Floor, :Spot, :TimeIn, :TimeOut, :Date, :Confirmation) ";


//Again, we need to update our tokens with the actual data:
$query_params = array(
    ':Fname' => $_POST['FirstName'],
    ':Lname' => $_POST['LastName'],
    ':Gname' => $_POST['Garage'],
    ':Date' => $_POST['Date'],
    ':TimeIn' => $_POST['Time'],
    ':Spot' => $_POST['Spot'],
    ':Confirmation' => $_POST['Confirmation'],

);

//time to run our query, and create the user
try {
    $stmt   = $db->prepare($query);
    $result = $stmt->execute($query_params);
}
catch (PDOException $ex) {
    // For testing, you could use a die and message. 
    //die("Failed to run query: " . $ex->getMessage());

    //or just use this use this one:
    $response["success"] = 0;
    $response["message"] = $ex->getMessage();
    die(json_encode($response));
}

//If we have made it this far without dying, we have successfully added
//a new user to our database.  We could do a few things here, such as 
//redirect to the login page.  Instead we are going to echo out some
//json data that will be read by the Android application, which will login
//the user (or redirect to a different activity, I'm not sure yet..)
$response["success"] = 1;
$response["message"] = "Reservation Added!!";
echo json_encode($response);

//for a php webservice you could do a simple redirect and die.
//header("Location: loginmob.php"); 
//die("Redirecting to loginmob.php");


} else {
?>
<h1>Register</h1> 
<form action="register.php" method="post"> 
    Username:<br /> 
    <input type="text" name="username" value="" /> 
    <br /><br /> 
    Password:<br /> 
    <input type="password" name="password" value="" /> 
    <br /><br /> 
    <input type="submit" value="Register New User" /> 
</form>
<?php
}

?>

Thank you for the help!

Improve this question

1 Answer 1

Reset to default
1

This is what I found in your second statement: 

$query = "Select * FROM Reservation WHERE Date = ':Date' AND TimeIn = ':Time' AND Spot = ':Spot'"; 
$query_params = array(':Date' => $_POST['Date'] , ':TimeIn' => $_POST['Time'] , ':Spot' => $_POST['Spot']
);

Your :TimeIn should be :Time like follows: 

$query_params = array(':Date' => $_POST['Date'] , ':Time' => $_POST['Time'] , ':Spot' => $_POST['Spot']

Update:

Also in your second query you have :Garno missing, please try the following: 

$query = "INSERT INTO Reservation (Fname, Lname, Garno, Gname, EmpID, CustID, License, Floor, Spot, TimeIn, TimeOut, Date, Confirmation)
        VALUES (:Fname, :Lname, :Garno, :Gname, :EmpID, :CustID, :License, :Floor, :Spot, :TimeIn, :TimeOut, :Date, :Confirmation) ";


//Again, we need to update our tokens with the actual data:
$query_params = array(
    ':Fname' => $_POST['FirstName'],
    ':Lname' => $_POST['LastName'],
    ':Garno' => $_POST['Garno'], // Hopefully $_POST['Garno'] is what you want.
    ':EmpID' => $_POST['EmpID'], // Hopefully $_POST['EmpID'] is what you want.
    ':CustID' => $_POST['CustID'], // Hopefully $_POST['CustID'] is what you want.
    ':License' => $_POST['License'], // Hopefully $_POST['License'] is what you want.
    ':Floor' => $_POST['Floor'], // Hopefully $_POST['Floor'] is what you want.
    ':TimeOut' => $_POST['TimeOut'], // Hopefully $_POST['TimeOut'] is what you want.
    ':Gname' => $_POST['Garage'], // You don't need this, remove this.
    ':Date' => $_POST['Date'],
    ':TimeIn' => $_POST['Time'],
    ':Spot' => $_POST['Spot'],
    ':Confirmation' => $_POST['Confirmation'],

);
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

@marcoquezada, please see my update. Make sure you pay attention to this line ':Gname' => $_POST['Garage'],

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.