php - "Warning: PDO::prepare() expects parameter 2 to be array, string given" - when only one argument was specified -

i'm not experienced pdo , mysql query..

look @ function:

function add($mynick, $friend) {    $dbh = new pdo(dsn,username,password);    $sth = $dbh->prepare('update pinfo set friends=concat_ws(',' , friends, $friend)  nick = :mynick');    $sth->bindparam(':mynick', $mynick);    //$sth->bindparam(':friend', $friend);    $sth->execute();  } 

this function not working:

warning: pdo::prepare() expects parameter 2 array, string given in /test5.php  fatal error: call member function bindparam() on non-object in /test5.php 

i tried blind $fliend var, in concat_ws, or removing $var , bindparam; db connection , db table ok.

why wrong ?

if try use pdo simple update query, without concat_ws works.

$sth = $dbh->prepare('      update pinfo          set friends=concat_ws(',' , friends, $friend)        nick = :mynick '); 

i've reformatted query make error more obvious.

don't see it?

check out syntax highlighting provided so. see how comma in set black?

the problem you're enclosing sql statement in single-quotes, want use single-quotes inside query. what's happening you're breaking out of quoted argument, passing php comma, opening quote again, resulting in 2 arguments passed prepare: 'update pinfo set friends=concat_ws(' , ' , friends, $friend) nick = :mynick'. why php whining second argument being invalid. need either escape single quotes, or use double quotes wrap query.

therefore need to:

1. use double quotes here, avoid escaping (backslashes can overwhelmingly ugly), and
2. bind $friend rather let php interpolate it, noted @ian wood, , commented out code suggested

thus:

$sth = $dbh->prepare("update pinfo set friends=concat_ws(',' , friends, :friend)  nick = :mynick"); $sth->bindparam(':mynick', $mynick); $sth->bindparam(':friend', $friend); $sth->execute();