SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens on line 102

You didn’t bind all your bindings here

$sql = "SELECT SQL_CALC_FOUND_ROWS *, UNIX_TIMESTAMP(publicationDate) AS publicationDate     FROM comments WHERE articleid = :art 
ORDER BY " . mysqli_escape_string($order) . " LIMIT :numRows";

$st = $conn->prepare( $sql );
$st->bindValue( ":art", $art, PDO::PARAM_INT );

You’ve declared a binding called :numRows but you never actually bind anything to it.

UPDATE 2019: I keep getting upvotes on this and that reminded me of another suggestion

Double quotes are string interpolation in PHP, so if you’re going to use variables in a double quotes string, it’s pointless to use the concat operator. On the flip side, single quotes are not string interpolation, so if you’ve only got like one variable at the end of a string it can make sense, or just use it for the whole string.

In fact, there’s a micro op available here since the interpreter doesn’t care about parsing the string for variables. The boost is nearly unnoticable and totally ignorable on a small scale. However, in a very large application, especially good old legacy monoliths, there can be a noticeable performance increase if strings are used like this. (and IMO, it’s easier to read anyway)

Related Posts:

  1. PDO with INSERT INTO through prepared statements
  2. Creating a search form in PHP to search a database?
  3. How can I do ‘insert if not exists’ in MySQL?
  4. Commands out of sync; you can’t run this command now
  5. How can I do ‘insert if not exists’ in MySQL?
  6. Fatal error: Call to a member function query() on null
  7. How to log in to phpMyAdmin with WAMP, what is the username and password?
  8. Should I use mysqli_real_escape string() or mysql_real_escape_string() for form data?
  9. Fatal error: Call to undefined function mysql_connect()
  10. PDOException SQLSTATE[HY000] [2002] No such file or directory
  11. http://localhost:80 is not working on running Apache server through UniServer ZeroXIII
  12. PDOException SQLSTATE[HY000] [2002] No such file or directory
  13. Mysql query- How to use contains?
  14. Data source name not found, and no default driver specified
  15. mysqli_fetch_array() expects parameter 1 to be mysqli_result, boolean given in
  16. Invalid column count in CSV input on line 1 Error
  17. Invalid column count in CSV input on line 1 Error
  18. $wpdb->update or $wpdb->insert results in slashes being added in front of quotes
  19. phpMyAdmin: secret passphrase?
  20. PDO bindParam() with prepared statement isn’t working
  21. Forbidden :You don’t have permission to access /phpmyadmin on this server
  22. Fatal error: Call to a member function bind_param() on boolean [duplicate]
  23. MySqli Commands out of sync; you can’t run this command now
  24. Trying to get property of non-object in
  25. Fix Access denied for user ‘root’@’localhost’ for phpMyAdmin
  26. Getting connection failed: php_network_getaddresses: getaddrinfo failed: Name or service not known
  27. Lost connection to MySQL server at ‘reading initial communication packet’, system error: 0
  28. Cannot simply use PostgreSQL table name (“relation does not exist”)
  29. PHP with MySQL 8.0+ error: The server requested authentication method unknown to the client
  30. How can I prevent SQL injection in PHP?
  31. SQLSTATE[HY093]: Invalid parameter number: parameter was not defined
  32. SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax — PHP — PDO [duplicate]
  33. Object of class DateTime could not be converted to string
  34. What does it mean to escape a string?
  35. Convert from MySQL datetime to another format with PHP
  36. MAMP “Apache couldn’t be started because port is in use.” AND “Can’t connect to local MySQL server through /tmp/mysql.sock
  37. mysqli::query(): Couldn’t fetch mysqli
  38. Unexpected Exception: SQLSTATE[HY000] [1045] Access denied for user ****@’localhost’ (using password: YES)
  39. Uncaught Error: Call to undefined function mysql_escape_string()
  40. Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in
  41. Call to a member function on null?
  42. Warning: mysqli_query() expects parameter 1 to be mysqli, resource given
  43. MySQL query to get column names?
  44. What does MYSQLI_NUM mean and do?
  45. Mysql where id is in array
  46. ERROR: SQLSTATE[HY000] [2002] No connection could be made because the target machine actively refused it
  47. What is the advantage of using try {} catch {} versus if {} else {}
  48. select * from table where column = value ^ column2= value
  49. Deprecated: mysql_query() [duplicate]
  50. No query results for model [App\Products] Laravel
  51. mysqlworkbench giving version error on exporting database
  52. How to make DROP INDEX IF EXISTS for mysql?
  53. What is the meaning of sprintf(): Too few arguments
  54. Having a problem getting mysqli_query to execute
  55. CodeIgniter: Unable to connect to your database server using the provided settings Error Message
  56. Can I store images in MySQL 
  57. MySQL Daemon Failed to Start – centos 6
  58. How to insert TIMESTAMP into my MySQL table?
  59. How to remove index.php from WordPress site URL
  60. PHP Like thing similar to MySQL Like, for if statement?
  61. How get value from URL
  62. How to use Memcached with PHP7?
  63. select count(*) from table of mysql in php
  64. You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ””)’ at line 2
  65. Transaction when using WP functions rather than vanilla SQL?
  66. How to get the list of WooCommerce product image of a certain category from database?
  67. How to make WordPress plugin check for database changes and then do something?
  68. How to Join two tables from separate databases within WordPress
  69. Would manually deleting the dumping data fix a “#1062 – Duplicate entry ‘1’ for key ‘PRIMARY'” phpMyAdmin error?
  70. register_activation_hook isn’t adding table to DB
  71. What SQL / WordPress queries would need a nonce?
  72. Importing Geo data into wordpress database
  73. WP_Query adds “(wp_posts.ID = ‘0’)” so no results are returned
  74. $wpdb->insert() does not Insert record in a table
  75. Use $wpdb or other PHP script method to find/replace in WP database
  76. How can I add a new row in a separate database when someone registers via WordPress?
  77. Pull MySQL data from multiple tables and merge into 1 PHP array
  78. Use variable in SQL statement
  79. mySQL queries are executed twice on wordpress website
  80. making php value numeric
  81. Database SQL query error
  82. How to run complex query using PHP
  83. How to get database connection details without longing to cpanel in WordPress?
  84. Inserting other fields to existing registration form in a WordPress theme
  85. SQL Query Search page
  86. can’t delete a row from post_meta table
  87. Conditional statement within WP SQL query
  88. Email Not Sending from Byethost Hosting
  89. php get all url variables
  90. How to remove unused dependencies from composer?
  91. Call PHP function from jQuery?
  92. PhpMailer SMTP NOTICE: EOF caught while checking if connected
  93. Check if $_POST exists
  94. Delete post revisions on post publish
  95. How to write one comment and publish on every post using database or plugin?
  96. get_posts() and WP_query limits ‘AND’ conditions to a maximum of 6 for meta value queries in WordPress
  97. How to use AJAX in WordPress in MYSQL query?
  98. WP_Query: How to get results from both meta_key options?
  99. Store GA Client ID in User DB
  100. Need help with format of nested array in MySQL

Leave a Comment