-2

I've been having significant problems attempting to link to a MySQL database using PHP. The php script just crashes without echoing any error messages.

In order to track down the error I've whittled down the code. It crashes even for something as trivial as a simple assignment operation!

the code 

<!DOCTYPE html>
<head>
    <title>
    </title>
</head>
<body>

Testing<br />

<?php

echo("hello")

$hostname_testserver = "stringvar";
echo(" no1 ")


?>

Testing <br />

</body>
</html>

Displays nada: absolutely no source code whatsoever. Blank screen, no browser error message; nothing.

What makes this so peculiar is that I know that I have successfully managed to get php scripts working on this server... using exactly this assignment.

So naturally something more complicated like:

<?php

/*** mysql hostname ***/
$hostname = 'HOST';

/*** mysql username ***/
$username = 'NAME';

/*** mysql password ***/
$password = 'PASSWORD';

try {
    $dbh = new PDO("mysql:host=$hostname;dbname=DATABASE", $username, $password);
    /*** echo a message saying we have connected ***/
    echo 'Successfully connected with database<br />';


    /*** INSERT data ***/
    $count = $dbh->exec($insertion);

    /*** echo the number of affected rows ***/
    echo $count;

catch(PDOException $e)
    {
    echo $e->getMessage();
    }
?>

Doesn't even get off the ground ><

Stumbler
  • 2,056
  • 7
  • 35
  • 61
  • 2
    Check your server logs. There *will* be an error. – deceze Nov 02 '12 at 15:42
  • 1
    Make sure you display PHP-errors. – Zar Nov 02 '12 at 15:42
  • 3
    You need `;` after your `echo` statements. – gen_Eric Nov 02 '12 at 15:44
  • 1
    `quentin@Foo:tmp # php x.php Parse error: parse error, expecting ',' or ';' in /Users/quentin/tmp/x.php on line 14` – Quentin Nov 02 '12 at 15:44
  • 2
    Add `error_reporting(E_ALL);ini_set('display_errors', 1);` to see errors! – Bogdan Burym Nov 02 '12 at 15:46
  • Seeing an `exec` call with no bound values is extremely worrying. Are you using [SQL placeholders](http://bobby-tables.com/php) in your query? – tadman Nov 02 '12 at 15:53
  • @tadman I'm currently stripping strings that are inserted into the database of unacceptable chars to avoid the insertion of html and the like, but I better find some means to prevent Bobby Tables and such SQL insertion as well. – Stumbler Nov 02 '12 at 16:12
  • 1
    If you're using PDO, all you need to do is use SQL placeholders in your statement and pass the values through in an `array` when you execute it. There's many simple [tutorials](http://net.tutsplus.com/tutorials/php/why-you-should-be-using-phps-pdo-for-database-access/) that explain how this works. Don't bother stripping, just let PDO take care of it for you: `INSERT INTO x (y) VALUES (?)` instead of `('$value')`. – tadman Nov 02 '12 at 16:28
  • @tadman So for the above example, some declaration of $STH->bindParam(':insertion', $insertion);, and replacing the variable $insertion with the respective placeholder (it's a long string including SQL commands)? Would you say it would be necessary to also provide some sort of encryption to the connection parameters? – Stumbler Nov 02 '12 at 16:47
  • 1
    Yeah, `bindParam` is exactly what you want, but you don't bind the whole query, only the data parts like in that `INSERT` example: `INSERT INTO tablename (columname) VALUES (:columnvalue)` would need a `bindParam(':columnvalue', $columnvalue)`. Also, if someone's snooping your source code for passwords you've got problems that won't be solved with encryption. Don't obfuscate your credentials. You may want to put them in an include file that can be configured independent of your application, though, just so it's not permanently in your revision control system. – tadman Nov 02 '12 at 17:18

3 Answers3

3

Error reporting is probably disabled, a quick look shows that you're missing a closing bracket on your try statement

try {
    $dbh = new PDO("mysql:host=$hostname;dbname=DATABASE", $username, $password);

    echo 'Successfully connected with database<br />';



    $count = $dbh->exec($insertion);


    echo $count;
} //This one
catch(PDOException $e)
    {
    echo $e->getMessage();
    }
Ricardo
  • 492
  • 4
  • 15
0

You have some fatal errors in your 1st scripts; you've forgot some ";" after your echo statements (which don't require parenthesises BTW) You should display PHP errors, or log them (and monitor the logs...)

haltabush
  • 4,508
  • 2
  • 24
  • 41
  • Okay; but why not display the first echo statement, or indeed any of the html outside of the php scripting, regardless of the syntax error? – Stumbler Nov 02 '12 at 15:52
0

Predominately a server issue where neither error reporting nor driver for PDO was set up, which left me quite confused. The suggested code above, to make error reporting work, was unsuccessful. The first lot of code I quoted in my question ran correctly once syntax errors were removed. After significant amount of pampering the server eventually displayed a message confirming that the PDO drivers were not installed. I eventually solved this by moving to a better server were both of the above were already preconfigured. If anyone else is looking for information relating to PDO not being installed, you may wish to look here: PDOException “could not find driver”

Community
  • 1
  • 1
Stumbler
  • 2,056
  • 7
  • 35
  • 61