Invalid parameter error while doing PDO take action


I'm trying to learn how to use PDO, so I've already gone VERY looking for everything to understand it. So I'm at a point that left me pretty confused.

I have the following code, it is the: _conecta_banco.php

class conectar_banco {

    var $host        = 'localhost';
    var $usuario     = 'root';
    var $senha       = '';
    var $banco       = 'trabalho_kinccal';

    var $pdo         = null;
    var $buscaSegura = null;
    var $qtdeLinhas  = null;

    // Cria a função para Conectar ao Banco MySQL
    function conecta() {
            $this->pdo = new PDO("mysql:host=".$this->host.";dbname=".$this->banco,$this->usuario,$this->senha);
            $this->pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
        }catch(PDOException $e){
            echo $e->getMessage();

    // Método de Busca
    public function buscar($table, $where = null, $order = null, $limit = null) {
        $busca = 'SELECT * FROM '.$table;
            if($where != null) $busca .= ' WHERE :where';
            if($order != null) $busca .= ' ORDER BY :order';
            if($limit != null) $busca .= ' LIMIT :limit';

        $buscaSegura = $this->pdo->prepare($busca);

        // Salvar número de registros
        echo $this->buscaSegura = $buscaSegura->rowCount();

    function inserir($tabela, $valores, $campos = null){
        $inserir = 'INSERT INTO ' . $tabela;
        if($campos != null) $inserir .= ' ('.$campos.')';
        for($i = 0; $i < count($valores); $i++){
            if( is_string($valores[$i]) ) $valores[$i] = '"'.$valores[$i].'"';
        $valores = implode(',',$valores);
        $inserir .= ' VALUES ('.$valores.')';

        $inserirSeguro = $this->pdo->prepare($inserir);

    function qtdeLinhas() {
        return $this->buscaSegura;

Well, that's when I created an index.php , and it looks like this:

include ("class/_conecta_banco.php");
$data = new conectar_banco();


Well, I did not try this insert but I already know that it should not run. I'll get right to the point. When I open the index.php it gives the following error:


Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE [HY093]: Invalid parameter number: number of bound variables does not match number of tokens' in C: \ xampp \ htdocs \ PDO \ class_conecta_banco.php: 34 Stack (): PDOStatement-> Run () # 1 C: \ xampp \ htdocs \ PDO \ index.php (5): connect_bank-> search ('users', '', '', '1') # 2 {main} thrown in C: \ xampp \ htdocs \ PDO \ class_conecta_banco.php on line 34

But if I change this line in index.php


to: (I just took the value)


It even shows results.

In the search method I put conditions where I would build the SQL command line, but I do not understand why when I use it, it does not want to use! Can you understand? If I use echo then after if it will show that it is forming the string that will be used right below.

ADD: I thought I could sort of do a 'global builder', you know? Do you think there's any way you could do that? Will I have to create all the SELECT possibilities I want to use?

asked by anonymous 12.06.2014 / 05:42

1 answer


I see some problems (maybe not all) in your use of the PDO:

  • Parameters serve to replace values, not snippets of a clause.
    That is: you can not use WHERE :where , you need something like WHERE coluna = :valor . And you can not say ORDER BY :order and pass a column name.

  • You can not associate a parameter with statement and not use it within the statement.
    That is, if you use $buscaSegura->bindValue(":valor", $valor); , the :valor name must appear in the query. This is the cause of the error you are seeing:


    Invalid parameter number: number of bound variables does not match number of tokens

12.06.2014 / 06:04