PDO data not insert into database no error

Question

    $query2="insert into `articles` set article_title=:article,user_name=:user,post_id=:postid      article_content=:articlecontent,article_rank=:rank,add_date=:date,article_100img=:article_100,articl    e_200img=:article_200,article_400img=:article_400,artcle_600img=:article_600,article_slug=:slug";
    $stmt=$db->prepare($query2);
    $stmt->bindParam(':article',$article_title);
    $stmt->bindParam(':articlecontent',$article_desc);
    $stmt->bindParam(':rank',$rank);
    $stmt->bindParam(':date',$date);
    $stmt->bindParam(':article_100',$x100img);
    $stmt->bindParam(':article_200',$x200img);
    $stmt->bindParam(':article_400',$x400img);
    $stmt->bindParam(':article_600',$x250img);
    $stmt->bindParam(':slug',$slug);
    $stmt->bindParam(':user',$name);
    $stmt->bindParam(':postid',$id);
    $stmt->execute();

I don't know what is the problem of this code..so please help me.

Answer 1

To be able to see database errors, one have to set PDO errmode to exceptions. Exceptions are better than regular errors in many ways: they always contains a stack trace, they can be caught using try..catch or handled using dedicated error handler. And even unhandled, they act as regular PHP errors providing all the important information, following site-wide error reporting settings.

Note that setting this mode as a connection option will let PDO throw exceptions on connection errors too, which is very important.
So, here is an example for creating a PDO connection right way:

$dsn = "mysql:host=$host;dbname=$db;charset=utf8";
$opt = array(
    PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
    // other options 
);
$pdo = new PDO($dsn, $user, $pass, $opt);

Connecting this way, you will be always notified of all database errors, occurred during query execution. Note that you have to be able to see PHP errors in general. On a live site you have to peek into error logs, so, settings have to be

error_reporting(E_ALL);
ini_set('display_errors',0);
ini_set('log_errors',1);

while on a local development server it's ok to make errors on screen:

error_reporting(E_ALL);
ini_set('display_errors',1);

and of course you should never ever use error suppression operator (@) in front of your PDO statements.

Also, due to many bad examples telling you to wrap every PDO statement into try..catch block, I have to make a distinct note:

DO NOT use try..catch operator just to echo an error message. Uncaught exception is already excellent for this purpose, as it will act just the same way as other PHP errors - so, you can define the behavior using site-wide settings - so, you will have your error message without this useless code. While unconditionally echoed error message may reveal some sensitive information to a potential attacker, yet confuse a honest visitor.

• A custom exception handler could be added later, but not required. Especially for new users, it is recommended to use unhandled exceptions, as they are extremely informative, helpful and secure.
• Use try..catch only if you are going to handle the error itself - say, to rollback a transaction.

Also, I find article_XXX fields quite useless. Can't you make these image names computational? Say, for the article id = 100500 the 100 image would be 100500_100.jpg?