charlie0987 Posted January 2, 2015 Share Posted January 2, 2015 I get this error when I run my login system. Call to a member function bind_param() on a non-object in /models/class.newuser.php on line 131 This is the modified code (Line 131 is on the top line): $stmt->bind_param("ssssi", $this->username, $secure_pass, $this->clean_email, $this->activation_token, $this->user_active); $stmt->execute(); $inserted_id = $mysqli->insert_id;$stmt->close(); //Insert default permission into matches table $stmt = $mysqli->prepare("INSERT INTO ".$db_table_prefix."user_permission_matches ( user_id, permission_id ) VALUES ( ?, '1' )") ; $stmt->bind_param("s", $inserted_id); $stmt->execute(); $stmt->close(); This is the whole code... <?php /* . . */ class User { public $user_active = 0; private $clean_email; public $status = false; private $clean_password; private $username; public $sql_failure = false; public $mail_failure = false; public $email_taken = false; public $username_taken = false; public $activation_token = 0; public $success = NULL; function __construct($user,$pass,$email) { //Sanitize $this->clean_email = sanitize($email); $this->clean_password = trim($pass); $this->username = sanitize($user); if(usernameExists($this->username)) { $this->username_taken = true; } else if(emailExists($this->clean_email)) { $this->email_taken = true; } else { //No problems have been found. $this->status = true; } } public function userCakeAddUser() { global $mysqli,$emailActivation,$websiteUrl,$db_table_prefix; //Prevent this function being called if there were construction errors if($this->status) { //Construct a secure hash for the plain text password $secure_pass = generateHash($this->clean_password); //Construct a unique activation token $this->activation_token = generateActivationToken(); //Do we need to send out an activation email? if($emailActivation == "true") { //User must activate their account first $this->user_active = 0; $mail = new userCakeMail(); //Build the activation message $activation_message = lang("ACCOUNT_ACTIVATION_MESSAGE",array($websiteUrl,$this->activation_token)); //Define more if you want to build larger structures $hooks = array( "searchStrs" => array("#ACTIVATION-MESSAGE","#ACTIVATION-KEY","#USERNAME#"), "subjectStrs" => array($activation_message,$this->activation_token,$this->username) ); /* Build the template - Optional, you can just use the sendMail function Instead to pass a message. */ if(!$mail->newTemplateMsg("new-registration.txt",$hooks)) { $this->mail_failure = true; } else { //Send the mail. Specify users email here and subject. //SendMail can have a third parementer for message if you do not wish to build a template. if(!$mail->sendMail($this->clean_email,"New User")) { $this->mail_failure = true; } } $this->success = lang("ACCOUNT_REGISTRATION_COMPLETE_TYPE2"); } else { //Instant account activation $this->user_active = 1; $this->success = lang("ACCOUNT_REGISTRATION_COMPLETE_TYPE1"); } if(!$this->mail_failure) { //Insert the user into the database providing no errors have been found. $stmt = $mysqli->prepare("INSERT INTO ".$db_table_prefix."users ( user_name, password, email, activation_token, last_activation_request, lost_password_request, active, title, sign_up_stamp, last_sign_in_stamp ) VALUES ( ?, ?, ?, ?, ?, '".time()."', '0', ?, 'New Member', '".time()."', '0' )"); $stmt->bind_param("ssssi", $this->username, $secure_pass, $this->clean_email, $this->activation_token, $this->user_active); $stmt->execute(); $inserted_id = $mysqli->insert_id; $stmt->close(); //Insert default permission into matches table $stmt = $mysqli->prepare("INSERT INTO ".$db_table_prefix."user_permission_matches ( user_id, permission_id ) VALUES ( ?, '1' )") ; $stmt->bind_param("s", $inserted_id); $stmt->execute(); $stmt->close(); } } } } ?> Quote Link to comment https://forums.phpfreaks.com/topic/293603-call-to-a-member-function-bind_param/ Share on other sites More sharing options...
ginerjm Posted January 2, 2015 Share Posted January 2, 2015 That message usually means that the object your are referencing does not exist. Is your $stmt variable in scope? Did you connect and select db actually work, ie, did you check the results of each call? Quote Link to comment https://forums.phpfreaks.com/topic/293603-call-to-a-member-function-bind_param/#findComment-1501527 Share on other sites More sharing options...
charlie0987 Posted January 2, 2015 Author Share Posted January 2, 2015 That message usually means that the object your are referencing does not exist. Is your $stmt variable in scope? Did you connect and select db actually work, ie, did you check the results of each call? Yeah it is and all the connects work. I really am stuck with this one. Quote Link to comment https://forums.phpfreaks.com/topic/293603-call-to-a-member-function-bind_param/#findComment-1501528 Share on other sites More sharing options...
ginerjm Posted January 2, 2015 Share Posted January 2, 2015 Post the relevant code please Quote Link to comment https://forums.phpfreaks.com/topic/293603-call-to-a-member-function-bind_param/#findComment-1501530 Share on other sites More sharing options...
charlie0987 Posted January 2, 2015 Author Share Posted January 2, 2015 Post the relevant code please functions.php (func.php): <?php /* UserCake Version: 2.0.2 http://usercake.com */ //Functions that do not interact with DB //------------------------------------------------------------------------------ //Retrieve a list of all .php files in models/languages function getLanguageFiles() { $directory = "models/languages/"; $languages = glob($directory . "*.php"); //print each file name return $languages; } //Retrieve a list of all .css files in models/site-templates function getTemplateFiles() { $directory = "models/site-templates/"; $languages = glob($directory . "*.css"); //print each file name return $languages; } //Retrieve a list of all .php files in root files folder function getPageFiles() { $directory = ""; $pages = glob($directory . "*.php"); //print each file name foreach ($pages as $page){ $row[$page] = $page; } return $row; } //Destroys a session as part of logout function destroySession($name) { if(isset($_SESSION[$name])) { $_SESSION[$name] = NULL; unset($_SESSION[$name]); } } //Generate a unique code function getUniqueCode($length = "") { $code = md5(uniqid(rand(), true)); if ($length != "") return substr($code, 0, $length); else return $code; } //Generate an activation key function generateActivationToken($gen = null) { do { $gen = md5(uniqid(mt_rand(), false)); } while(validateActivationToken($gen)); return $gen; } //@ Thanks to - http://phpsec.org function generateHash($plainText, $salt = null) { if ($salt === null) { $salt = substr(md5(uniqid(rand(), true)), 0, 25); } else { $salt = substr($salt, 0, 25); } return $salt . sha1($salt . $plainText); } //Checks if an email is valid function isValidEmail($email) { if (filter_var($email, FILTER_VALIDATE_EMAIL)) { return true; } else { return false; } } //Inputs language strings from selected language. function lang($key,$markers = NULL) { global $lang; if($markers == NULL) { $str = $lang[$key]; } else { //Replace any dyamic markers $str = $lang[$key]; $iteration = 1; foreach($markers as $marker) { $str = str_replace("%m".$iteration."%",$marker,$str); $iteration++; } } //Ensure we have something to return if($str == "") { return ("No language key found"); } else { return $str; } } //Checks if a string is within a min and max length function minMaxRange($min, $max, $what) { if(strlen(trim($what)) < $min) return true; else if(strlen(trim($what)) > $max) return true; else return false; } //Replaces hooks with specified text function replaceDefaultHook($str) { global $default_hooks,$default_replace; return (str_replace($default_hooks,$default_replace,$str)); } //Displays error and success messages function resultBlock($errors,$successes){ //Error block if(count($errors) > 0) { echo "<div id='error'> <a href='#' onclick=\"showHide('error');\">[X]</a> <ul>"; foreach($errors as $error) { echo "<li>".$error."</li>"; } echo "</ul>"; echo "</div>"; } //Success block if(count($successes) > 0) { echo "<div id='success'> <a href='#' onclick=\"showHide('success');\">[X]</a> <ul>"; foreach($successes as $success) { echo "<li>".$success."</li>"; } echo "</ul>"; echo "</div>"; } } //Completely sanitizes text function sanitize($str) { return strtolower(strip_tags(trim(($str)))); } //Functions that interact mainly with .users table //------------------------------------------------------------------------------ //Delete a defined array of users function deleteUsers($users) { global $mysqli,$db_table_prefix; $i = 0; $stmt = $mysqli->prepare("DELETE FROM ".$db_table_prefix."users WHERE id = ?"); $stmt2 = $mysqli->prepare("DELETE FROM ".$db_table_prefix."user_permission_matches WHERE user_id = ?"); foreach($users as $id){ $stmt->bind_param("i", $id); $stmt->execute(); $stmt2->bind_param("i", $id); $stmt2->execute(); $i++; } $stmt->close(); $stmt2->close(); return $i; } //Check if an email exists in the DB function emailExists($email) { global $mysqli,$db_table_prefix; $stmt = $mysqli->prepare("SELECT active FROM ".$db_table_prefix."users WHERE email = ? LIMIT 1"); $stmt->bind_param("s", $email); $stmt->execute(); $stmt->store_result(); $num_returns = $stmt->num_rows; $stmt->close(); if ($num_returns > 0) { return true; } else { return false; } } //Check if a user name and email belong to the same user function emailUsernameLinked($email,$username) { global $mysqli,$db_table_prefix; $stmt = $mysqli->prepare("SELECT active FROM ".$db_table_prefix."users WHERE user_name = ? AND email = ? LIMIT 1 "); $stmt->bind_param("ss", $username, $email); $stmt->execute(); $stmt->store_result(); $num_returns = $stmt->num_rows; $stmt->close(); if ($num_returns > 0) { return true; } else { return false; } } //Retrieve information for all users function fetchAllUsers() { global $mysqli,$db_table_prefix; $stmt = $mysqli->prepare("SELECT id, user_name, password, email, activation_token, last_activation_request, lost_password_request, active, title, sign_up_stamp, last_sign_in_stamp FROM ".$db_table_prefix."users"); $stmt->execute(); $stmt->bind_result($id, $user, $password, $email, $token, $activationRequest, $passwordRequest, $active, $title, $signUp, $signIn); while ($stmt->fetch()){ $row[] = array('id' => $id, 'user_name' => $user, 'password' => $password, 'email' => $email, 'activation_token' => $token, 'last_activation_request' => $activationRequest, 'lost_password_request' => $passwordRequest, 'active' => $active, 'title' => $title, 'sign_up_stamp' => $signUp, 'last_sign_in_stamp' => $signIn); } $stmt->close(); return ($row); } //Retrieve complete user information by username, token or ID function fetchUserDetails($username=NULL,$token=NULL, $id=NULL) { if($username!=NULL) { $column = "user_name"; $data = $username; } elseif($token!=NULL) { $column = "activation_token"; $data = $token; } elseif($id!=NULL) { $column = "id"; $data = $id; } global $mysqli,$db_table_prefix; $stmt = $mysqli->prepare("SELECT id, user_name, password, email, activation_token, last_activation_request, lost_password_request, active, title, sign_up_stamp, last_sign_in_stamp FROM ".$db_table_prefix."users WHERE $column = ? LIMIT 1"); $stmt->bind_param("s", $data); $stmt->execute(); $stmt->bind_result($id, $user, $password, $email, $token, $activationRequest, $passwordRequest, $active, $title, $signUp, $signIn); while ($stmt->fetch()){ $row = array('id' => $id, 'user_name' => $user, 'password' => $password, 'email' => $email, 'activation_token' => $token, 'last_activation_request' => $activationRequest, 'lost_password_request' => $passwordRequest, 'active' => $active, 'title' => $title, 'sign_up_stamp' => $signUp, 'last_sign_in_stamp' => $signIn); } $stmt->close(); return ($row); } //Toggle if lost password request flag on or off function flagLostPasswordRequest($username,$value) { global $mysqli,$db_table_prefix; $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users SET lost_password_request = ? WHERE user_name = ? LIMIT 1 "); $stmt->bind_param("ss", $value, $username); $result = $stmt->execute(); $stmt->close(); return $result; } //Check if a user is logged in function isUserLoggedIn() { global $loggedInUser,$mysqli,$db_table_prefix; $stmt = $mysqli->prepare("SELECT id, password FROM ".$db_table_prefix."users WHERE id = ? AND password = ? AND active = 1 LIMIT 1"); $stmt->bind_param("is", $loggedInUser->user_id, $loggedInUser->hash_pw); $stmt->execute(); $stmt->store_result(); $num_returns = $stmt->num_rows; $stmt->close(); if($loggedInUser == NULL) { return false; } else { if ($num_returns > 0) { return true; } else { destroySession("userCakeUser"); return false; } } } //Change a user from inactive to active function setUserActive($token) { global $mysqli,$db_table_prefix; $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users SET active = 1 WHERE activation_token = ? LIMIT 1"); $stmt->bind_param("s", $token); $result = $stmt->execute(); $stmt->close(); return $result; } //Update a user's email function updateEmail($id, $email) { global $mysqli,$db_table_prefix; $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users SET email = ? WHERE id = ?"); $stmt->bind_param("si", $email, $id); $result = $stmt->execute(); $stmt->close(); return $result; } //Input new activation token, and update the time of the most recent activation request function updateLastActivationRequest($new_activation_token,$username,$email) { global $mysqli,$db_table_prefix; $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users SET activation_token = ?, last_activation_request = ? WHERE email = ? AND user_name = ?"); $stmt->bind_param("ssss", $new_activation_token, time(), $email, $username); $result = $stmt->execute(); $stmt->close(); return $result; } //Generate a random password, and new token function updatePasswordFromToken($pass,$token) { global $mysqli,$db_table_prefix; $new_activation_token = generateActivationToken(); $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users SET password = ?, activation_token = ? WHERE activation_token = ?"); $stmt->bind_param("sss", $pass, $new_activation_token, $token); $result = $stmt->execute(); $stmt->close(); return $result; } //Update a user's title function updateTitle($id, $title) { global $mysqli,$db_table_prefix; $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users SET title = ? WHERE id = ?"); $stmt->bind_param("si", $title, $id); $result = $stmt->execute(); $stmt->close(); return $result; } //Check if a user ID exists in the DB function userIdExists($id) { global $mysqli,$db_table_prefix; $stmt = $mysqli->prepare("SELECT active FROM ".$db_table_prefix."users WHERE id = ? LIMIT 1"); $stmt->bind_param("i", $id); $stmt->execute(); $stmt->store_result(); $num_returns = $stmt->num_rows; $stmt->close(); if ($num_returns > 0) { return true; } else { return false; } } //Checks if a username exists in the DB function usernameExists($username) { global $mysqli,$db_table_prefix; $stmt = $mysqli->prepare("SELECT active FROM ".$db_table_prefix."users WHERE user_name = ? LIMIT 1"); $stmt->bind_param("s", $username); $stmt->execute(); $stmt->store_result(); $num_returns = $stmt->num_rows; $stmt->close(); if ($num_returns > 0) { return true; } else { return false; } } //Check if activation token exists in DB function validateActivationToken($token,$lostpass=NULL) { global $mysqli,$db_table_prefix; if($lostpass == NULL) { $stmt = $mysqli->prepare("SELECT active FROM ".$db_table_prefix."users WHERE active = 0 AND activation_token = ? LIMIT 1"); } else { $stmt = $mysqli->prepare("SELECT active FROM ".$db_table_prefix."users WHERE active = 1 AND activation_token = ? AND lost_password_request = 1 LIMIT 1"); } $stmt->bind_param("s", $token); $stmt->execute(); $stmt->store_result(); $num_returns = $stmt->num_rows; $stmt->close(); if ($num_returns > 0) { return true; } else { return false; } } //Functions that interact mainly with .permissions table //------------------------------------------------------------------------------ //Create a permission level in DB function createPermission($permission) { global $mysqli,$db_table_prefix; $stmt = $mysqli->prepare("INSERT INTO ".$db_table_prefix."permissions ( name ) VALUES ( ? )"); $stmt->bind_param("s", $permission); $result = $stmt->execute(); $stmt->close(); return $result; } //Delete a permission level from the DB function deletePermission($permission) { global $mysqli,$db_table_prefix,$errors; $i = 0; $stmt = $mysqli->prepare("DELETE FROM ".$db_table_prefix."permissions WHERE id = ?"); $stmt2 = $mysqli->prepare("DELETE FROM ".$db_table_prefix."user_permission_matches WHERE permission_id = ?"); $stmt3 = $mysqli->prepare("DELETE FROM ".$db_table_prefix."permission_page_matches WHERE permission_id = ?"); foreach($permission as $id){ if ($id == 1){ $errors[] = lang("CANNOT_DELETE_NEWUSERS"); } elseif ($id == 2){ $errors[] = lang("CANNOT_DELETE_ADMIN"); } else{ $stmt->bind_param("i", $id); $stmt->execute(); $stmt2->bind_param("i", $id); $stmt2->execute(); $stmt3->bind_param("i", $id); $stmt3->execute(); $i++; } } $stmt->close(); $stmt2->close(); $stmt3->close(); return $i; } //Retrieve information for all permission levels function fetchAllPermissions() { global $mysqli,$db_table_prefix; $stmt = $mysqli->prepare("SELECT id, name FROM ".$db_table_prefix."permissions"); $stmt->execute(); $stmt->bind_result($id, $name); while ($stmt->fetch()){ $row[] = array('id' => $id, 'name' => $name); } $stmt->close(); return ($row); } //Retrieve information for a single permission level function fetchPermissionDetails($id) { global $mysqli,$db_table_prefix; $stmt = $mysqli->prepare("SELECT id, name FROM ".$db_table_prefix."permissions WHERE id = ? LIMIT 1"); $stmt->bind_param("i", $id); $stmt->execute(); $stmt->bind_result($id, $name); while ($stmt->fetch()){ $row = array('id' => $id, 'name' => $name); } $stmt->close(); return ($row); } //Check if a permission level ID exists in the DB function permissionIdExists($id) { global $mysqli,$db_table_prefix; $stmt = $mysqli->prepare("SELECT id FROM ".$db_table_prefix."permissions WHERE id = ? LIMIT 1"); $stmt->bind_param("i", $id); $stmt->execute(); $stmt->store_result(); $num_returns = $stmt->num_rows; $stmt->close(); if ($num_returns > 0) { return true; } else { return false; } } //Check if a permission level name exists in the DB function permissionNameExists($permission) { global $mysqli,$db_table_prefix; $stmt = $mysqli->prepare("SELECT id FROM ".$db_table_prefix."permissions WHERE name = ? LIMIT 1"); $stmt->bind_param("s", $permission); $stmt->execute(); $stmt->store_result(); $num_returns = $stmt->num_rows; $stmt->close(); if ($num_returns > 0) { return true; } else { return false; } } //Change a permission level's name function updatePermissionName($id, $name) { global $mysqli,$db_table_prefix; $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."permissions SET name = ? WHERE id = ? LIMIT 1"); $stmt->bind_param("si", $name, $id); $result = $stmt->execute(); $stmt->close(); return $result; } //Functions that interact mainly with .user_permission_matches table //------------------------------------------------------------------------------ //Match permission level(s) with user(s) function addPermission($permission, $user) { global $mysqli,$db_table_prefix; $i = 0; $stmt = $mysqli->prepare("INSERT INTO ".$db_table_prefix."user_permission_matches ( permission_id, user_id ) VALUES ( ?, ? )"); if (is_array($permission)){ foreach($permission as $id){ $stmt->bind_param("ii", $id, $user); $stmt->execute(); $i++; } } elseif (is_array($user)){ foreach($user as $id){ $stmt->bind_param("ii", $permission, $id); $stmt->execute(); $i++; } } else { $stmt->bind_param("ii", $permission, $user); $stmt->execute(); $i++; } $stmt->close(); return $i; } //Retrieve information for all user/permission level matches function fetchAllMatches() { global $mysqli,$db_table_prefix; $stmt = $mysqli->prepare("SELECT id, user_id, permission_id FROM ".$db_table_prefix."user_permission_matches"); $stmt->execute(); $stmt->bind_result($id, $user, $permission); while ($stmt->fetch()){ $row[] = array('id' => $id, 'user_id' => $user, 'permission_id' => $permission); } $stmt->close(); return ($row); } //Retrieve list of permission levels a user has function fetchUserPermissions($user_id) { global $mysqli,$db_table_prefix; $stmt = $mysqli->prepare("SELECT id, permission_id FROM ".$db_table_prefix."user_permission_matches WHERE user_id = ? "); $stmt->bind_param("i", $user_id); $stmt->execute(); $stmt->bind_result($id, $permission); while ($stmt->fetch()){ $row[$permission] = array('id' => $id, 'permission_id' => $permission); } $stmt->close(); if (isset($row)){ return ($row); } } //Retrieve list of users who have a permission level function fetchPermissionUsers($permission_id) { global $mysqli,$db_table_prefix; $stmt = $mysqli->prepare("SELECT id, user_id FROM ".$db_table_prefix."user_permission_matches WHERE permission_id = ? "); $stmt->bind_param("i", $permission_id); $stmt->execute(); $stmt->bind_result($id, $user); while ($stmt->fetch()){ $row[$user] = array('id' => $id, 'user_id' => $user); } $stmt->close(); if (isset($row)){ return ($row); } } //Unmatch permission level(s) from user(s) function removePermission($permission, $user) { global $mysqli,$db_table_prefix; $i = 0; $stmt = $mysqli->prepare("DELETE FROM ".$db_table_prefix."user_permission_matches WHERE permission_id = ? AND user_id =?"); if (is_array($permission)){ foreach($permission as $id){ $stmt->bind_param("ii", $id, $user); $stmt->execute(); $i++; } } elseif (is_array($user)){ foreach($user as $id){ $stmt->bind_param("ii", $permission, $id); $stmt->execute(); $i++; } } else { $stmt->bind_param("ii", $permission, $user); $stmt->execute(); $i++; } $stmt->close(); return $i; } //Functions that interact mainly with .configuration table //------------------------------------------------------------------------------ //Update configuration table function updateConfig($id, $value) { global $mysqli,$db_table_prefix; $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."configuration SET value = ? WHERE id = ?"); foreach ($id as $cfg){ $stmt->bind_param("si", $value[$cfg], $cfg); $stmt->execute(); } $stmt->close(); } //Functions that interact mainly with .pages table //------------------------------------------------------------------------------ //Add a page to the DB function createPages($pages) { global $mysqli,$db_table_prefix; $stmt = $mysqli->prepare("INSERT INTO ".$db_table_prefix."pages ( page ) VALUES ( ? )"); foreach($pages as $page){ $stmt->bind_param("s", $page); $stmt->execute(); } $stmt->close(); } //Delete a page from the DB function deletePages($pages) { global $mysqli,$db_table_prefix; $stmt = $mysqli->prepare("DELETE FROM ".$db_table_prefix."pages WHERE id = ?"); $stmt2 = $mysqli->prepare("DELETE FROM ".$db_table_prefix."permission_page_matches WHERE page_id = ?"); foreach($pages as $id){ $stmt->bind_param("i", $id); $stmt->execute(); $stmt2->bind_param("i", $id); $stmt2->execute(); } $stmt->close(); $stmt2->close(); } //Fetch information on all pages function fetchAllPages() { global $mysqli,$db_table_prefix; $stmt = $mysqli->prepare("SELECT id, page, private FROM ".$db_table_prefix."pages"); $stmt->execute(); $stmt->bind_result($id, $page, $private); while ($stmt->fetch()){ $row[$page] = array('id' => $id, 'page' => $page, 'private' => $private); } $stmt->close(); if (isset($row)){ return ($row); } } //Fetch information for a specific page function fetchPageDetails($id) { global $mysqli,$db_table_prefix; $stmt = $mysqli->prepare("SELECT id, page, private FROM ".$db_table_prefix."pages WHERE id = ? LIMIT 1"); $stmt->bind_param("i", $id); $stmt->execute(); $stmt->bind_result($id, $page, $private); while ($stmt->fetch()){ $row = array('id' => $id, 'page' => $page, 'private' => $private); } $stmt->close(); return ($row); } //Check if a page ID exists function pageIdExists($id) { global $mysqli,$db_table_prefix; $stmt = $mysqli->prepare("SELECT private FROM ".$db_table_prefix."pages WHERE id = ? LIMIT 1"); $stmt->bind_param("i", $id); $stmt->execute(); $stmt->store_result(); $num_returns = $stmt->num_rows; $stmt->close(); if ($num_returns > 0) { return true; } else { return false; } } //Toggle private/public setting of a page function updatePrivate($id, $private) { global $mysqli,$db_table_prefix; $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."pages SET private = ? WHERE id = ?"); $stmt->bind_param("ii", $private, $id); $result = $stmt->execute(); $stmt->close(); return $result; } //Functions that interact mainly with .permission_page_matches table //------------------------------------------------------------------------------ //Match permission level(s) with page(s) function addPage($page, $permission) { global $mysqli,$db_table_prefix; $i = 0; $stmt = $mysqli->prepare("INSERT INTO ".$db_table_prefix."permission_page_matches ( permission_id, page_id ) VALUES ( ?, ? )"); if (is_array($permission)){ foreach($permission as $id){ $stmt->bind_param("ii", $id, $page); $stmt->execute(); $i++; } } elseif (is_array($page)){ foreach($page as $id){ $stmt->bind_param("ii", $permission, $id); $stmt->execute(); $i++; } } else { $stmt->bind_param("ii", $permission, $page); $stmt->execute(); $i++; } $stmt->close(); return $i; } //Retrieve list of permission levels that can access a page function fetchPagePermissions($page_id) { global $mysqli,$db_table_prefix; $stmt = $mysqli->prepare("SELECT id, permission_id FROM ".$db_table_prefix."permission_page_matches WHERE page_id = ? "); $stmt->bind_param("i", $page_id); $stmt->execute(); $stmt->bind_result($id, $permission); while ($stmt->fetch()){ $row[$permission] = array('id' => $id, 'permission_id' => $permission); } $stmt->close(); if (isset($row)){ return ($row); } } //Retrieve list of pages that a permission level can access function fetchPermissionPages($permission_id) { global $mysqli,$db_table_prefix; $stmt = $mysqli->prepare("SELECT id, page_id FROM ".$db_table_prefix."permission_page_matches WHERE permission_id = ? "); $stmt->bind_param("i", $permission_id); $stmt->execute(); $stmt->bind_result($id, $page); while ($stmt->fetch()){ $row[$page] = array('id' => $id, 'permission_id' => $page); } $stmt->close(); if (isset($row)){ return ($row); } } //Unmatched permission and page function removePage($page, $permission) { global $mysqli,$db_table_prefix; $i = 0; $stmt = $mysqli->prepare("DELETE FROM ".$db_table_prefix."permission_page_matches WHERE page_id = ? AND permission_id =?"); if (is_array($page)){ foreach($page as $id){ $stmt->bind_param("ii", $id, $permission); $stmt->execute(); $i++; } } elseif (is_array($permission)){ foreach($permission as $id){ $stmt->bind_param("ii", $page, $id); $stmt->execute(); $i++; } } else { $stmt->bind_param("ii", $permission, $user); $stmt->execute(); $i++; } $stmt->close(); return $i; } //Check if a user has access to a page function securePage($uri){ //Separate document name from uri $tokens = explode('/', $uri); $page = $tokens[sizeof($tokens)-1]; global $mysqli,$db_table_prefix,$loggedInUser; //retrieve page details $stmt = $mysqli->prepare("SELECT id, page, private FROM ".$db_table_prefix."pages WHERE page = ? LIMIT 1"); $stmt->bind_param("s", $page); $stmt->execute(); $stmt->bind_result($id, $page, $private); while ($stmt->fetch()){ $pageDetails = array('id' => $id, 'page' => $page, 'private' => $private); } $stmt->close(); //If page does not exist in DB, allow access if (empty($pageDetails)){ return true; } //If page is public, allow access elseif ($pageDetails['private'] == 0) { return true; } //If user is not logged in, deny access elseif(!isUserLoggedIn()) { header("Location: login.php"); return false; } else { //Retrieve list of permission levels with access to page $stmt = $mysqli->prepare("SELECT permission_id FROM ".$db_table_prefix."permission_page_matches WHERE page_id = ? "); $stmt->bind_param("i", $pageDetails['id']); $stmt->execute(); $stmt->bind_result($permission); while ($stmt->fetch()){ $pagePermissions[] = $permission; } $stmt->close(); //Check if user's permission levels allow access to page if ($loggedInUser->checkPermission($pagePermissions)){ return true; } //Grant access if master user elseif ($loggedInUser->user_id == $master_account){ return true; } else { header("Location: account.php"); return false; } } } ?> If you want the db connect files just ask. Quote Link to comment https://forums.phpfreaks.com/topic/293603-call-to-a-member-function-bind_param/#findComment-1501531 Share on other sites More sharing options...
ginerjm Posted January 2, 2015 Share Posted January 2, 2015 Actually your prepare failed hence your $stmt is invalid. You have 6 parms in your query but are only binding 5 Quote Link to comment https://forums.phpfreaks.com/topic/293603-call-to-a-member-function-bind_param/#findComment-1501532 Share on other sites More sharing options...
charlie0987 Posted January 2, 2015 Author Share Posted January 2, 2015 Actually your prepare failed hence your $stmt is invalid. You have 6 parms in your query but are only binding 5 Enlighten me please, I am not that good with PHP coding. Could you possibly fix the script please? or just tell me where exactly I went wrong in simple terms Sorry for being a pain. Quote Link to comment https://forums.phpfreaks.com/topic/293603-call-to-a-member-function-bind_param/#findComment-1501533 Share on other sites More sharing options...
ginerjm Posted January 2, 2015 Share Posted January 2, 2015 The line with the error is binding 5 parms to your query, which you didn't show us. I went thru your class code and found the 131 line and then found that the query has 6 ? chars in it, meaning you have to supply 6 values to the bind-param call. Supply the missing parm in your bind call. PS - it's always a good idea to CHECK the results of things to be sure they worked. If you had wrapped the bind call in an if statement you would have detected this problem. Quote Link to comment https://forums.phpfreaks.com/topic/293603-call-to-a-member-function-bind_param/#findComment-1501535 Share on other sites More sharing options...
charlie0987 Posted January 2, 2015 Author Share Posted January 2, 2015 The line with the error is binding 5 parms to your query, which you didn't show us. I went thru your class code and found the 131 line and then found that the query has 6 ? chars in it, meaning you have to supply 6 values to the bind-param call. Supply the missing parm in your bind call. PS - it's always a good idea to CHECK the results of things to be sure they worked. If you had wrapped the bind call in an if statement you would have detected this problem. Originally it was this: $stmt->bind_param("sssssi", $this->username, $this->displayname, $secure_pass, $this->clean_email, $this->activation_token, $this->user_active); But because I was removing the displayname I deleted it Quote Link to comment https://forums.phpfreaks.com/topic/293603-call-to-a-member-function-bind_param/#findComment-1501536 Share on other sites More sharing options...
ginerjm Posted January 2, 2015 Share Posted January 2, 2015 This is the code you posted: $stmt = $mysqli->prepare("INSERT INTO ".$db_table_prefix."users (user_name,password,email,activation_token,last_activation_request,lost_password_request, active,title,sign_up_stamp,last_sign_in_stamp) VALUES (?,?,?,?,?,'".time()."','0',?,'New Member','".time()."','0')"); $stmt->bind_param("ssssi", $this->username, $secure_pass, $this->clean_email, $this->activation_token, $this->user_active); Your query has 10 fields to be inserted but 11 values. That alone is a problem. Then your bind has only 5 values being bound to that query, yet the query is expecting 6. You need to balance all of this out. Have at it! Quote Link to comment https://forums.phpfreaks.com/topic/293603-call-to-a-member-function-bind_param/#findComment-1501538 Share on other sites More sharing options...
charlie0987 Posted January 2, 2015 Author Share Posted January 2, 2015 This is the code you posted: $stmt = $mysqli->prepare("INSERT INTO ".$db_table_prefix."users (user_name,password,email,activation_token,last_activation_request,lost_password_request, active,title,sign_up_stamp,last_sign_in_stamp) VALUES (?,?,?,?,?,'".time()."','0',?,'New Member','".time()."','0')"); $stmt->bind_param("ssssi", $this->username, $secure_pass, $this->clean_email, $this->activation_token, $this->user_active); Your query has 10 fields to be inserted but 11 values. That alone is a problem. Then your bind has only 5 values being bound to that query, yet the query is expecting 6. You need to balance all of this out. Have at it! I think I understand what you mean but to be honest I don't think I would be able to solve any of this. Skill level = 10 max, 0 lowest I am level 2 Your like level 9 if not 10 All I need is someone to fix the code because I honestly don't know anymore. If you can't or don't want to its fine. I think I'll give up :| Thanks for the help though dude your knowledge is too powerful for me Quote Link to comment https://forums.phpfreaks.com/topic/293603-call-to-a-member-function-bind_param/#findComment-1501542 Share on other sites More sharing options...
ginerjm Posted January 2, 2015 Share Posted January 2, 2015 I'm guessing that you didn't write this code and don't understand that is going on in it. Until you take the time and make the effort to learn what is going on here, you will never advance beyond your perceived level. It's pretty simple. When you do an insert query you specify in it what fields are to be posted/inserted and what values are to be put into each of those fields. So if you want to update 10 fields you need to provide 10 values. Looking at your sql statement as I said you have different numbers there. Fix it. Then when you have the query written correctly, carefully look at which of those values that you want to use substitute parameters for (the ? ones) and provide all of their values in the bind_param call. This will "join" those php values to the ? parts of the query, to put it simply. One could have just written the query without the ? and put the actual php vars in there instead, but that leads to sql injection problems and that is why you have a prepared query here. (Which is good!) You simply have to do the same kind of thing that you did above in fixing the query - align the stuff in the bind_param with the ? in the query statement. For every ? you have to supply a value for it in the bind_param. Also - add a check of these steps to be sure they are working. If you look up the functions in the manual you will see that you will get a value of False if something goes wrong. So after the prepare call add this: if (!$stmt) { echo "Problem doing Prepare"; exit(); } When you do the bind_param call do it like this: if (!$stmt->bind_param(.....)) { echo "Problem binding params"); exit(); } That's the best I'm going to do for you here. The fixes are so simple that my doing them will NOT help you. I've tried to explain what is going on and tell you what you have to do. Now you have to do it in order to learn and improve your knowledge for your next effort. Good luck. Talk later. Quote Link to comment https://forums.phpfreaks.com/topic/293603-call-to-a-member-function-bind_param/#findComment-1501544 Share on other sites More sharing options...
mac_gyver Posted January 2, 2015 Share Posted January 2, 2015 to do what you are trying - build, prepare, bind parameters, and run a sql query statement, you need to get each part correct. a good first step would be to build the sql query statement in a php variable, so that you can echo it to see what it actually is and so that the syntax of the sql query statement is separate from the php syntax that's preparing the query. another step would be to use a minimum of different syntax's in the query statement. don't use php functions if there is a mysql equivalent, do put php variables directly into the string without using concatenation, and don't put single-quotes around numbers. this is your existing query, built in a php variable, with a minimum of clutter in it - $query = " INSERT INTO $db_table_prefix.users (user_name, password, email, activation_token, last_activation_request, lost_password_request, active, title, sign_up_stamp, last_sign_in_stamp) VALUES (?, ?, ?, ?, ?, UNIX_TIMESTAMP(), 0, ?, 'New Member', UNIX_TIMESTAMP(), 0) "; from here, you need to do what ginerjm has written and make sure that your list of columns is correct, that the list of values matches those columns, and that for each place-holder ? in the sql query statement that the bind statement has the correct amount and type of data-type characters (the 'sssiiiisis' string) and the correct variables where the actual values are at. Quote Link to comment https://forums.phpfreaks.com/topic/293603-call-to-a-member-function-bind_param/#findComment-1501546 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.