Convert signup form to PDO from MySQLI, getting a DATABASE error

Question

I currently have a login system, which i have tried to convert to PDO from Mysqli.

I currently have a website with a database attached with phpMyAdmin/MySQL.

I tried to convert everything and I will now show you the Signup.inc.php part of the system since I already have the login part working with PDO.

This is what I have.

SIGNUP.INC.PHP

<?php
//check if the user has clicked the login button
if (isset($_POST['submit'])) {

    //Then we include the database connection
    include_once 'dbh.inc.php';
    require_once 'dbh.inc.php';


    // then get the data from the signup form
    $phone = $_POST['phone'];
    $zip = $_POST['zip'];
    $email = $_POST['email'];
    $name = $_POST['name'];
    $password = $_POST['password'];

    //Error handlers
    //Error handlers are important to avoid any mistakes the user might have made when filling out the form!
    //Check for empty fields
    if (empty($name) || empty($phone) || empty($email) || empty($zip) || empty($password)) {
        header("Location: ../signup.php?signup=empty");
        exit();

    } else {
        if (
            !preg_match("/[\w\s]+/", $name) || !preg_match("/^(\\+)[0-9]{8,30}$/", $phone) ||
            !preg_match("/[^@]+@[^@]+\.[^@]+/", $email) || !preg_match("/^[0-9]{4}$/", $zip) ||
            !preg_match("/^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9]).{8,}$/", $password)
        ) {

            header("Location: ../signup.php?signup=invalid");
            exit();
        } else {
            //Check email
            if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
                header("Location: ../signup.php?signup=email");
                exit();
            } else {

                $stmt = $conn->prepare("SELECT * FROM users WHERE user_id=:$user_id");  
                $stmt->bindParam(':name', $user_id, PDO::PARAM_STR);


                if (!$stmt->execute()) {
                    header("Location: ../signup.php?signup=usertaken");
                    exit();
                } else {
                    //Hashing of the Password
                    $hashedPwd = password_hash($password, PASSWORD_DEFAULT);
                    //Insert user to database
                    $sql = "INSERT INTO users (user_name, user_phone, user_email, 
                user_zip, user_password) VALUES ('$name', '$phone', '$email',
                '$zip', '$hashedPwd');";

                    $stmt= $pdo->prepare($sql);
                    $stmt->execute([$name, $phone, $email, $zip, $hashedPwd ]);

                    header("Location: ../signup.php?signup=success");
                    exit();
                }
            }
        }}}

DBH.INC.PHP

    <?php

$servername = "localhost";
$username = "root";
$password = "";
$dbname = "loginsystem";


try {
    $conn = new PDO("mysql:host=$servername;dbname=$dbname",
    $username,
    $password,
    array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));


}
catch(PDOException $e) {
    echo $e->getMessage();
}

Whenever i try to signup, i get redirected to this URL ( http://localhost/php44/includes/signup.inc.php ).

And gets shown this Error:

Notice: Undefined variable: user_id in C:\\xampp\\htdocs\\php44\\includes\\signup.inc.php on line 40

Fatal error: Uncaught PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ':' at line 1 in C:\\xampp\\htdocs\\php44\\includes\\signup.inc.php:48 Stack trace: #0 C:\\xampp\\htdocs\\php44\\includes\\signup.inc.php(48): PDOStatement->execute() #1 {main} thrown in C:\\xampp\\htdocs\\php44\\includes\\signup.inc.php on line 48

I have no idea what the problem is, and what i should do to fix it, so any help would be very appreciated.

EDIT:

This is what i have now! :)

<?php
//check if the user has clicked the login button
if (isset($_POST['submit'])) {

    //Then we include the database connection
    include_once 'dbh.inc.php';
    require_once 'dbh.inc.php';


    // then get the data from the signup form
    $phone = $_POST['phone'];
    $zip = $_POST['zip'];
    $email = $_POST['email'];
    $name = $_POST['name'];
    $password = $_POST['password'];

    //Error handlers
    //Error handlers are important to avoid any mistakes the user might have made when filling out the form!
    //Check for empty fields
    if (empty($name) || empty($phone) || empty($email) || empty($zip) || empty($password)) {
        header("Location: ../signup.php?signup=empty");
        exit();

    } else {
        if (
            !preg_match("/[\w\s]+/", $name) || !preg_match("/^(\\+)[0-9]{8,30}$/", $phone) ||
            !preg_match("/[^@]+@[^@]+\.[^@]+/", $email) || !preg_match("/^[0-9]{4}$/", $zip) ||
            !preg_match("/^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9]).{8,}$/", $password)
        ) {

            header("Location: ../signup.php?signup=invalid");
            exit();
        } else {
            //Check email
            if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
                header("Location: ../signup.php?signup=email");
                exit();
            } else {

                $stmt = $conn->prepare("SELECT * FROM users WHERE user_id=:user_id");  
                $stmt->bindParam(':userid', $user_id, PDO::PARAM_STR);


                if (!$stmt->execute()) {
                    header("Location: ../signup.php?signup=usertaken");
                    exit();
                } else {
                    //Hashing of the Password
                    $hashedPwd = password_hash($password, PASSWORD_DEFAULT);
                    //Insert user to database
                    $sql = "INSERT INTO users (user_name, user_phone, user_email, 
                user_zip, user_password) VALUES ('name', 'phone', 'email',
                'zip', 'hashedPwd');";

                    $stmt= $pdo->prepare($sql);
                    $stmt->execute([':name'     => $name, 
                                ':phone'    => $phone, 
                                ':email'    => $email, 
                                ':zip'      => $zip, 
                                ':hashedPwd'=> $hashedPwd 
                                ]);
                    header("Location: ../signup.php?signup=success");
                    exit();
                }
            }
        }}}

I still get this FATAL ERROR:

Fatal error: Uncaught PDOException: SQLSTATE[HY093]: Invalid parameter number: parameter was not defined in C:\\xampp\\htdocs\\php44\\includes\\signup.inc.php:44 Stack trace: #0 C:\\xampp\\htdocs\\php44\\includes\\signup.inc.php(44): PDOStatement->execute() #1 {main} thrown in C:\\xampp\\htdocs\\php44\\includes\\signup.inc.php on line 44

Answer 1

Its a simple TYPO

$stmt = $conn->prepare("SELECT * FROM users WHERE user_id=:$user_id");  
// remove the $ from here                                  ^

// and change this to use the alias you used
// from 
$stmt->bindParam(':name', $user_id, PDO::PARAM_STR);
// to
$stmt->bindParam(':user_id', $user_id, PDO::PARAM_STR);

So

$stmt = $conn->prepare("SELECT * FROM users WHERE user_id=:user_id");  

$stmt->bindParam(':user_id', $user_id, PDO::PARAM_STR);

Another ISSUE

You should be using parameters in this query also

$sql = "INSERT INTO users (user_name, user_phone, user_email, user_zip, user_password) 
        VALUES (:name, :phone, :email, :zip, :hashedPwd)";

$stmt= $pdo->prepare($sql);
$stmt->execute([':name'     => $name, 
                ':phone'    => $phone, 
                ':email'    => $email, 
                ':zip'      => $zip, 
                ':hashedPwd'=> $hashedPwd 
                ]);