When I switch this code to PDO it stops working with out emmiting any error

Question

I'm trying to use PDO in my website in order to avoid SQL injections, well, as far as I'm concerned the following code is not safe, isn't it? The problem is that when I switch my code to PDO no error is shown but it doesn't work.

This is the code.

$q = ucwords($_GET['q']); 
$result = mysqli_query($conn, "SELECT src FROM mydb WHERE $q LIKE 1");
$total = mysqli_num_rows($result);
$numRow = bcdiv(($total / 4), '1', 0);
if($numRow < 4){
    $numRow = 1;
    };
if($row = mysqli_fetch_array($result)){ ?>              
    <h2>Resultados para la búsqueda <?php echo "$q"?></h2>
    <h3>Número de resultados total: <?php echo "$total"?></h3>
    <div class="gallery"> 
<?php       do{ ?>
                <style>
                .gallery{
                    grid-template-rows: repeat(<?php echo "$numRow" ?>, 10.375em);
                }
                </style>
                <div class="element" id="element"><img src="<?php echo $row['src']; ?>" alt=""></div>
<?php           }while($row = mysqli_fetch_array($result));{
                } ?>
<?php           }else{
                    echo "No hay resultados para la búsqueda";
                };

This is the PDO prepared statement I tried

$stmt = $pdo->prepare("SELECT src FROM memes WHERE :q LIKE 1");
                    $stmt->bindParam(":q", $q, PDO::PARAM_STR);
                    $stmt->execute();
                    $result = $pdo->prepare("SELECT FOUND_ROWS()"); 
                    $result->execute();
                    $total = $result->fetchColumn();
                    $numRow = bcdiv(($total / 4), '1', 0);
                    if($numRow < 4){
                        $numRow = 1;
                    };
                    if($row = $stmt->fetch()){
        ?>              
                        <h2>Resultados para la búsqueda <?php echo "$q"?></h2>
                        <h3>Número de resultados total: <?php echo "$total"?></h3>
                            <div class="gallery">
        <?php           
                        do{ 
        ?>
                            <style>
                                .gallery{
                                    grid-template-rows: repeat(<?php echo "$numRow" ?>, 10.375em);
                                }
                            </style>
                            <div class="element" id="element">
                                <img src="<?php echo $row['src']; ?>" alt="">
                            </div>
        <?php
                        }while($row = $stmt->fetch());{
                        }
        ?>
        <?php
                    }else{
                        echo "No hay resultados para la búsqueda";
                    };

Plus _go research_ how to get error messages shown when using PDO, please. Make an actual effort to inform yourself _before_ asking here. — 04FS, Apr 23 '19 at 10:43
Just switching to PDO won't protect you against SQL injection. You need to use prepared statements, but tyou can also do that with mysqli. — , Apr 23 '19 at 10:50
a `SELECT src FROM mydb WHERE $q LIKE 1` query doesn't make too much sense. What you are trying to do here? — Your Common Sense, Apr 23 '19 at 14:36
The $q is referred to a column. I'm sarching for all the values which have a 1 on that column — javi padilla, Apr 23 '19 at 18:46

When I switch this code to PDO it stops working with out emmiting any error

0 Answers0