skyer2000 Posted August 27, 2008 Share Posted August 27, 2008 I just found out about prepared statements yesterday and have now tried to start using them. I've spent hours reading about them and have begun to rewrite one of my websites. Of course, the very first instance I hit with a prepared statement there is an error. function check_login($username,$password,$remember) { $password = md5($password); **ERROR LINE 52** $stmt = $mysqli->prepare("SELECT uid,username FROM member WHERE username = ? AND password = ?"); $stmt->bind_param("ss", $username, $password); $stmt->execute(); $stmt->bind_result($uid, $username); if ($uid && $username) { $this->set_session($uid,$username,$remember,true); return true; } else { $this->failed = true; $this->logout(); $this->message .= 'Incorrect username or password. please try again'; return false; } } At the line I marked, I'm getting the error "Fatal error: Call to a member function prepare() on a non-object in C:\wamp\www\nowhere\lib\member_class.php on line 52" My SQL connection is defined in a seperate file with all of the login credentials and $mysqli = new mysqli($dbhost,$dbuser,$dbpass,$dbname); What does this mean exactly? What do I need to do to fix this? Link to comment https://forums.phpfreaks.com/topic/121570-need-help-getting-started-with-prepared-statements/ Share on other sites More sharing options...
discomatt Posted August 27, 2008 Share Posted August 27, 2008 $mysqli is not defined in the function's scope. http://php.net/variables.scope Link to comment https://forums.phpfreaks.com/topic/121570-need-help-getting-started-with-prepared-statements/#findComment-626990 Share on other sites More sharing options...
skyer2000 Posted August 27, 2008 Author Share Posted August 27, 2008 What would be the best way to define the variable in the function, since its already defined in a separate file? And there are a lot of other functions that will be referring to the same thing? Link to comment https://forums.phpfreaks.com/topic/121570-need-help-getting-started-with-prepared-statements/#findComment-627018 Share on other sites More sharing options...
discomatt Posted August 27, 2008 Share Posted August 27, 2008 The way I would do it would be to make a singleton class -> class _sql { # Will hold database link private static $link = FALSE; # Prevent direct creation private function __construct() {} # Prevent replication private function __clone() {} # Reference method public static function get () { if ( !self::$link ) self::$link = new mysqli('localhost','root','','test'); return self::$link; } } You may want to add a bit of error checking in there. Then I'd call it in your function like so function check_login($username,$password,$remember) { $mysqli = _sql::get(); # rest of code... } Link to comment https://forums.phpfreaks.com/topic/121570-need-help-getting-started-with-prepared-statements/#findComment-627026 Share on other sites More sharing options...
skyer2000 Posted August 27, 2008 Author Share Posted August 27, 2008 That got rid of the errors, but now when I use the check_login function, it doesn't seem to be inputting the variables into the query. There is a $username and $password value, however, no matter what, it cannot pull out a $uid. $stmt = $mysqli->prepare("SELECT uid,username FROM member WHERE username = ? AND password = ?"); $stmt->bind_param("ss", $username, $password); $stmt->execute(); $stmt->bind_result($uid, $username); While on topic, does anyone have any prebuilt, secure login systems that they would recommend that use MySQLi? Or to my next question, could you have a site that has the user login system running of from Mysql, while the rest of the site runs on Mysqli? Or do you have to go completely one way or the other? Link to comment https://forums.phpfreaks.com/topic/121570-need-help-getting-started-with-prepared-statements/#findComment-627115 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.