Can't figure out what I'm doing incorrectly in prepared statement

Question

I'm currently converting this piece of code from mysql to PDO:

$catquery = mysql_query("SELECT category, longdescription, locked, 
                                catid, parentcatid, leveldown 
                        FROM ".$tableprefix."fanfiction_categories 
                        WHERE catid = '$catid'") 
                or die(_FATALERROR."Query: SELECT category, locked, catid, parentcatid, leveldown FROM ".$tableprefix."fanfiction_categories WHERE catid = '$catid'<br />Error: (".mysql_errno( ).") ".mysql_error( ));
 $category = mysql_fetch_array($catquery);

I'm new to PDO but have been trying to learn what I can. This is what I came up with in PDO:

$db = new PDO('mysql:host='.$db_host.'; dbname='.$db_name, $db_user, $db_pass); 
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$catquery = $db->prepare("SELECT category, longdescription, locked, catid, 
                                parentcatid, leveldown 
                          FROM ".$tableprefix."fanfiction_categories 
                          WHERE catid=:catid");
$stmt -> bindPARAM (':catid', $catid, PDO::PARAM_STR );
try {
    $stmt->execute ();
    echo "Sucess";
} catch (PDOException $e) {
         echo $e->getMessage();
}

I can't get the bindPARAM portion correct, even after trying it in many forms. Is there something I'm overlooking? I'm a bit confused in regards to PDO, so it would be nice if someone could point out where I'm going wrong with this.

1) Might not matter, but the function is `bindParam` 2) `$catquery` is the statement object (from prepare) not `$stmt` which appears not to exist. — Jonnix, Oct 01 '16 at 14:44
also looks like you may be missing the `.` from `".$tableprefix."fanfiction_categories` @ between table prefix and table — Professor Abronsius, Oct 01 '16 at 14:51
Were you had the error reporting for PHP properly set, you wouldn't have to ask this question here.Refer to the linked answer for the proper settings. — Your Common Sense, Oct 01 '16 at 15:23

score 1 · Answer 1 · answered Oct 01 '16 at 15:07

Quite simply you have forgotten to amend all the variables from your copy/paste

$db = new PDO('mysql:host='.$db_host.'; dbname='.$db_name, $db_user, $db_pass); 
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$catquery = $db->prepare("SELECT category, longdescription, locked, catid, 
                                parentcatid, leveldown 
                          FROM ".$tableprefix."fanfiction_categories 
                          WHERE catid=:catid");

//$stmt -> bindPARAM (':catid', $catid, PDO::PARAM_STR );
$catquery -> bindPARAM (':catid', $catid, PDO::PARAM_STR );
try {

    //$stmt->execute ();
    $catquery->execute ();

    echo "Sucess";
} catch (PDOException $e) {
         echo $e->getMessage();
}

Thank you for being the only one who gave an example, though I do appreciate the other answers as well. I'm seeing where I messed up (it seems like such a simple error). Thank you again! — llawliet, Oct 03 '16 at 05:40

Can't figure out what I'm doing incorrectly in prepared statement

1 Answers1