How to resolve PHP error messages? Although I tried, still no success.

Question

function confirmUserID($session_id, $userid) {
    /* Verify that user is in database */
    $query = "SELECT session_id FROM user_sessions WHERE session_id = '$session_id' AND userid = '$userid'";
    $stmt = $this->db->prepare($query);
    $stmt->execute(array(':userid' => $userid, ':sessionid' => $session_id)); // Error message indicates it is coming from here
    $count = $stmt->rowCount();

    if (!$stmt || $count < 1) {
        return 1; // Indicates username failure  
    }

    $dbarray = $stmt->fetch();

    /* Validate that userid is correct */
    if ($session_id == $dbarray['session_id']) {
        return 0; // Success! Username and userid confirmed
    } else {
        return 2; // Indicates userid invalid
    }
}

我一直收到这个错误信息。

Fatal error: Uncaught PDOException: SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens in C:xampphtdocstintoadminincludesSession.php:129 Stack trace: #0 C:xampphtdocstintoadminincludesSession.php(129): PDOStatement->execute(Array) #1

function confirmUserID($session_id, $userid) {
        /* Verify that user is in database */
        $query = "SELECT session_id FROM user_sessions WHERE session_id = '$session_id' AND userid = '$userid'";
        $stmt = $this->db->prepare($query);
        $stmt = array(':userid' => $userid, ':sessionid' => $session_id); // Error message indicates it is coming from here
$stmt->execute();
        $count = $stmt->rowCount();

        if (!$stmt || $count < 1) {
            return 1; // Indicates username failure  
        }

        $dbarray = $stmt->fetch();

        /* Validate that userid is correct */
        if ($session_id == $dbarray['session_id']) {
            return 0; // Success! Username and userid confirmed
        } else {
            return 2; // Indicates userid invalid
        }
    }

给出了更多的错误提示

Answer 1

You should add a colon (:) before the placeholder and avoid concatenating the $userID and $sessionID variables with the query.

$stmt = $pdo->prepare("SELECT session_id FROM user_sessions WHERE session_id = :session_id AND userid = :userid");
$stmt->execute(['session_id' => $session_id, 'userid' => $userid]); 
$user = $stmt->fetch();