Simple PDO select statement not working

Question

I'm not a PHP developer, but having a huge amount of trouble trying to do simple things in this language. The current issue is that I am simply just trying to make a select statement, that works fine if I do it like this:

$sql = "SELECT * FROM victim WHERE steamId = 129847129847"

The rest of my logic runs:

$stmt = $this->pdo->prepare($sql);
$stmt->execute();
$user = $stmt->fetch();
if($user) {
  //success
  error_log('hit');
} else {
  error_log('error????????????');
}

And I get the hit in my console. Great, but that's not very useful. I want to simply just exchange the hardcoded value to something I am passing in the function.

function checkIfVictimExists($steamId)

Now I don't have ALL the code I've tried, but I've just about tried every flavor of this that I've seen on the internet and it continously hits the else no matter what I do. Again, hardcoding the steamId, works fine, trying to inject a value does not work.

Here's my current implementation that is not working:

$sql = "SELECT * FROM victim WHERE steamId = ?";
$stmt = $this->pdo->prepare($sql);
$stmt->execute(array($steamId));
$user = $stmt->fetch();
if($user) {
  //success
  error_log('hit');
} else {
  error_log('error????????????');
}

I know I've tried to pass it in via:

...WHERE steamId = :steamId and ...execute(array(':steamId' => $steamId);

with no luck.

I've simply just tried to add it onto the string, as such:

...WHERE steamId = {$steamId}

AND

...WHERE steamId = ".$steamId."

AND

...WHERE steamId = ".$steamId (thought maybe I needed an extra "?)

Literally nothing works. When I try to get error info, via $this->pdo->errorInfo() all I get is an array like this:

[0] = 0000 [1] = [2] =

Really at a loss for words why this would be so confusing, but obviously I am missing something that I fail to see in any of the google searches I've done. Looking for some help here now, thanks in advance.

EDIT

here is my connection logic:

...
  private $pdo;

  function __construct() {
    $dsn = "mysql:host=".$this->dbhost.";dbname=".$this->dbname.";charset=".$this->charset;
    try {
      $this->pdo = new PDO($dsn, $this->username, $this->password);
      $this->connectionStatus = true;
    } catch(Exception $ex) {
      error_log('Could not connect to DB'.$ex);
    }
  }

Are you sure you're not double wrapping the array of parameters that you pass to the function? — Alon Eitan, Feb 23 '18 at 21:38
@GrumpyCrouton not sure what you mean. `error_log` is the only way I can get it to print to my terminal. Otherwise, I can't debug at all. Just a simple way for me to check values. Not sure what $dbh is, would that be my `$stmt`? — jdmdevdotnet, Feb 23 '18 at 21:39
@jdmdevdotnet No, it's your database handle. It looks like it would be `$this->pdo->` but I've never seen that before. How is your connection initialized? Have you considered trying to use a PDO helper class? That may allow you to know if it's an issue with your setup or not. My class [GrumpyPDO](https://github.com/GrumpyCrouton/GrumpyPDO) (I wrote this class) is extremely easy to setup if you want to do a quick test of that. Narrowing that down may allow us to find a solution easier and we can get you back to not using a class if you wish — GrumpyCrouton, Feb 23 '18 at 21:40
Are you really using `129847129847` or was it a random example? If you run it on, say, phpmyadmin it works OK? What's the result of `var_dump($steamId);`? Is it an `int`? Try casting it to `string`. — ishegg, Feb 23 '18 at 21:40
@GrumpyCrouton then I am already doing that. I come from C#/Javascript. I don't know how anyone uses this language, only way for me to have global (global as in, class global) I had to set up the connection using a public variable $pdo and access it where I need it via, `$this->pdo`. I'll paste in my connection so you can see. — jdmdevdotnet, Feb 23 '18 at 21:41
There may be more at work with your overall class object (since you are using $this, I'm assuming its a class object). Maybe we need to see a bit more of the public function code for the class and action? — IncredibleHat, Feb 23 '18 at 21:41
@ishegg no that's just a random set of numbers, didn't want to post the actual steamId. Tbh, not sure if it's an int or not. It's coming from JS. In my DB it's a bigint, should I be casting it some way? — jdmdevdotnet, Feb 23 '18 at 21:42
@jdmdevdotnet Do you have `PDO::ATTR_EMULATE_PREPARES` set to true? — GrumpyCrouton, Feb 23 '18 at 21:42
I'm just grasping at straws but it's possible that you're going over PHP's max int size so your query works OK but the steamId sent by PHP is not found because it overflows — ishegg, Feb 23 '18 at 21:43
@ishegg well the steamId would be around 9-10 digits, which in SQL is not overflowing an int, but could that be the case in PHP? — jdmdevdotnet, Feb 23 '18 at 21:44
Just to test, try setting the ID in a variable but as a string, i.e. `$steamId = "1234819244423847192394"` and see how it works out (was it an `int` in the first place though? you never answered). — ishegg, Feb 23 '18 at 21:45
@ishegg well... we're on to something. When I just set a variable via `$_steamId = 76561198805866519;` it works! Is this telling me that it's not casted as an int? Because even when I try to cast as an int, it still doesn't work. — jdmdevdotnet, Feb 23 '18 at 21:47
@ishegg to clarify, the steamId in my DB is not a string, but an int (bigint to be precise). — jdmdevdotnet, Feb 23 '18 at 21:48
I'm lost now, how did you do it before? Did you use literally that code? Because then it should be an int. Are you wrapping the number in quotes or not? — ishegg, Feb 23 '18 at 21:48
A steamID64 is about 16 digits for my profile. If you don't handle it as a string, it can certainly cause issues on the PHP side. Mysql should handle it ok with the bigint field type, but php still should treat it as a string. — IncredibleHat, Feb 23 '18 at 21:48
@jdmdevdotnet could you do `var_dump($steamId);` and let us know what type it is? — GrumpyCrouton, Feb 23 '18 at 21:48
@IncredibleHat My issue is I want the steamID64 to be the primary key, and I read that it's not in good practice to have a primary key be a string. If this is incorrect, I will change it. — jdmdevdotnet, Feb 23 '18 at 21:50
@ishegg no I did not use your code, all I did was take out the quotes though. — jdmdevdotnet, Feb 23 '18 at 21:51
Primary key refers to the mysql field, which you have as a bigint, which is fine. On php, it cannot be an (int)$variable, because, well, its HUGE ;) Just keep it as a string on php's side, and it should be fine. — IncredibleHat, Feb 23 '18 at 21:51
@jdmdevdotnet No, your DB is fine. PHP is the problem. Leave your table as is. The problem is that the number might be overflowing. What's different from what you did before to `$_steamId = 76561198805866519;`? — ishegg, Feb 23 '18 at 21:51
@ishegg That's what I am having a hard time understanding. I'm running PHP as an AJAX call, the only way I can debug is error_log. So @grumpyCrouton, var_dump does nothing as I can't see anything that it's printing. When I `error_log($steamId)` it shows the correct steamId in my terminal window (running the PHP on localhost). — jdmdevdotnet, Feb 23 '18 at 21:53
Is there a way I can check the type without var dump? Like in JS you can do `typeof(varibale)` to get the type. I want to provide any additional information I can to help you guys help me. — jdmdevdotnet, Feb 23 '18 at 21:55
Am I the only one here questioning a post that involves the words _"SteamID"_ and _"victim"_? — icecub, Feb 23 '18 at 22:07
@icecub I can see how you think that, however I work for a consulting agency and we are building software to curb sexual harassment in video games. "Victim" is simply referring to someone who needs help. I can see where you got the idea of malicious intent, but I assure you there is none. — jdmdevdotnet, Feb 23 '18 at 22:08
Its a real head-scratcher... I cant help but wonder if OSX has some oddball implementation somewhere that is causing all this grief. I wasn't able to repro something similar on our ubuntu 64bit server :( grasping at straws at this point, so I have to bow out and hope you for the best! — IncredibleHat, Feb 23 '18 at 22:10
@jdmdevdotnet Great. I'm not one to judge, but you can imagine I have my doubts about helping someone with a system that's potentially designed to harm users on the internet ;) — icecub, Feb 23 '18 at 22:11
@icecub Yes I understand, all I can do is provide my company details: www.fcbchicago.com, we're one of the biggest ad agencies in the US and wouldn't be developing malicious software. — jdmdevdotnet, Feb 23 '18 at 22:14
You can var_dump to your error log by catching the var_dump output in a string using output buffering. https://stackoverflow.com/questions/139474/how-can-i-capture-the-result-of-var-dump-to-a-string — Don't Panic, Feb 23 '18 at 22:15
It's ok. I'm gonna setup a test environment here, see what I can come up with — icecub, Feb 23 '18 at 22:16
Ended up just changing the DB column to a varchar, and passing it as a string now works. — jdmdevdotnet, Feb 23 '18 at 22:23
I've tested here locally with bigint as datatype and it's working perfectly fine for me? This is my PDO Class: https://pastebin.com/B2EU3KxS And this would be the code I tested: https://pastebin.com/6WQcWwuH — icecub, Feb 23 '18 at 22:33
Something I didn't see here: `$this->pdo->errorInfo()` will only give errors on the PDO handler. If you want to see an error with the specific query, use `$statement->errorInfo()`. it might help you narrow this down. Also, you can echo the `PHP_MAX_INT` constant to see if there actually is an out of bounds issue with the ID you're attempting to cast to integer. — Aken Roberts, Feb 23 '18 at 23:40

Simple PDO select statement not working

0 Answers0