function confirmUserID($session_id, $userid) {
/* Verify that user is in database */
$query = "SELECT session_id FROM user_sessions WHERE session_id = '$session_id' AND userid = '$userid'";
$stmt = $this->db->prepare($query);
$stmt->execute(array(':userid' => $userid, ':sessionid' => $session_id)); // Error message indicates it is coming from here
$count = $stmt->rowCount();
if (!$stmt || $count < 1) {
return 1; // Indicates username failure
}
$dbarray = $stmt->fetch();
/* Validate that userid is correct */
if ($session_id == $dbarray['session_id']) {
return 0; // Success! Username and userid confirmed
} else {
return 2; // Indicates userid invalid
}
}
i keep getting his error message
Fatal error: Uncaught PDOException: SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens in C:xampphtdocstintoadminincludesSession.php:129 Stack trace: #0 C:xampphtdocstintoadminincludesSession.php(129): PDOStatement->execute(Array) #1
function confirmUserID($session_id, $userid) {
/* Verify that user is in database */
$query = "SELECT session_id FROM user_sessions WHERE session_id = '$session_id' AND userid = '$userid'";
$stmt = $this->db->prepare($query);
$stmt = array(':userid' => $userid, ':sessionid' => $session_id); // Error message indicates it is coming from here
$stmt->execute();
$count = $stmt->rowCount();
if (!$stmt || $count < 1) {
return 1; // Indicates username failure
}
$dbarray = $stmt->fetch();
/* Validate that userid is correct */
if ($session_id == $dbarray['session_id']) {
return 0; // Success! Username and userid confirmed
} else {
return 2; // Indicates userid invalid
}
}
gave even more errors
2
Answers
You should add ‘:’ before the placeholder and avoid concatenating the $userID and $sessionID variables to the query.
Check here for more examples.
It seems like you have an error in your code where you’re trying to prepare and execute an SQL query using prepared statements but you’re mixing up different ways of binding parameters. In your provided code, you’re trying to use an array to bind parameters, which is incorrect. Additionally, there seems to be an issue with the variable names being used. Let’s correct the code:
Here are the changes made to the code:
The parameter binding is done using the bindParam method of the prepared statement. This is the correct way to bind parameters in PDO.
The placeholders :sessionid and :userid are used consistently in the query and in the parameter binding.
The condition for checking the count is corrected to $count < 1 (less than 1) to indicate a failure if no rows are returned from the database.
The comment "Validate that userid is correct" is changed to "Validate that session_id is correct" to reflect what the code is doing.
Please make sure that you have a valid database connection ($this->db) established before calling this function. Also, ensure that the column names in the SQL query (session_id and userid) match the actual column names in your database table.