Solution:
Never echo out your errors in production. Use a try catch statement and then log it to a file.
try {
//your whole application code here
} catch( Exception $e) {
error_log($e);//log the actual error
echo 'an unexpected error occurred';//send generic error message
exit;
}
Also you don’t need to set attribute for every query. I assume you’re not initializing the connection everytime. You can always initialize the connection in a file and include it where you need it. Thereby setting attribute once