PDOException' Invalid parameter number: parameter was not defined

Question

I think that this should be a simple problem but I can not see it.

$SQL = "Select `id` from `fileStore` WHERE `uid` = ':UID' and `offset` = :OFFSET";
$InPut = array(':UID' => $LocArr[0],':OFFSET' => $LocArr[1]);
echo(str_replace(array_flip($InPut),$InPut,$SQL));
$stmt = $db->prepare($SQL);
$stmt->execute($InPut);

The Echo line gives me.

Select `id` from `fileStore` WHERE `uid` = '20151009162211-909549588' and `offset` = 1

Which I can run against the database. But I get the error.

Fatal error: 
Uncaught exception 'PDOException' with message 
'SQLSTATE[HY093]: Invalid parameter number: parameter was not defined' 
in filepath\UploadParser.php:
117 Stack trace: #0 filepath\UploadParser.php(117): 
PDOStatement->execute(Array) #1 {main} thrown in filepath\UploadParser.php on line 117

Answer 1

In your query you have the first placeholder quoted this makes it a string. When the execute is fired the PDO is confused because you are telling it there are two placeholders but it only finds one (the unquoted one).

To resolve that try

$SQL = "Select `id` from `fileStore` WHERE `uid` = :UID and `offset` = :OFFSET";
$InPut = array(':UID' => $LocArr[0],':OFFSET' => $LocArr[1]);
$stmt = $db->prepare($SQL);
$stmt->execute($InPut);

This should make :UID = $LocArr[0] and :OFFSET = $LocArr[1] , when it goes to the db.

It also looks like you are trying to replace the placeholders with the actual values in your query which you shouldn't do. That removes the purpose of prepared statements.

Another way of writing it would be

$SQL = "Select `id` from `fileStore` WHERE `uid` = ? and `offset` = ?";
$stmt = $db->prepare($SQL);
$stmt->execute(array($LocArr[0], $LocArr[1]));