PDO BindParam and BindValue not working

Question

I've tried looking but cannot find why my code is not working.

Here is what I cannot get to work - the query doesn't return anything, in fact the processing stops at the execute.

If I hardcode the values in the execute it works:

$CID = $_POST [ 'loginPageCID' ];
$LID = $_POST [ 'loginPageLID' ];
$PWD = $_POST [ 'loginPagePwd' ];

require_once('connectdb.php');

$sql = "

    SELECT u.*, c.cname, c.cstatus
    FROM t_users u, t_customers c
    WHERE u.cid = ?
    AND c.cid = u.cid
    AND u.login_id  = ?
    AND u.pwhash = ?

    ";

$stmt = $conn->prepare ( $sql );

$stmt->execute (array(1, 'su1', 'hello'));

$row = $stmt->fetchAll();

With the above it works, but if I try to use variables the execute seems to silently fail:

$CID = $_POST [ 'loginPageCID' ];
$LID = $_POST [ 'loginPageLID' ];
$PWD = $_POST [ 'loginPagePwd' ];

require_once('connectdb.php');

$sql = "

    SELECT u.*, c.cname, c.cstatus
    FROM ids_users u, ids_customers c
    WHERE u.cid = ?
    AND c.cid = u.cid
    AND u.login_id  = ?
    AND u.pwhash = ?

    ";

$stmt = $conn->prepare ( $sql );

$stmt->bindParam(1, $CID, PDO::PARAM_INT);
$stmt->bindParam(2, $LID, PDO::PARAM_STR);
$stmt->bindParam(3, $PWD, PDO::PARAM_STR);

$stmt->execute (); // fails here

$row = $stmt->fetchAll();

Edit:

connectdb.php is as follows:

$conn;

try {
    $conn = new PDO("mysql:host=$hostname;dbname=$dbname", $username, $password);
    // set the PDO error mode to exception
    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

    }
catch(PDOException $e)
    {
    echo "Error: " . $e->getMessage();
    }

Have you [enabled exceptions](http://php.net/manual/en/pdo.error-handling.php)? If so, nothing should silently fail. — tadman, Jul 16 '17 at 19:06
@tadman - have added the code for creating the connection to the question. — TenG, Jul 16 '17 at 19:10
Have a closer look at the result objects you're getting back. Double-check your error log for any notifications. — tadman, Jul 16 '17 at 19:10
Note: `echo "Error: " . $e->getMessage();` - Make shure you don't use that code in production. The message might contain the password (though I'm not sure). — Paul Spiegel, Jul 16 '17 at 19:16
`$stmt->execute (); // fails here` - How do you know it fails there? — Paul Spiegel, Jul 16 '17 at 19:40
@PaulSpiegel - I plastered the code with noddy debug "echo" statements and that leads me to believe it fails at the execute. — TenG, Jul 16 '17 at 21:00

score 0 · Answer 1 · answered Sep 01 '17 at 07:58

I had the same issue and I found the solution in this post:

PDO - bindParam not working

in the second answer, where the user suggested to avoid using the bindParam or bindValue functions as PDO has already a shorter way to dinamically assign parameters to the SQL query.

PDO BindParam and BindValue not working

1 Answers1