PDO bindParam with $_POST not working

Question

I've been searching and searching and trying all kinds of stuff and I just can't get this working right. Can anyone see what I'm doing wrong? I'm very new to PDO and trying to figure that out with plenty of other things.

I can get the following to work IF I manually submit a value instead of trying to bind it, but I want to use the placeholder. I've gotten a value of 'Array' back, sometimes MySQL responds with :name causing invalid syntax... I've tried rearranging the values for bind and I just can't get it to give me back the value. I have an insert portion of this and that works fine, but I'm messing something up here and the query itself.

I appreciate any direction you can help me with. This is driving me crazy:

NOTE: Since this is only a test, all the db contains is name and phone columns (will expand as I get past these obsticles).

    <?php
    # VARs
    $host = "MYHOST";
    $db = "MYDB";
    $user = "MYUSER";
    $pw = "MYPW";

    # pdo options/attributes
    $opts = array( PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION );

    # data source name
    $dsn = "mysql:host=" . $host . ";dbname=" . $db;

    ?>
    <!DOCTYPE html>
    <html>
    <head><title>Test</title>

    </head>
    <body>

    <h3>Test</h3>
    <p>Pull data using PDO</p>
    <form method="POST" action="test.php"><input type="text" name="name"><input type="submit" value="Search"></form><br /><br />
    <hr />

    <? 
        try {

            $DBH = new PDO($dsn, $user, $pw, $opts);
            # $DBH->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );

            $STH = $DBH->query('SELECT name, phone FROM directory WHERE name LIKE :name');

            $STH->bindParam(':name', $_POST['name']);

            $STH->setFetchMode(PDO::FETCH_ASSOC);

            while($row = $STH->fetch()) {
                echo $row['name'] . "\n" . $row['phone'] . "<br />";
            }
        }

        catch(PDOException $e) {
            echo "I'm sorry, Dave. I'm afraid I can't do that.<br />";
            echo $e->getMessage();
            # file_put_contents('PDOErrors.txt', $e->getMessage(), FILE_APPEND);
        }
    ?>

    <hr />

    </body>
    </html>

- - - - - - - - - - - - - RESOLVED ANSWER - - - - - - - - - - - - -

- - - - - - - - - - - - - RESOLVED ANSWER - - - - - - - - - - - - -

Thanks to the responses below, here is the correction to my query and pdo layout:

    <? 
        try {

            $DBH = new PDO($dsn, $user, $pw, $opts);
            # $DBH->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );

            ####-------Changed query to prepare
            $STH = $DBH->prepare('SELECT name, phone FROM directory WHERE name LIKE :name'); 

            ####-------using bindValue instead of bindParam
            ####-------also using % for wildcards to help with LIKE query (would only give specific search back without)
            $STH->bindValue(':name', '%' . $_POST['name'] . '%'); 

            ####-------was missing execute (had query above instead of prepare)
            $STH->execute();

            $STH->setFetchMode(PDO::FETCH_ASSOC);

            while($row = $STH->fetch()) {
                echo $row['name'] . "\n" . $row['phone'] . "<br />";
            }
        }

        catch(PDOException $e) {
            echo "I'm sorry, Dave. I'm afraid I can't do that.<br />";
            echo $e->getMessage();
            # file_put_contents('PDOErrors.txt', $e->getMessage(), FILE_APPEND);
        }
    ?>

Answer 1

You forgot $STH->execute();

It should come after $STH->bindParam(':name', $_POST['name']);

You should also use $DBH->prepare(); instead of $DBH->query();