webpage contents not showing after switching to PDO

Question

i tried to switch my code from mysql to PDO everything seems to be working because i don't get any error but the contents of the webpages don't show up.

this is my DB connection structure

try {
        $conn = new PDO('mysql:host=localhost;dbname=***', '***', '***', array(PDO::ATTR_PERSISTENT => true));
        $conn->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
        $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    } catch(PDOException $e) {
        echo "Problem with connection ".$e->getMessage();
    }

so i tried a new page with one of the functions i have in my library using PDO and it displayed

<?php
require_once('functions/generalfunctions.php');
try {
        $conn = new PDO('mysql:host=localhost;dbname=***', '***', '***');
        $conn->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
        $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
        echo "success";
    } catch(PDOException $e) {
        echo "I'm sorry there is a problem with your operation..";
        file_put_contents( 'dbErrors.txt', $e->getMessage(), FILE_APPEND );
        }

    try{
        $query = $conn->prepare("SELECT * FROM categories ORDER BY title");
        $query->execute();
        $i = 0;
        while($output = $query->fetch()){
            echo '<li><a href="category.php?cat_id='.encrypt_id($output["id"]).'" class="parent" rel="'.$i.'">'.$output["title"].'</a>'. "\n" .'<ul class="child'.$i.'">';
            $stm = "SELECT title,id FROM sections WHERE cat_id=".$output["id"]." ORDER by title";
            $query = $conn->prepare($stm);
            $query->execute();
            while($out = $query->fetch()){
                $stm = "SELECT count(sec_id) AS topic_count FROM topic WHERE sec_id =".$out["id"];
                $qry = $conn->prepare($stm);
                $qry->execute();
                $cnt = $qry->fetch();
                echo "<li>";
                echo '<a href="sections.php?sec_id='.encrypt_id($out["id"]).'&cat_id='.encrypt_id($output["id"]).'">'.$out["title"]."</a><span id=\"cnt_no\" class=\"badge badge-inverse\">".$cnt["topic_count"];
                echo "</span></li>";
            }   
            echo "</ul>\n</li>";
            $i++;
        }
    }catch(Exception $e){
        die(header('location: http://localhost/test'));
    }?>

so i don't know where the problem is from. Help please

i just figured out one of the main problems... it says

 Notice: Undefined variable: conn in C:\wamp\www\xxx\functions\xxx.php on line 673

and $conn is the name of the variable(object) holding the instance of the PDO connection..

What could be the problem now

[PDO query fails but I can't see any errors. How to get an error message from PDO?](http://stackoverflow.com/a/15990858/285587) — Your Common Sense, Jun 08 '13 at 17:58
It's great you're using PDO, but **STOP** using string concatenation to compose queries. This is dangerously wrong. You **must** use the [SQL placeholders facility](http://php.net/manual/en/pdo.prepare.php) to avoid serious problems. Your query should look like `"SELECT title,id FROM sections WHERE cat_id=:cat_id"` and a later call with `execute(array('cat_id' => $output["id"]))`. — tadman, Jun 08 '13 at 18:17
@tadman yeah i will start fixing that asap..could that be the cause of my problem?..i just checked the source of my index page..LO AND BEHOLD the errors where there in html form but its not displaying on the page..how is that possible — 1baga, Jun 08 '13 at 18:25
They might've been hidden by CSS rules, or because of where they appeared in your HTML (e.g. inside a `` section). This is why you should log errors and not render them to the page. — tadman, Jun 08 '13 at 18:34
@tadman as a matter of fact, this code *intentionally* suppressing errors. So, no CSS required. — Your Common Sense, Jun 08 '13 at 18:59
@YourCommonSense then please show me where my fault is and stop making it look lyk i am committing murder.. — 1baga, Jun 08 '13 at 19:03
every body is talking about pdo and msqli & sql injection these days on SO..... what developers used to do to prevent mysql injection before them? — pinkpanther, Jun 08 '13 at 19:11
@pinkpanther SQL injection has *always* been a problem, but the PHP community here seems largely oblivious to these concerns. I normally don't do PHP, but the amount of radioactively bad code posted here, like this short example, is completely out of control. PHP developers that know what they're doing [have aways had ways to escape data properly](http://bobby-tables.com/php). `mysql_real_escape_string` has been around for more than a decade and before that there were other methods. — tadman, Jun 08 '13 at 19:55

score 0 · Answer 1 · answered Jun 08 '13 at 20:46

What your code doing is nested query. I saw two nested query. The last one $qry is safe.

Basically, You're overwriting the $query resultset. Just change to another variable to $query2 for example. Do it for each new prepared statement and $conn can be reuse.

webpage contents not showing after switching to PDO

1 Answers1