#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2012
    Posts
    11
    Rep Power
    0

    Failed to run query


    hey everyone, i have this script that E-Oreo has up and am trying to remove a part of it but am having some problems doing so. At this time it has update your email and password, i want to take out the update email and only have it update password but i keep getting this error. (Failed to run query: SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens)

    unedited script
    PHP Code:
    <?php
    require("common.php");
    if(empty(
    $_SESSION['user']))
    {
    header("Location: login.php");
    die(
    "Redirecting to login.php");
    }
    if(!empty(
    $_POST))
    {
    if(!
    filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))
    {
    die(
    "Invalid E-Mail Address");
    }
    if(
    $_POST['email'] != $_SESSION['user']['email'])
    {
    $query "
    SELECT
    1
    FROM users
    WHERE
    email = :email
    "
    ;
    $query_params = array(
    ':email' => $_POST['email']
    );
    try
    {
    $stmt $db->prepare($query);
    $result $stmt->execute($query_params);
    }
    catch(
    PDOException $ex)
    {
    die(
    "Failed to run query: " $ex->getMessage());
    }
    $row $stmt->fetch();
    if(
    $row)
    {
    die(
    "This E-Mail address is already in use");
    }
    }
    if(!empty(
    $_POST['password']))
    {
    $salt dechex(mt_rand(02147483647)) . dechex(mt_rand(02147483647));
    $password hash('sha256'$_POST['password'] . $salt);
    for(
    $round 0$round 65536$round++)
    {
    $password hash('sha256'$password $salt);
    }
    }
    else
    {
    $password null;
    $salt null;
    }
    $query_params = array(
    ':email' => $_POST['email'],
    ':user_id' => $_SESSION['user']['id'],
    );
    if(
    $password !== null)
    {
    $query_params[':password'] = $password;
    $query_params[':salt'] = $salt;
    }
    $query "
    UPDATE users
    SET
    email = :email
    "
    ;
    if(
    $password !== null)
    {
    $query .= "
    , password = :password
    , salt = :salt
    "
    ;
    }
    $query .= "
    WHERE
    id = :user_id
    "
    ;
    try
    {
    $stmt $db->prepare($query);
    $result $stmt->execute($query_params);
    }
    catch(
    PDOException $ex)
    {
    die(
    "Failed to run query: " $ex->getMessage());
    }
    $_SESSION['user']['email'] = $_POST['email'];
    header("Location: private.php");
    die(
    "Redirecting to private.php");
    }
    ?>
    edited script
    PHP Code:
    <?php
    require("common.php");
    if(empty(
    $_SESSION['user']))
    {
    header("Location: login.php");
    die(
    "Redirecting to login.php");
    }
    if(!empty(
    $_POST))
    {
    if(!empty(
    $_POST['password']))
    {
    $salt dechex(mt_rand(02147483647)) . dechex(mt_rand(02147483647));
    $password hash('sha256'$_POST['password'] . $salt);
    for(
    $round 0$round 65536$round++)
    {
    $password hash('sha256'$password $salt);
    }
    }
    else
    {
    $password null;
    $salt null;
    }
    $query_params = array(

    ':user_id' => $_SESSION['user']['id'],
    );
    if(
    $password !== null)
    {
    $query_params[':password'] = $password;
    $query_params[':salt'] = $salt;
    }
    $query "
    UPDATE users
    SET
    email = :email
    "
    ;
    if(
    $password !== null)
    {
    $query .= "
    , password = :password
    , salt = :salt
    "
    ;
    }
    $query .= "
    WHERE
    id = :user_id
    "
    ;
    try
    {
    $stmt $db->prepare($query);
    $result $stmt->execute($query_params);
    }
    catch(
    PDOException $ex)
    {
    die(
    "Failed to run query: " $ex->getMessage());
    }
    header("Location: private.php");
    die(
    "Redirecting to private.php");
    }
    ?>
  2. #2
  3. Did you steal it?
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    14,071
    Rep Power
    9398
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2012
    Posts
    11
    Rep Power
    0
    i don't want the email im trying to take it out of the code but am having problems doing so thanks for the reply.
  6. #4
  7. Did you steal it?
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    14,071
    Rep Power
    9398
    Right. You told it to use an email
    PHP Code:
    $query 
    UPDATE users 
    SET 
    email = :email 
    "

    but didn't give one. That's the problem.


    The only other fields you're updating are inside an if block. If that's not true then you'll end up building a query that doesn't update any fields (and is invalid). Rework the logic so that the query only gets built in the first place if that condition is true. Then you can simply
    PHP Code:
    $query 
    UPDATE users 
    SET 
    password = :password,
    salt = :salt
    WHERE 
    id = :user_id
    "


IMN logo majestic logo threadwatch logo seochat tools logo