Why can't catch the error with PDOException?












1















Get info passed by POST method, and trim all space in the string, then start a new pdo instance, connect mysql, and insert info passed by POST into table.



$title = trim($_POST["title"]);

$content = trim($_POST["content"]);



$dsn = "mysql:host=localhost;dbname=blog";

$con = new PDO($dsn,"root","xxxx");



$title = $con->quote($title);

$content = $con->quote($content);



try

{

    $sql = "insert into tmp (`title`,`content`) values('$title','$content')";

    $stmt = $con->prepare($sql);

    $stmt->execute();

}

catch(PDOException  $e)

{

    echo $e->getMessage();

}


The above is my PHP code to make the job done,the most import command is 



insert into tmp (`title`,`content`) values('$title','$content')";


No error info is shown by running the above PHP code, and no error exists in /var/log/mysql/error.log, but info has not been inserted into the database.



I changed the 



insert into tmp (`title`,`content`) values('$title','$content')";


into 



insert into tmp (`title`,`content`) values($title,$content)";


The info passed by POST can be inserted into mysql now, the issue that confuses me is that:





  1. echo $e->getMessage(); take no effect at all.

  2. no error info in /var/log/mysql/error.log


How can I catch these errors?






php mysql pdo error-handling try-catch







share|improve this question




















  • 1





    Try adding php.net/manual/en/pdo.error-handling.php

    – Funk Forty Niner
    Dec 31 '18 at 4:31






  • 1





    I would not recommend that quote function. You should parameterize the query. Per the manual, prepared statements with bound parameters are not only more portable, more convenient, immune to SQL injection, but are often much faster to execute than interpolated queries, as both the server and client side can cache a compiled form of the query.

    – user3783243
    Dec 31 '18 at 5:38
















1















Get info passed by POST method, and trim all space in the string, then start a new pdo instance, connect mysql, and insert info passed by POST into table.



$title = trim($_POST["title"]);

$content = trim($_POST["content"]);



$dsn = "mysql:host=localhost;dbname=blog";

$con = new PDO($dsn,"root","xxxx");



$title = $con->quote($title);

$content = $con->quote($content);



try

{

    $sql = "insert into tmp (`title`,`content`) values('$title','$content')";

    $stmt = $con->prepare($sql);

    $stmt->execute();

}

catch(PDOException  $e)

{

    echo $e->getMessage();

}


The above is my PHP code to make the job done,the most import command is 



insert into tmp (`title`,`content`) values('$title','$content')";


No error info is shown by running the above PHP code, and no error exists in /var/log/mysql/error.log, but info has not been inserted into the database.



I changed the 



insert into tmp (`title`,`content`) values('$title','$content')";


into 



insert into tmp (`title`,`content`) values($title,$content)";


The info passed by POST can be inserted into mysql now, the issue that confuses me is that:





  1. echo $e->getMessage(); take no effect at all.

  2. no error info in /var/log/mysql/error.log


How can I catch these errors?






php mysql pdo error-handling try-catch







share|improve this question




















  • 1





    Try adding php.net/manual/en/pdo.error-handling.php

    – Funk Forty Niner
    Dec 31 '18 at 4:31






  • 1





    I would not recommend that quote function. You should parameterize the query. Per the manual, prepared statements with bound parameters are not only more portable, more convenient, immune to SQL injection, but are often much faster to execute than interpolated queries, as both the server and client side can cache a compiled form of the query.

    – user3783243
    Dec 31 '18 at 5:38














1












1








1








Get info passed by POST method, and trim all space in the string, then start a new pdo instance, connect mysql, and insert info passed by POST into table.



$title = trim($_POST["title"]);

$content = trim($_POST["content"]);



$dsn = "mysql:host=localhost;dbname=blog";

$con = new PDO($dsn,"root","xxxx");



$title = $con->quote($title);

$content = $con->quote($content);



try

{

    $sql = "insert into tmp (`title`,`content`) values('$title','$content')";

    $stmt = $con->prepare($sql);

    $stmt->execute();

}

catch(PDOException  $e)

{

    echo $e->getMessage();

}


The above is my PHP code to make the job done,the most import command is 



insert into tmp (`title`,`content`) values('$title','$content')";


No error info is shown by running the above PHP code, and no error exists in /var/log/mysql/error.log, but info has not been inserted into the database.



I changed the 



insert into tmp (`title`,`content`) values('$title','$content')";


into 



insert into tmp (`title`,`content`) values($title,$content)";


The info passed by POST can be inserted into mysql now, the issue that confuses me is that:





  1. echo $e->getMessage(); take no effect at all.

  2. no error info in /var/log/mysql/error.log


How can I catch these errors?






php mysql pdo error-handling try-catch







share|improve this question
















Get info passed by POST method, and trim all space in the string, then start a new pdo instance, connect mysql, and insert info passed by POST into table.



$title = trim($_POST["title"]);

$content = trim($_POST["content"]);



$dsn = "mysql:host=localhost;dbname=blog";

$con = new PDO($dsn,"root","xxxx");



$title = $con->quote($title);

$content = $con->quote($content);



try

{

    $sql = "insert into tmp (`title`,`content`) values('$title','$content')";

    $stmt = $con->prepare($sql);

    $stmt->execute();

}

catch(PDOException  $e)

{

    echo $e->getMessage();

}


The above is my PHP code to make the job done,the most import command is 



insert into tmp (`title`,`content`) values('$title','$content')";


No error info is shown by running the above PHP code, and no error exists in /var/log/mysql/error.log, but info has not been inserted into the database.



I changed the 



insert into tmp (`title`,`content`) values('$title','$content')";


into 



insert into tmp (`title`,`content`) values($title,$content)";


The info passed by POST can be inserted into mysql now, the issue that confuses me is that:





  1. echo $e->getMessage(); take no effect at all.

  2. no error info in /var/log/mysql/error.log


How can I catch these errors?






php mysql pdo error-handling try-catch




php mysql pdo error-handling try-catch






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Jan 6 at 11:35









yivi

4,93872654




4,93872654










asked Dec 31 '18 at 4:03









it_is_a_literatureit_is_a_literature

3041862146




3041862146








  • 1





    Try adding php.net/manual/en/pdo.error-handling.php

    – Funk Forty Niner
    Dec 31 '18 at 4:31






  • 1





    I would not recommend that quote function. You should parameterize the query. Per the manual, prepared statements with bound parameters are not only more portable, more convenient, immune to SQL injection, but are often much faster to execute than interpolated queries, as both the server and client side can cache a compiled form of the query.

    – user3783243
    Dec 31 '18 at 5:38














  • 1





    Try adding php.net/manual/en/pdo.error-handling.php

    – Funk Forty Niner
    Dec 31 '18 at 4:31






  • 1





    I would not recommend that quote function. You should parameterize the query. Per the manual, prepared statements with bound parameters are not only more portable, more convenient, immune to SQL injection, but are often much faster to execute than interpolated queries, as both the server and client side can cache a compiled form of the query.

    – user3783243
    Dec 31 '18 at 5:38








1




1





Try adding php.net/manual/en/pdo.error-handling.php

– Funk Forty Niner
Dec 31 '18 at 4:31





Try adding php.net/manual/en/pdo.error-handling.php

– Funk Forty Niner
Dec 31 '18 at 4:31




1




1





I would not recommend that quote function. You should parameterize the query. Per the manual, prepared statements with bound parameters are not only more portable, more convenient, immune to SQL injection, but are often much faster to execute than interpolated queries, as both the server and client side can cache a compiled form of the query.

– user3783243
Dec 31 '18 at 5:38





I would not recommend that quote function. You should parameterize the query. Per the manual, prepared statements with bound parameters are not only more portable, more convenient, immune to SQL injection, but are often much faster to execute than interpolated queries, as both the server and client side can cache a compiled form of the query.

– user3783243
Dec 31 '18 at 5:38












1 Answer
1






active

oldest

votes


















0














The exception you are trying to catch will never be thrown, because you need to tell PDO how you want it to handle errors.



$con = new PDO($dsn,"root","xxxx");

$con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);


Otherwise, the default PDO::ERRMODE_SILENT will be used:




This is the default mode. PDO will simply set the error code for you to inspect using the PDO::errorCode() and PDO::errorInfo() methods on both the statement and database objects; if the error resulted from a call on a statement object, you would invoke the PDOStatement::errorCode() or PDOStatement::errorInfo() method on that object. If the error resulted from a call on the database object, you would invoke those methods on the database object instead.




Tangentially, you should be using prepared statements. You are using a prepare() call, but you are not parametrizing the query and binding the variables as you should. Using quote() is not secure enough.






share|improve this answer

























    Your Answer






    StackExchange.ifUsing("editor", function () {
    StackExchange.using("externalEditor", function () {
    StackExchange.using("snippets", function () {
    StackExchange.snippets.init();
    });
    });
    }, "code-snippets");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "1"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53983477%2fwhy-cant-catch-the-error-with-pdoexception%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    The exception you are trying to catch will never be thrown, because you need to tell PDO how you want it to handle errors.



    $con = new PDO($dsn,"root","xxxx");
    
$con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);


    Otherwise, the default PDO::ERRMODE_SILENT will be used:




    This is the default mode. PDO will simply set the error code for you to inspect using the PDO::errorCode() and PDO::errorInfo() methods on both the statement and database objects; if the error resulted from a call on a statement object, you would invoke the PDOStatement::errorCode() or PDOStatement::errorInfo() method on that object. If the error resulted from a call on the database object, you would invoke those methods on the database object instead.




    Tangentially, you should be using prepared statements. You are using a prepare() call, but you are not parametrizing the query and binding the variables as you should. Using quote() is not secure enough.






    share|improve this answer






























      0














      The exception you are trying to catch will never be thrown, because you need to tell PDO how you want it to handle errors.



      $con = new PDO($dsn,"root","xxxx");
      
$con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);


      Otherwise, the default PDO::ERRMODE_SILENT will be used:




      This is the default mode. PDO will simply set the error code for you to inspect using the PDO::errorCode() and PDO::errorInfo() methods on both the statement and database objects; if the error resulted from a call on a statement object, you would invoke the PDOStatement::errorCode() or PDOStatement::errorInfo() method on that object. If the error resulted from a call on the database object, you would invoke those methods on the database object instead.




      Tangentially, you should be using prepared statements. You are using a prepare() call, but you are not parametrizing the query and binding the variables as you should. Using quote() is not secure enough.






      share|improve this answer




























        0












        0








        0







        The exception you are trying to catch will never be thrown, because you need to tell PDO how you want it to handle errors.



        $con = new PDO($dsn,"root","xxxx");
        
$con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);


        Otherwise, the default PDO::ERRMODE_SILENT will be used:




        This is the default mode. PDO will simply set the error code for you to inspect using the PDO::errorCode() and PDO::errorInfo() methods on both the statement and database objects; if the error resulted from a call on a statement object, you would invoke the PDOStatement::errorCode() or PDOStatement::errorInfo() method on that object. If the error resulted from a call on the database object, you would invoke those methods on the database object instead.




        Tangentially, you should be using prepared statements. You are using a prepare() call, but you are not parametrizing the query and binding the variables as you should. Using quote() is not secure enough.






        share|improve this answer















        The exception you are trying to catch will never be thrown, because you need to tell PDO how you want it to handle errors.



        $con = new PDO($dsn,"root","xxxx");
        
$con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);


        Otherwise, the default PDO::ERRMODE_SILENT will be used:




        This is the default mode. PDO will simply set the error code for you to inspect using the PDO::errorCode() and PDO::errorInfo() methods on both the statement and database objects; if the error resulted from a call on a statement object, you would invoke the PDOStatement::errorCode() or PDOStatement::errorInfo() method on that object. If the error resulted from a call on the database object, you would invoke those methods on the database object instead.




        Tangentially, you should be using prepared statements. You are using a prepare() call, but you are not parametrizing the query and binding the variables as you should. Using quote() is not secure enough.







        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited Jan 6 at 11:34

























        answered Dec 31 '18 at 7:48









        yiviyivi

        4,93872654




        4,93872654






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53983477%2fwhy-cant-catch-the-error-with-pdoexception%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Monofisismo

            Image
            Monofisismo (do grego: monos - "único, singular" e physis - "natureza") é o ponto de vista cristológico que defende que, depois da união do divino e do humano na encarnação histórica, Jesus Cristo, como encarnação do Filho ou Verbo ( Logos ) de Deus, teria apenas uma única "natureza", a divina, e não uma síntese de ambas. O monofisismo é contraposto pelo diofisismo (ou "diafisismo"), que defende que Jesus preservou em si as duas naturezas. Historicamente, o monofisismo se refere primordialmente à posição dos que (especialmente no Egito e, em menor grau, na Síria) rejeitaram as decisões do Concílio de Calcedônia em 451 (o quarto concílio ecumênico). Os membros mais moderados entre eles, porém, defendem a teologia "miafisita", que se tornou a oficial para as Igrejas Ortodoxas Orientais. Muitos ortodoxos orientais, porém, rejeitam essa classificação, mesmo como um termo genérico, mas ele é amplamente utilizado na literatura históri...
            Read more

            Angular Downloading a file using contenturl with Basic Authentication

            Image
            0 I have a contentUrl when user clicks on that,file should be downloaded. If I try to browse the contentUrl in the browser it asks for Userid and password.I believe this is Basic Authentication.I dont want user to enter UserId and Password so I am passing it Authorization(Please see below code). Url looks some thing like this: http://XXX.XXX.XX.XXX:8080/flowable-rest/service/runtime/tasks/90875/attachments/90555/content let username : string = 'admin'; let pwd : string = 'test'; let headers = new Headers(); headers.set('Accept', 'text/json'); headers.append('Content-Type', 'application/json'); headers.set('Access-Control-Allow-Origin', '*'); headers.set('Access-Control-Allow-Methods','POST, GET, OPTIONS, PUT, DELETE'); head...
            Read more

            Olmecas

            Image
            Monumento 1, uma das quatro cabeças colossais encontradas em La Venta, com altura aproximada de 3 metros Olmecas é a designação do povo e da civilização que estiveram na origem da antiga cultura pré-colombiana da Mesoamérica e que se desenvolveram nas regiões tropicais do centro-sul do atual México durante o pré-clássico, próximo de onde hoje estão localizados os estados mexicanos de Veracruz e Tabasco, no Istmo de Tehuantepec, numa zona designada área nuclear olmeca. A cultura olmeca floresceu nesta região aproximadamente entre 1500 e 400 a.C., [ 1 ] e crê-se que tenha sido a civilização-mãe de todas as civilizações mesoamericanas que se desenvolveram posteriormente. [ 2 ] No entanto, desconhece-se a sua exacta filiação étnica, ainda que existam numerosas hipóteses colocadas para tentar resolver esta questão. O etnónimo olmeca foi cunhado pelos arqueólogos do século XX, e não devem confundir-se com os muito posteriores olmecas-xicalancas que ocuparam vários locais do México...
            Read more