PHP MySQL/PDO UPDATE Query Won't Execute

Question

I'm very new to all of these things and I'm just really stumped on this. I've been trying for a day and a half to get this part of the code to work, and I've tried numerous different things. It's just not wanting to work for me.

Here's the whole script

<?php
$dbusername = "****";  // info works to connect to login
$dbpassword = "****";  // and everything works fine retrieving
$dbhost = "localhost"; // the email to send the code to (which all works)
$dbname = "****"; 
try {
$conn = new PDO("mysql:host={$dbhost};dbname={$dbname};charset=utf8", $dbusername, $dbpassword);
}
catch(PDOException $ex)
{
    $msg = "Failed to connect to the database";
}

function getToken($length=32){
//redacted - working and unrelated, suffice it to say the token returns properly
return $token;
}

if (isset($_POST["ForgotPassword"])) {

    if (filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) {
        $email = $_POST["email"];

    }else{
        echo "Email is invalid.";
        exit;
    }

    // Check to see if a user exists with this e-mail
    $query = $conn->prepare('SELECT email FROM users WHERE email = :email');
    $query->bindParam(':email', $email);
    $query->execute();
    $userExists = $query->fetch(PDO::FETCH_ASSOC);
    $conn = null

    if ($userExists["email"])
    {
        $resetpass = getToken();        

        try {
            $conn = new PDO("mysql:host={$dbhost};dbname={$dbname};charset=utf8", $dbusername, $dbpassword);
            $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

            $stmt = $conn->prepare('UPDATE users SET passwordreset=:resetpass WHERE email=:email');
            $stmt->bindParam(':resetpass', $resetpass);
            $stmt->bindParam(':email', $email);
            $stmt->execute();

            echo $stmt->rowCount() . " records UPDATED successfully";
            }
        catch(PDOException $e)
            {
            echo $sql . "<br>" . $e->getMessage(); //$sql not set anymore
            }

        $conn = null;



    // Create a url which we will direct them to reset their password
    $pwrurl = "*******/reset_password.php?q=".$resetpass;

    // Mail them their key
    $mailbody = "redacted \n\n" . $pwrurl;
    mail($userExists["email"], "redacted", $mailbody);
    echo "Your password recovery key has been sent to your e-mail address.";

    }

    else
        echo "No user with that e-mail address exists.";
    }
?>

Without this query, everything else works famously. It breaks and won't continue here. It never echos the success or failure.

Edit Here's the HTML form too

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Forgot Password</title>
<link rel="stylesheet" href="style.css" type="text/css" />
</head>
<body>
<center>
<form action="change.php" method="POST">
<table align="center" width="30%" border="0">
<div> 
<tr>
<td><input type="text" name="email" placeholder="you@example.com" required /></td>
</tr>
<tr>
<td><button type="submit" name="ForgotPassword" value=" Request Reset ">Reset</button></td>
</tr>
</table>
</form>
</div>
</center>
</body>
</html>

Answer 1

Now that you've posted your full code...

Your code is failing because of this wee little bug in your code that is causing some BIG problems.

$conn = null
            ^ right there.

I know this is considered as an off-topic question, but we've been at this for so long, I felt that I had to submit it as answer. (Consult Special note below). It's not completely off-topic.

There is a missing semi-colon in there; add it.

$conn = null;

Had error reporting been set to catch and display errors in your code, would have thrown you a parse error.

Add error reporting to the top of your file(s) which will help find errors.

<?php 
error_reporting(E_ALL);
ini_set('display_errors', 1);

// rest of your code

Sidenote: Displaying errors should only be done in staging, and never production.

---

However, you should use proper bracing for all your conditional statements, such as this one:

else
    echo "No user with that e-mail address exists.";

as that could have adverse effects.

Special note:

There is another thing though and it's this variable $token that you've return'ed in your getToken() function. You're not using it anywhere, so it's unsure as to what you want to do with it exactly.

As noted in a comment under your answer, $sql isn't doing anything; it's undefined. However, that won't cause your code to fail, but just throw an undefined variable sql notice, when error reporting is set to catch and display.

Answer 2

As i m not able to comment, I am also new to php and pdo. I checked the code but it seems fine.

only error found 1)$sql variable 2) $conn=null;(semi colon missing) after first query.

Can you provide db side details,table details. So that i can try with that and will try to find a solution.

Answer 3

http://php.net/manual/en/pdo.exec.php#refsect1-pdo.exec-examples

If you look at the example I provided you will see that you can do this without all the bindParam functions. Settings your SQL up before you execute can be helpful.

Although this Isn't tested - my best advice would be to create an $sql variable that you use to store your SQL in as you create it.

Something to this extent will let you see exactly what your $sql is and you can better find your problems after you see exactly what you are trying to execute.

$sql = "UPDATE users SET passwordreset = '" . $resetpass . "' WHERE email ='" . $email . "' ";