0

I am trying execute this query which returns false with message that "INSERT has more target columns than expressions" which I understand, but is there a way to use array or string with values that I want to insert ? I am using postgres with PDO

$params = '"param1", "param2", "param3", "param4", "param5"';
$query = $conn->query = 'INSERT INTO myTable (
               "value1",
               "value2",
               "value3",
               "value4",
               "value5") VALUES(:params)';
$query->execute(array('params' => $params));
Improve this question
4
  • 1
    You're trying to make your input be handled as a mixture of data and code. That's exactly what prepared statements are designed to avoid. Their main purpose is to isolate data from code. Commented Aug 9, 2018 at 12:32
  • The real question is how the $params came to be in that very format. Commented Aug 9, 2018 at 12:33
  • 3
    You should read the manual for the proper usage of prepared statements. There's too many issues with the above snippet. Commented Aug 9, 2018 at 12:36
  • Okay I am going try to read the manual and after that edit the snippet to be more appropriate. Commented Aug 9, 2018 at 12:43

1 Answer 1

Reset to default
1

In your code the statement only has a parameter for the value1 column and its value is '"param1", "param2", "param3", "param4", "param5"', then the message says that this request needs values for columns value2, value3, value4, value5.

You could try using this code:

// using named placeholders
$params = array(
     "param1" => "param1",
     "param2" => "param2",
     "param3" => "param3",
     "param4" => "param4",
     "param5" => "param5"
);
$query = $conn->query = '
    INSERT INTO myTable ("value1", "value2", "value3", "value4", "value5")
    VALUES(:value1, :value2, :value3, :value4, :value5)
';
$query->execute($params);

// using unnamed placeholders
$params = array("param1", "param2", "param3", "param4", "param5");
$query = $conn->query = '
    INSERT INTO myTable ("value1", "value2", "value3", "value4", "value5")
    VALUES(?, ?, ?, ?, ?)
';
$query->execute($params);

Documentation: PHP: Prepared statements and stored procedures - Manual

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.