Why I can not display error on my execute statement?

General PHP Help
#1

My code does insert data into database but I renamed a column test purpose and it is now password instead of password2. Now it should not be able to insert data into database and should return error. I have tried several thing but no error shows up. Here is what I tried.

     if($stmt = $sqlconn->prepare($sql)){
            // Bind variables to the prepared statement as parameters
            $stmt->bind_param("ss", $param_username, $param_password);
            
            // Set parameters
            $param_username = $username;
            $param_password = password_hash($password, PASSWORD_DEFAULT); // Creates a password hash
            
            $stmt->execute();
            printf("Error: %s.\n", $stmt->error);
            //Error
            $error = $stmt ->error;
            print("Error: ".$error);
         }
#2

An incorrect column name is a prepare() error. Incorrect data, e.g. a duplicate or out of range value would be an execute() error.

Don’t use discrete logic for database error handling. This is just a complete waste of typing. You would need have logic at each statement that can fail - connection, query, prepare, and execute, and you would need to switch from displaying the raw error information during development, to logging the raw information on a live public server.

Instead, simply use exceptions for database statement errors and in most cases let php catch and handle the exception, where php will use its error related settings to control what happens with the actual error information, via an uncaught exception (database statement errors will ‘automatically’ get displayed/logged the same as php errors.) You would then remove any existing discrete error handling logic, simplifying the code.

The exception to this rule is when inserting/updating duplicate or out of range user submitted data. In this case, your code would catch the exception, detect if the error number is for something your code is designed to handle, then setup and display a message telling the user what was wrong with the data that they submitted. For all other error numbers, just re-throw the exception and let php handle it.

To enable exceptions for errors for the mysqli extension, add the following line of code before the point where you make the connection -

mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);

Next use the much simpler, more consistent, and better designed PDO extension, rather than the mysqli extension. The PDO extension treats a non-prepared and a prepared query result the same, so you don’t need to use two different sets of php statements. You can also eliminate the bind_param statements, since you can just supply an array of values to the execute() call. You can also eliminate all the copying of variables to other variables, since you can use the result of a function call, such as password_hash() directly as a value. An added advantage is that the PDO extension works with 12 different database types, so you only need to learn one set of php statements, rather than a different set of php statements for each different database type (the actual sql syntax may be database type specific.)

Sponsor our Newsletter | Privacy Policy | Terms of Service