php - Uncaught exception 'PDOException' with message 'SQLSTATE[HY093]: Invalid parameter number'

Question

I'm receiving an error whenever I attempt to insert into my database using PDO.

public function save($primaryKey = "") {
        $validate = $this->rules();
        if ($validate === true) {
            $properties = '';
            $values = '';
            $bindings = array();
            $update = '';
            foreach ($this as $property => $value){
                if ($property === "conn") {
                    continue;
                }
                $properties .= $property . ',';
                $values .= ':' . $property . ',';
                $update .= $property . ' = :' . $property . ',';
                $bindings[':'.$property] = $value;
            }
            $sql_string = 'INSERT INTO ' . get_class($this) . ' (' . rtrim($properties, ',') . ') ';
            $sql_string .= 'VALUES (' . rtrim($values, ',') . ') ON DUPLICATE KEY UPDATE ' . rtrim($update, ',') . ';';
            $result = $this->executeQuery(NULL, $sql_string, $bindings);
            $this->buildObject($result);
            if (!empty($primaryKey)) {
                $this->$primaryKey = $this->conn->lastInsertId();
            }
            return $result;
        } else {
            return $validate;
        }
    }

public function executeQuery($object, $sql_string, $bindings = null) {
        $stmt = $this->conn->prepare($sql_string);
        if (!empty($bindings)) {
            if (!$stmt->execute($bindings)) {return false;}
        } else {
            if (!$stmt->execute()) {return false;}
        }
        $result = (!empty($object) ? $stmt->fetchAll(PDO::FETCH_CLASS, $object) : $stmt->fetchAll());
        return (($stmt->rowCount() > 0) ? $result : false);
    }

The save function generates both the query string and the bindings which both seem correct.

query = INSERT INTO am_administrator (firstName,lastName,username,password,email,isSuperUser,dateCreated,dateLastModified) VALUES (:firstName,:lastName,:username,:password,:email,:isSuperUser,:dateCreated,:dateLastModified) ON DUPLICATE KEY UPDATE firstName = :firstName,lastName = :lastName,username = :username,password = :password,email = :email,isSuperUser = :isSuperUser,dateCreated = :dateCreated,dateLastModified = :dateLastModified;

bindings = array(8) { 
[":firstName"]=> string(5) "First" 
[":lastName"]=> string(4) "Last" 
[":username"]=> string(7) "cova-fl" 
[":password"]=> string(8) "password" 
[":email"]=> string(16) "test@testing.com" 
[":isSuperUser"]=> int(1) "1" 
[":dateCreated"]=> string(19) "2016-05-11 02:40:15" 
[":dateLastModified"]=> string(19) "2016-05-11 02:40:15" 
}

Whenever I put the query into workbench I have no problems, but when trying to run it in code I get Fatal Error: Uncaught exception 'PDOException' with message 'SQLSTATE[HY093]: Invalid parameter number' which confuses me since the number of bindings params matches the bindings keys and nummbers. Can anyone enlighten me on this issue?

Answer 1

I think this might be because you have decared each binding twice in the statement e.g. :firstname appears in the VALUES clause as well as the ON DUPLICATE KEY UPDATE clause.

You only pass 8 bindings to the $stmt->execute but PDO is looking for 16.

You could try naming them slightly different in the ON DUPLICATE KEY UPDATE clause giving you a query such as e.g.

INSERT INTO am_administrator (firstName,lastName,username,password,email,isSuperUser,dateCreated,dateLastModified) VALUES (:firstName,:lastName,:username,:password,:email,:isSuperUser,:dateCreated,:dateLastModified) ON DUPLICATE KEY UPDATE firstName = :update_firstName,lastName = :update_lastName,username = :update_username,password = :update_password,email = :update_email,isSuperUser = :update_isSuperUser,dateCreated = :update_dateCreated,dateLastModified = :update_dateLastModified;