After posting this question MySQL update or insert or die query I’ve change to using PDO but I’m having some issues using the on duplicate key update phrase.
Here’s an example of my array data
array(114) {
["fname"]=>
string(6) "Bryana"
["lname"]=>
string(6) "Greene"
["m080"]=>
string(1) "c"
["t080"]=>
string(1) "-"
["w080"]=>
string(1) "-"
["r080"]=>
["notes"]=>
string(4) "yoyo"}
In reality there are 113 fields but I didn’t want to waste the space showing them all here. I’m currently trying to INSERT/UPDATE into my database via the following code
try {
$dbh = new PDO('login info here');
$dbh->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
$stmt = $dbh->prepare(
'INSERT INTO fhours ('.implode(",", array_keys($faculty)).')'.
' VALUES (:'.implode(",:", array_keys($faculty)).')'.
' ON DUPLICATE KEY UPDATE :fieldlist');
$stmt->bindParam(':field_list', $field_list);
foreach($faculty as $key=>$val){
$stmt->bindParam(':'.$key, $val);
$fields[] = sprintf("%s = :%s", $key, $key);
}
$field_list = join(',', $fields);
//echo $stmt->debugDumpParams();
$stmt->execute();
}
catch(PDOException $e){
echo $e->getMessage();
exit();
}
I’m getting the Invalid parameter number: parameter was not defined error message. I’m pretty sure my issues lies in ON DUPLICATE KEY UPDATE :fieldlist'); but I’ve made so many different attempts and none of them have worked. Should I be using ON DUPLICATE KEY UPDATE anymore at all?
Also, I’m new to the : and :: syntax, does :name mean it’s a named variable kind of like $name and does PDOStatement::bindValue kind of like PDOStatement->bindValue?
Edit
In response to the first two comments below I’ve updated the code thusly (but still to no avail, the debugDumpParams says I have no params). Also, why create the $array_of_parameters when it becomes the exact same array as $faculty to begin with?
//grab form data
$faculty = $_POST;
$fname = $_POST['fname'];
$lname = $_POST['lname'];
//delete the submit button from array
unset($faculty['submit']);
$array_of_parameters = array();
foreach($faculty as $key=>$val){
$array_of_parameters[$key] = $val;
$fields[] = sprintf("%s=?", $key);
}
$field_list = join(',', $fields);
try {
$dbh = new PDO('mysql:host=localhost;dbname=kiosk', 'kiosk', 'K10$k');
$dbh->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
$update = 'UPDATE fhours SET '.$field_list. 'WHERE fname="'.$fname.'" AND '.
'lname="'.$lname.'"';
$stmt = $dbh->prepare($update);
//echo $stmt->debugDumpParams();
$stmt->execute(array($array_of_parameters));
if($stmt->rowCount() == 0){
$insert = 'INSERT INTO fhours ('.implode(",", array_keys($faculty)).')'.
' VALUES (:'.implode(",:", array_keys($faculty)).')';
$stmt = $dbh->prepare($insert);
$stmt->execute(array($array_of_parameters));
}
}
catch(PDOException $e){
echo $e->getMessage();
exit();
}
$dbh=null;
What you have attempted to do is to dynamically build a SQL string that will become parameterized. The
:paramnameparameters are expected to be single values mapped to column values, where clause parameters, etc. Instead you have used$fields[] = sprintf("%s = :%s", $key, $key);to create a string of:paramnamefields in order to plug into the query. This just won’t work in a parameterized statement.Rather than doing
ON DUPLICATE KEY UPDATE :fieldlist, you should build the whole sql string before passing it intoprepare().Then rather than use the
bindParam()method to bind each one individually, you can use an alternate syntax toexecute()to pass in an array of expected parametric values. They need to be in the correct order, or have array keys the same names as the:paramparameters in your SQL. See the docs for more info and examples.EDIT To properly use parameters in your
UPDATEstatement, do it like this: