Jump to content

Recommended Posts

I've decided to move over to using Prepared statements for security purposes, however I'm having problems with the following code.

 

Any help or suggestions would be appreciated :)

 

Output:

 


You are Logged In 

Fatal error: Call to a member function bindParam() on a non-object in [b]xxxxxxx[/b]/login.php on line 34

 

Code:

<?php
include "functions.php";
$db_connection = db_connect();
$db_connection2 = db_connect();

$login_statement = 			$db_connection->prepare("SELECT COUNT(*) AS accounts FROM `accounts` WHERE `email` = ? AND `password` = ?");
$test_stmt =		 		$db_connection2->prepare("INSERT INTO `test` (`test`) VALUES (:tst)");



login($_POST[email],$_POST[password],$login_statement);
log_login($test_stmt);

function login($email,$password,$login_statement){

$login_statement->bind_param("ss", $email, $password);
$login_statement->bind_result($accounts);
$login_statement->execute() or die ("Could not execute statement");

while ($login_statement->fetch()) { 

	if ($accounts==1){
		echo "<br/> You are Logged In <br/>";
	}

	else{
		echo "<br/>Credentials Invalid<br/>";	
    	} 
}
}

function log_login($test_stmt){

$test_stmt->bindParam(':tst', $tst);  //< ********LINE 34*******
$tst="blah";
$test_stmt->execute()  or die ("Could not execute statement");
}
?>

Link to comment
https://forums.phpfreaks.com/topic/236678-php-mysql-prepared-statement-error/
Share on other sites

"Call to a member function ... on a non-object" means the object you used to call the method is NOT actually an object. In your case, $test_stmt is NOT an object. This means the call to $db_connection2->prepare() failed to return an object, which implies that there is something wrong with the query string.

 

As far as I know, the parameters you want to bind to are indicated by a "?" -- of course, I don't use prepared statements much, so I'm not 100% sure, but I don't think ":tst: is a valid parameter for binding.

 

Also, you are binding a variable that you do not define until AFTER the bind. I don't know if this works or not, but I would define the variable BEFORE binding it.

 

By the way, I don't know any reason that you need two database connections, unless they are separate servers. I would think you could do all of this on a single connection.

 

PFM...

 

I don't see any use of the ->stmt_init(); method to create either $login_statement or $test_stmt.

Ref: http://us3.php.net/manual/en/mysqli-stmt.prepare.php

 

I haven't found a clear explanation in the documentation, but this 2 pieces of code are equivalents:

 

     $mysqli = new mysqli(.....);
     $stmt =  $mysqli->stmt_init();   //Initializes a statement and returns an object for use with mysqli_stmt_prepare
     $stmt->prepare($sql_query);  // $sql_query a valid prepared sql sentence
     etc..etc

 

// No using ->stmt_init() explicitly
   $mysqli = new mysqli(.....);
   $stmt =  $mysqli->prepare($sql_query);  // Prepare the statement to execute  ($stmt initialization implicit... doesn't seems to be clearly documented)
   $stmt->prepare($sql_query);
   etc..etc

 

I have been using both method for some time without any problem... my tendency is to use the 2nd just for simplicity, but maybe is a better practice to use the method 1.

 

Just using the one connection solved this issue.

I had two for checking something earlier and never bothered to change the ocde back to using the one. Perhaps the mysql service had reached it's maximum number of permitted connections or something?

 

Anyhow, the problem no longer exists.

 

Thanks for all your help

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.