PDO returns unknown error message on execute

Question

I´m developing a website using php and I tried to implement pdo but it keeps returning

PDO::errorInfo():Array([0] => 00000 [1] => [2] => )

It´s very important that I can fix these error since this is an important project for me and I´ve tried everything I could. the connection works fine since I Any ideas? Here is the connection (in case you need it):

<?php 
  $redirect ="503.php";
  $config = parse_ini_file('config.ini');
  $basehost = $config['host'];
  $basecon = $config['table'];
  $seccon = $config['sectable'];
  $basechar = $config['char'];
  $smhost = $config['SMTPhost'];
  $smauth = $config['SMTPAuth'];
  $smuser = $config['SMTPUser'];
  $smpass = $config['SMTPPass'];
  $smsec = $config['SMTPSecure'];
  $cartab = $config['cardtable'];
  $con = "mysql:host=$basehost;dbname=$basecon;charset=$basechar";
  $options = [PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,];
  try {
    $pdo = new PDO($con,$config['username'],$config['password'], $options);
  } catch (Exception $e) {
    exit(header("location:$redirect"));    
  }
?>

Here is the problem I can´t handle:

if($mail->send()) { 
    $stmt = $pdo->prepare("INSERT INTO $basecon.$seccon (C_Nome,C_email,C_User,C_Pass,Card_Number,N_fiscal,D_Nasc,C_Morada,N_tel,N_tel_emer,N_cid,N_saude,Tipo_Sangue,C_Hist,Reg_Code) VALUES (:name, :email,:user,:pass,:cardnum,:fisnum,:birth,:adressnum,:telf,:emertelf,:citcard,:healthcard,:bloodstring,:histstring,:value)");
    $stmt->bindParam(array(':name', $_POST['name']), PDO::PARAM_STR);
    $stmt->bindParam(array(':email', $_POST['email']), PDO::PARAM_STR);
    $stmt->bindParam(array(':user', $_POST['username']), PDO::PARAM_STR);
    $stmt->bindParam(array(':pass', md5($_POST['password'])), PDO::PARAM_STR);
    $stmt->bindParam(array(':cardnum', $_POST['cardnumber']), PDO::PARAM_STR);
    $stmt->bindParam(array(':fisnum', $_POST['fiscalnum']), PDO::PARAM_STR);
    $stmt->bindParam(array(':birth', $_POST['birthdate']), PDO::PARAM_STR);
    $stmt->bindParam(array(':adressnum', $_POST['address']), PDO::PARAM_STR);
    $stmt->bindParam(array(':telf', $_POST['telnum']), PDO::PARAM_STR);
    $stmt->bindParam(array(':emertelf', $_POST['emertelnum']), PDO::PARAM_STR);
    $stmt->bindParam(array(':citcard', $_POST['citnumber']));
    $stmt->bindParam(array(':healthcard', $_POST['healthnumber']), PDO::PARAM_STR);
    $stmt->bindParam(array(':bloodstring', $_POST['bloodtype']), PDO::PARAM_STR);
    $stmt->bindParam(array(':histstring','Conta criada a'), PDO::PARAM_STR);
    $stmt->bindParam(array(':value', $regcode), PDO::PARAM_STR);
    if($stmt->execute()) {
        $successmsg = "Your registration was successful! <a href='login.php'>Clique aqui para efetuar login</a><br>";
    } else {
        $errormsg = "We couldn´t send you the confirmation E-mail, please check if you provided us with the correct E-mail, if so, please try again later.";
    }       
} else {
    echo "\nPDO::errorInfo():\n";
    print_r($pdo->errorInfo());
    $errormsg = '<div class="alert alert-danger" role="alert">Something went wrong, please try again later." </div>'  ;
}

And the E-mail works so that has nothing to do with the problem. And thank you :)

***You really shouldn't use [MD5 password hashes](http://security.stackexchange.com/questions/19906/is-md5-considered-insecure)*** and you really should use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. Make sure you [don't escape passwords](http://stackoverflow.com/q/36628418/1011527) or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. — Jay Blanchard, Jan 12 '18 at 17:17
I´m just using md5 for now, in the end I want to store passwords like salted hash — Miguel Rodrigues, Jan 12 '18 at 17:19
If you don't have time to do it right the first time, when will you find the time to add it later? — Jay Blanchard, Jan 12 '18 at 17:20
Why are you looking for `PDO::errorInfo()` if your mail send fails? It wouldn't even be hitting the connection at that point. — aynber, Jan 12 '18 at 17:21
$options = [PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,]; I think the comma at the end of this array should be removed, also try not adding the PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION and see whay it shows. Then in your catch the location should be capital letter L, and give a little space between $redirect and the : sign — Ezekiel, Jan 12 '18 at 17:22
Save yourself some code and pass the array of parameters in the [execute()](http://php.net/manual/en/pdostatement.execute.php) — Mikey, Jan 12 '18 at 17:29
@Ezekiel an extra comma after the last item in an array is fine — miken32, Jan 12 '18 at 17:30
@miken32 I guess it works for me most times, but few times I have had the issue of comma, so cleaning up code isn't so bad. It helps eliminate anything while debugging — Ezekiel, Jan 12 '18 at 17:39
@Ezekiel it's never an issue. Typical use case is when array items are on separate lines. This prevents errors when adding new items and the comma is forgotten, and reduces numbers of line changes in your version control system. — miken32, Jan 12 '18 at 17:41
@miken32 am not here to challenge, i know of the seperate line thing, like I said cleaning up code, comments are good for development, but in production it advisable for them to be removed, unnecessary whitespaces are advised to be removed for the sake of the interpreter, I hope you understand me better now — Ezekiel, Jan 12 '18 at 17:46
You're storing some incredibly sensitive personal information here, security is not something that you "implement later, when I have time, if I remember...", you do it ***NOW*** before your ass gets sued clean off your body. — Sammitch, Jan 12 '18 at 18:43
Yah I know that now, since I just messed up with those error messages because putting PDO is actually an "update" that´s why the error messages are in the wrong place. So from now on I´m changing the way i´m doing this. — Miguel Rodrigues, Jan 12 '18 at 23:54
but still I really don´t understand why these doesn´t work — Miguel Rodrigues, Jan 12 '18 at 23:55

miken32 · Accepted Answer · 2018-01-12T17:38:27.953

Your error conditions are in the wrong order. The error is in sending mail, but you display a database error which is, as expected, empty. Proper and consistent indenting will help spot these sorts of problems.

It's also worth noting that you don't need to bind parameters with PDO, and you can use ? placeholders.

One last edit, you enable exceptions during database initialization, but don't use it later in the code. If there's a problem in your database query it won't return false but will throw an exception instead.

if($mail->send()) { 
    try {
        $stmt = $pdo->prepare("INSERT INTO $basecon.$seccon (C_Nome,C_email,C_User,C_Pass,Card_Number,N_fiscal,D_Nasc,C_Morada,N_tel,N_tel_emer,N_cid,N_saude,Tipo_Sangue,C_Hist,Reg_Code) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
        $stmt->execute([
            $_POST['name'],
            $_POST['email'],
            $_POST['username'],
            password_hash($_POST['password']),
            $_POST['cardnumber'],
            $_POST['fiscalnum'],
            $_POST['birthdate'],
            $_POST['address'],
            $_POST['telnum'],
            $_POST['emertelnum'],
            $_POST['citnumber'],
            $_POST['healthnumber'],
            $_POST['bloodtype'],
            'Conta criada a',
            $regcode,
        ]) {
        $successmsg = "Your registration was successful! <a href='login.php'>Clique aqui para efetuar login</a><br>";
    } catch (\Exception $e) {
        // of course you should never catch errors just to display them, this is just a demo
        echo $e->getMessage();
        print_r($pdo->errorInfo());
        $errormsg = '<div class="alert alert-danger" role="alert">Something went wrong, please try again later." </div>';
    }
} else {
    $errormsg = "We couldn´t send you the confirmation E-mail, please check if you provided us with the correct E-mail, if so, please try again later.";
}

I tried your fix and this was what I got: : PDOStatement::execute() expects at most 1 parameter, 15 given — Miguel Rodrigues, Jan 12 '18 at 23:46
I did however re-wrote the send email code and you were write i did had a problem with that when i change to pdo I swap code and the email was already there so I got it wrong. — Miguel Rodrigues, Jan 12 '18 at 23:48
still I can´t store anything in the dabase either with my code or with your fix, sorry, but thank you for actually trying to help, and I really mean that :) — Miguel Rodrigues, Jan 12 '18 at 23:50
@MiguelRodrigues there’s only one parameter in my code, not 15. I’d suggest copying and pasting the whole thing, as it seems you’ve made an error somewhere. — miken32, Jan 13 '18 at 04:55

PDO returns unknown error message on execute

1 Answers1