0

getting error for mysql when i am using if else in there. i dont know what should i do and when i am using duplicate condition to update then it not woring i am not be able to find where is error

this is the error which is i am getting.

ERROR:SQLSTATE[HY093]: Invalid parameter number: parameter was not defined 

try {
$conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$stmt=$conn->prepare("SELECT uniqueid FROM hotelcarttemp WHERE uniqueid=:uniqueid");
$stmt->execute(array(':uniqueid'=>$uniqueid));
$count=$stmt1->rowCount();
echo "count-".$count;
if($count>0)
   {
    $sql = "UPDATE hotelcarttemp SET `hotelname`='".$hotelname."',`roomtype`='".$roomtype."',`checkin`='".$checkin."',`checkout`='".$checkout."',`Country`='".$Country."',`Destination`='".$Destination."',`price`='".$price."' WHERE uniqueid='".$uniqueid."'";
    echo "sql- ".print_r($sql);
        $stmt = $conn->prepare($sql);
        // echo print_r($stmt);
        $stmt->execute();
   }
   else
   {
       $sql = "INSERT INTO hotelcarttemp (timestamp, packageid, uniqueid, hotelname, roomtype, checkin, checkout, Country, Destination, hoteldetail, price)
        VALUES ('"  
        .$timestamp."','"
        .$packageid."','"
        .$uniqueid."','"
        .$hotelname."','"
        .$roomtype."','"
        .$checkin."','"
        .$checkout."','"
        .$Country."','"
        .$Destination."','"
        .addslashes($hoteldetail)."','"
        .$price."'
        )"; 
        // echo "sql- ".print_r($sql);
        $stmt = $conn->prepare($sql);
        // echo print_r($stmt);
        $stmt->execute();
   }
}
catch(PDOException $e) {
  echo 'ERROR:' . $e->getMessage();
} here
Improve this question
2
  • 1
    $stmt->execute(array(':username'=>$uniqueid)); You defined to wrong parameter. Commented Apr 14, 2016 at 12:53
  • 1
    Still velnerable for sql injection. You don't use the parameterized queries as you should be doing. Use the bind-param function Commented Apr 14, 2016 at 12:58

1 Answer 1

Reset to default
1

Your SELECT query where condition is WHERE uniqueid=:uniqueid

And you are binding username to it

$stmt->execute(array(':username'=>$uniqueid));//:username invalid parameter

Change this to

$stmt->execute(array(':uniqueid'=>$uniqueid));
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.