PHP Crashing on PDO Statement Prepare

Question

I'm working on a site with registration/login capabilities. I've got a sign-up php file which just holds the sign-up form and posts the variables. Then I've got a functions file which connects to the database (this was done in an external file but I moved it to make troubleshooting simpler), a function which validates the form input (everything is filled in, password is relatively secure), makes sure there are no current users with the email this user has provided, and then attempts to register. The sign-up form just runs the signUpSubmit() function on post.

The problem is that it crashes as soon as I attempt to prepare a statement. The code below works mostly. If I enter invalid data in the form (don't type a fairly secure password, don't fill something in), it throws the error just fine. If I run it with the code to check for a user that already has this email commented, it works fine, just takes you back to the signup page. If, however, I uncomment even the first line of the commented code below ($stmt = $db->prepare("SELECT * FROMusersWHERE email = :email");), it just loads a blank page, as if there's some kind of syntax error. It must be connecting to the database properly, as if I mess up my username or password for the connection it DOES throw an error, where there's none if everything is set correctly. I'm really baffled here.

setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
catch(PDOException $e)
{
    echo $e->getMessage();
}

function signUpSubmit() { // Validates inputs (makes sure they're all filled in, email has valid email, 
                            //  password has password that's relatively secure. Email and email 
                            //  confirmation and password and password confirmation match. Then
                            //  checks if the user already exists.
    if(empty($_POST['first_name'])) {
        $firstNameError = "*Please enter your first name.
";
    }
    if(empty($_POST['last_name'])) {
        $lastNameError = "*Please enter your last name.
";
    }
    if(empty($_POST['email'])) {
        $emailError = "*Please enter your email.
";
    } else if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === false) {
        $emailError = "*Email Address not valid.
";
    }
    if(empty($_POST['email_confirm'])) {
        $emailConfirmError = "*Please confirm your email.
";
    } else if ($_POST['email'] != $_POST['email_confirm']) {
        $emailConfirmError = "*Email addresses do not match.
";
    }
    if(empty($_POST['password'])) {
        $passwordError = "*Please enter your password.
";
    } else { // Validate password has one uppercase and one lowercase letter, 
                //  1 numer, at least 8 characters
        $passwordError = "*";

        if (strlen($_POST['password']) < 8) {
            $passwordError = $passwordError . "Password must be at least 8 characters long. ";
        }
        if(!preg_match('/[a-z]/', $_POST['password'])){
            $passwordError = $passwordError . "Password must contain at least 1 lowercase letter. ";
        }
        if(!preg_match('/[A-Z]/', $_POST['password'])){
            $passwordError = $passwordError . "Password must contain at least 1 uppercase letter. ";
        }
        if(!preg_match('/[0-9]/', $_POST['password'])){
            $passwordError = $passwordError . "Password must contain at least 1 number. ";
        }

        $passwordError = $passwordError . "
";

        if($passwordError == "*
") {
            $passwordError = "";   
        }
    }
    if(empty($_POST['password_confirm'])) {
        $passwordConfirmError = "*Please confirm your password.
";
    } else if($_POST['password'] != $_POST['password_confirm']) {
        $passwordConfirmError = "*Passwords do not match.
";   
    }

    // Add all the errors generated into an array to return
    $errors = array($firstNameError, $lastNameError, $emailError, $emailConfirmError, $passwordError, $passwordConfirmError); 

    if(!array_filter($errors)) { // There were no errors, check if there is already
                                    // a user with this email address
        /*$stmt = $db->prepare("SELECT * FROM  `users` WHERE email = :email");  
        $stmt->bindParam(':email', $_POST['email']);
        $stmt->execute();
        $row = $stmt->fetch();

        if($row['email'] == $_POST['email']) { // If a user with this email address exists, return an error
            $emailError = "*Email Address already taken. Please choose another.
";
            $errors = array($firstNameError, $lastNameError, $emailError, $emailConfirmError, $passwordError, $passwordConfirmError); 
        } else { // Register the user
            if(register($_POST['first_name'], $_POST['last_name'], $_POST['email'], $_POST['password'])) { // Registration successful
                redirect("index.php?signed-up=1");
            } else { // Registration failed
                redirect("index.php?signed-up=0");
            }
        }*/
    } else {
        return $errors;   // Return errors
    }
}

function register($first_name, $last_name, $email, $password)
{
    $new_password = password_hash($password, PASSWORD_DEFAULT);

    $stmt = $db->prepare("INSERT INTO users(first_name, last_name, email, password) 
                                               VALUES(:first_name, :last_name, :email, :password)");

    $stmt->bindparam(":first_name", $first_name);
    $stmt->bindparam(":last_name", $last_name);
    $stmt->bindparam(":email", $email); 
    $stmt->bindparam(":password", $new_password);                                         

    if($stmt->execute()) {
        return true;
    } else {
        return false;   
    }
}
?>

georaldc · Accepted Answer

Your redirect() function might not exist and thus give you problems.

Another thing I noticed is you are trying to access $db from inside your functions there. They won't see the variable due to differences in scope. That actually might be the cause.

PHP Crashing on PDO Statement Prepare

Answers (1)

Related Questions