trying to convert mysql select statement to PDO

Question

I'm trying to convert from an old MySQL library to PDO.

In order to read the data with my old MySQL code I use:

$assoc = mysql_fetch_assoc($exeqr);

With PDO I'm trying to do that with a foreach like I have on my code using PDO, but its not working...

Can you see something wrong here??

My OLD ode using MySQL:

<?php
if(isset($_POST['sendLogin']))
{
    $f['email'] = mysql_real_escape_string($_POST['email']);
    $f['pass'] = mysql_real_escape_string($_POST['password']);

    if(!$f['email'] || !valMail($f['email']))  
    {
      echo 'Email empty or invalid';
    }
    else if(strlen($f['pass']) <8 || strlen($f['pass'])>12)
    {
        echo 'pass must have between 8 and 12 chars!';
    }
    else
    {
        $autEmail = $f['email'];
        $autpass = $f['pass'];
        $query = "SELECT * FROM users where email= '$autEmail'";       
        $exeqr = mysql_query($query) or die(mysql_error());
        $assoc = mysql_fetch_assoc($exeqr);

        if(mysql_num_rows($exeqr) == 1 )
        {
            if($autEmail == $assoc['email'] && $autpass == $assoc['pass'])
            {
                $_SESSION['assoc'] = $assoc;
                header('Location:'.$_SERVER['PHP_SELF']);
            }
            else
            {
                echo ' wrong password';
            }
        }
        else
        {
            echo 'email does no exist';
        }
    }
}

And the new code I am trying to convert using PDO:

<?php
if(isset($_POST['sendLogin']))
{
    $f['email'] = mysql_real_escape_string($_POST['email']);
    $f['pass'] = mysql_real_escape_string($_POST['password']);

    if(!$f['email'] || !valMail($f['email']))  
    {
        echo 'Email empty or invalid';
    }
    else if(strlen($f['pass']) <8 || strlen($f['pass'])>12)
    {
        echo 'pass must have between 8 and 12 chars!';
    }
    else
    {
        $autEmail = $f['email'];
        $autpass = $f['pass'];
        $searchEmail = $pdo->prepare("SELECT * FROM users where email=:email");   
        $searchEmail->bindValue(":email,$autEmail");   
        $searchEmail->execute; 
        $num_rows = $searchEmail->fetchColumn();
       $result = $searchEmail->fetch(PDO::FETCH_OBJ);

        if($num_rows == 1)
        {
            if($autEmail == $result['email'] && $autpass == $result['pass'])
            {
                $_SESSION['result'] = $result;
                header('Location:'.$_SERVER['PHP_SELF']);
            }
            else
            {
                echo ' wrong password';
            }
        }
        else
        {
            echo 'email does no exist';
        }
    }
}

Answer 1

Warning: PDOStatement::bindValue() expects at least 2 parameters, 1 given in $searchEmail->bindValue(":email,$autEmail");

You need to move your " , currently it's including the variable as well as the parameter name resulting in you not passing in the variable to bind to said parameter (which is why you are getting the error telling you you haven't passed in enough arguments).

$searchEmail = $pdo->prepare("SELECT * FROM users where email = :email");   
$searchEmail->bindValue(":email", $autEmail);

Notice: Undefined property: PDOStatement::$execute in $searchEmail->execute;

You've forgotten the () brackets from execute() , so PHP is looking for the property of the PDO class called execute instead of the function call.

$searchEmail->execute();

(thanks Prix)

Edit

Your question is now about how to replace this:

$assoc = mysql_fetch_assoc($exeqr);

... with a PDO equivalent. In the manual, there is an example :

$assoc = $searchEmail->fetchAll(PDO::FETCH_COLUMN|PDO::FETCH_GROUP);

Note: fetchAll() is for fetching multiple results. If you're expecting only one result (which you might be, but you aren't limiting your query so it's feasible to return multiple results), you should just use fetch() :

$assoc = $searchEmail->fetch(PDO::FETCH_ASSOC);