'SQLSTATE [HY093]：无效的参数号：未定义参数' [重复]答案

【问题标题】：'SQLSTATE[HY093]: Invalid parameter number: parameter was not defined' [duplicate]'SQLSTATE [HY093]：无效的参数号：未定义参数' [重复]
【发布时间】：2017-04-21 19:56:18
【问题描述】：

我不断收到上述错误。这是我的设置：

$InsertSQL = "insert into reports.NonVarassetInvoices(State, CLLI, Type, Vendor, DateReceived, InvoiceNumber, InvoiceDate, TotalInvoiceAmount, ProjectWONumber, CAF, SentForApprovalDate, Approver
            , ApprovalReceivedDate, ReleaseDate, ReleaseNumber, SentToAPDate, InvoicerName, Status, HoldReason, Notes)
select ':State', ':CLLI', (select Id from pmdb.PicklistChild where ParentId in(select Id from pmdb.PicklistParent where Value = ':Type') order by Sequence)
    , ':Vendor', ':DateReceived', ':InvoiceNumber', ':InvoiceDate', :TotalInvoiceAmount, ':ProjectWONumber', ':CAF', ':SentForApprovalDate', ':Approver'
    , ':ApprovalReceivedDate', ':ReleaseDate', ':ReleaseNumber', ':SentToAPDate', ':InvoicerName'
    , (select Id from pmdb.PicklistChild where ParentId in(select Id from pmdb.PicklistParent where Value = ':Status') order by Sequence)
    , (select Id from pmdb.PicklistChild where ParentId in(select Id from pmdb.PicklistParent where Value = ':HoldReason') order by Sequence), ':Notes'";

$stmt = $conn->prepare($InsertSQL);

$stmt->bindParam(':State', $State, PDO::PARAM_STR);
$stmt->bindParam(':CLLI', $CLLI, PDO::PARAM_STR);
$stmt->bindParam(':Type', $Type, PDO::PARAM_INT);
$stmt->bindParam(':Vendor', $Vendor, PDO::PARAM_STR);
$stmt->bindParam(':DateReceived', $DateReceived, PDO::PARAM_STR);
$stmt->bindParam(':InvoiceNumber', $InvoiceNumber, PDO::PARAM_STR);
$stmt->bindParam(':InvoiceDate', $InvoiceDate, PDO::PARAM_STR);
$stmt->bindParam(':TotalInvoiceAmount', $TotalInvoiceAmount, PDO::PARAM_INT);
$stmt->bindParam(':ProjectWONumber', $ProjectWONumber, PDO::PARAM_STR);
$stmt->bindParam(':CAF', $CAF, PDO::PARAM_STR);
$stmt->bindParam(':SentForApprovalDate', $SentForApprovalDate, PDO::PARAM_STR);
$stmt->bindParam(':Approver', $Approver, PDO::PARAM_STR);
$stmt->bindParam(':ApprovalReceivedDate', $ApprovalReceivedDate, PDO::PARAM_STR);
$stmt->bindParam(':ReleaseDate', $ReleaseDate, PDO::PARAM_STR);
$stmt->bindParam(':ReleaseNumber', $ReleaseNumber, PDO::PARAM_STR);
$stmt->bindParam(':SentToAPDate', $SentToAPDate, PDO::PARAM_STR);
$stmt->bindParam(':InvoicerName', $InvoicerName, PDO::PARAM_STR);
$stmt->bindParam(':Status', $Status, PDO::PARAM_INT);
$stmt->bindParam(':HoldReason', $HoldReason, PDO::PARAM_INT);
$stmt->bindParam(':Notes', $Notes, PDO::PARAM_STR);

$stmt->execute();

我也尝试过execute(array(':State => $State ...)); 我得到了同样的错误。

我不知道这到底是什么意思，但我查看了其他几个名称相似的问题。据我所知，他们没有回答我的确切问题。

我错过了什么吗？我该如何解决这个问题？

更新

我已根据以下答案更新了我的插入 SQL：

$InsertSQL = "insert into reports.NonVarassetInvoices(State, CLLI, Type, Vendor, DateReceived, InvoiceNumber, InvoiceDate, TotalInvoiceAmount, ProjectWONumber, CAF, SentForApprovalDate, Approver
                                                                , ApprovalReceivedDate, ReleaseDate, ReleaseNumber, SentToAPDate, InvoicerName, Status, HoldReason, Notes)
                    select :State, :CLLI, (select Id from pmdb.PicklistChild where ParentId in(select Id from pmdb.PicklistParent where Name = 'NonVInvoiceType') Value = :Type and IsActive = 1)
                        , :Vendor, :DateReceived, :InvoiceNumber, :InvoiceDate, :TotalInvoiceAmount, :ProjectWONumber, :CAF, :SentForApprovalDate, :Approver
                        , :ApprovalReceivedDate, :ReleaseDate, :ReleaseNumber, :SentToAPDate, :InvoicerName
                        , (select Id from pmdb.PicklistChild where ParentId in(select Id from pmdb.PicklistParent where Name = 'NonVStatus') and Value = :Status and IsActive = 1)
                        , (select Id from pmdb.PicklistChild where ParentId in(select Id from pmdb.PicklistParent where Name = 'NonVHoldReason') and Value = :HoldReason and IsActive = 1), :Notes";

现在我收到500 Internal Server Error 消息和空白屏幕。如果我像这样将Params 放入执行语句中：

$stmt->execute(array(':State'=>$State,':CLLI'=>$CLLI,':Type'=>$Type,':Vendor'=>$Vendor,':DateReceived'=>$DateReceived,':InvoiceNumber'=>$InvoiceNumber,':InvoiceDate'=>$InvoiceDate
                        ,':TotalInvoiceAmount'=>$TotalInvoiceAmount,':ProjectWONumber'=>$ProjectWONumber
                        ,':CAF'=>$CAF,':SentForApprovalDate'=>$SentForApprovalDate,':Approver'=>$Approver,':ApprovalReceivedDate'=>$ApprovalReceivedDate,':ReleaseDate'=>$ReleaseDate
                        ,':ReleaseNumber'=>$ReleaseNumber,':SentToAPDate'=>$SentToAPDate
                        ,':InvoicerName'=>$InvoicerName,':Status'=>$Status,':HoldReason'=>$HoldReason,':Notes'=>$Notes));

然后我得到这个错误：

致命错误：未捕获的异常“PDOException”，带有消息“SQLSTATE[42000]：[Microsoft][ODBC Driver 11 for SQL Server][SQL Server]'Value' 附近的语法不正确

【问题讨论】：

“值”附近的语法不正确
怎么了？根据我在示例中可以找到的here，它看起来对我来说是正确的。
我知道 SQL 语法。我经常使用它。我只是没有看到错误在我的语法中的位置。我已经为此工作了几个星期，需要一些额外的帮助。我知道我错过了一些东西，只是可以看到它在哪里。

标签： php sql-server pdo bindparam

【解决方案1】：

你的 sql 语句中实际上没有任何参数；当您引用它们时，它们都是文字字符串：

... where Value = ':Type' ...
                  ^     ^ these need to go

因此，您需要删除所有这些围绕占位符的单引号。

除此之外，您只能将占位符用于值，而不能用于列名、表名等。

所以如果没有引号，这也行不通：

... select ':State', ':CLLI' ...

如果是可变列名，您需要将它们插入到字符串中，并且为了避免 sql 注入，您需要先对照白名单检查它们。

// check all column names agains a white-list
...
// insert them into your string
... select `{$State}`, `{$CLLI}` ...
// etc.

【讨论】：

这帮助并让我再次行动起来。我仍然有其他问题需要解决，因为它正在工作。