Going back to the original question you asked -
Because whoever wrote that code doesnât know/care what they are doing and didnât define what they were trying to get the code to do before writing it. It actually contains a mistake, in that the PDO class doesnât have an error property, so that code will produce a php error at that point. There isnât even a PDO method named error(), so, this is not even a case of some missing ().
To answer the specific question you asked there. That code is using a pdo exception for the connection (a connection always throws an exception upon an error), but is not using exceptions for all the other database statements - query(), prepare(), execute(), exec(), ⌠that can fail. It is expecting you to write out conditional logic to test for and handle any errors from these statements. It is using two different error management systems.
The problem with writing out conditional logic for these other statements, in addition to not giving hackers useful information, is you must now handle all the different possibilities in your code. 1) When learning, developing, and debugging database statements, you would like to display the error information so that you get immediate feedback as to any problems. 2) When on a live/public server, you should always log the error information so that you have a indication of and can then find and fix whatâs causing problems. 3) When handling errors that are caused by something the user to the site did (inserting/updating duplicate or out of range values), you need logic to test the error (number), then setup and display a helpful user message telling the visitor what they did that was wrong. 4) You donât want to be added/removing code every time you move it from one environment to another.
If you instead use exceptions for ALL the database statements that can fail, by setting the error mode to exceptions when/after you make the PDO connection, you end up with one error management system, which also allows most of the special case logic to go away, except for dealing with an error that the visitor caused.
If you make use of what has been written here, for the code at the top of this thread, the following is all you end up with -
<?php
// this is the Data Source Name (DNS). PDO works with 12 different database types. naming this $mysql is not general purpose/reusable
$dsn = 'mysql:host=localhost;dbname:toolcula_apps';
// while it's true that $db is going to be a database connection, what is it actually, its a pdo object. naming it so would make it clearer to anyone reading the code what it is
$pdo = new PDO($dsn,'toolcula_apps','##');
// set the error mode to exceptions, either by using the $options array parameter in the connection statement or by calling the set attribute method here...
// when using exceptions, your main code only sees error free execution. if you are here, the connection was successful
echo 'The DB connection is established';
// at the point of building and executing a non-prepared query
$sql = 'SELECT car_id, make, yearmade, mileage, transmission, price, description
FROM cars
INNER JOIN makes USING (make_id)
WHERE yearmade > 2008
ORDER BY price';
// the following returns a PDOStatement object. naming is so would make it clearer to anyone reading the code what it is
$stmt = $pdo->query($sql);
// when using exceptions, your main code only sees error free execution. if you are here, the query was successful and you can test/use the result from the query
Short version: only write code that adds value to what you are doing, i.e. creating a secure web page, that provides a good user experience, that uses simple, general-purpose, reusable code, and either works or tells (display/log) the reason why it doesnât. If you are creating variables, writing logic, and calling statements that doesnât add anything useful, all you are doing is working on your typing speed and typing accuracy.