gmc1103 Posted October 8, 2015 Share Posted October 8, 2015 Hi I have a strange error with tthis code, I have 2 functions one works well the other gives me that error function CheckAtividadesStatus(){ $sqlAtividadesStatus = "SELECT COUNT( * ) AS total FROM `nem_pae_atividades` WHERE `data` = CURDATE()"; $stmt = $this->connection->prepare($sqlAtividadesStatus); var_dump($stmt); if ($stmt === false) { trigger_error('Wrong SQL: ' . $sqlAtividadesStatus . ' Error: ' . $this->connection->error, E_USER_ERROR); } $stmt->execute(); $stmt->bind_result($total); $stmt->fetch(); $stmt->close(); if ($total != 0) { return false; } else{ return true; } $this->connection->close(); } function checkAtividadeFeita($userid) { $id = $this->SanitizeForSQL($userid); $sql = "SELECT COUNT( * ) AS total FROM `nem_pae_atividades` WHERE `idutilizador` = '$id' AND `data` <= CURDATE( ) AND (`realizado` IS NULL OR LENGTH(`realizado`)=0)"; $stmt = $this->connection->prepare($sql); if ($stmt === false) { trigger_error('Wrong SQL: ' . $sql . ' Error: ' . $this->connection->error, E_USER_ERROR); } $stmt->execute(); $stmt->bind_result($total); $stmt->fetch(); $stmt->close(); if ($total != 0) { return false; } else{ return true; } $this->connection->close(); } As everyone can see they are almost the same but the queries are different The function CheckAtividadesStatus() gives me "Fatal error: Call to a member function prepare() on a non-object" in line $stmt = $this->connection->prepare($sqlAtividadesStatus); The other function works normally, so what's wrong? Thanks Quote Link to comment Share on other sites More sharing options...
Solution Barand Posted October 8, 2015 Solution Share Posted October 8, 2015 The error message suggests that $this->connection is not a valid connection object in the failing function. The query in the first function does not need to be a prepared statement - there is no user input. The second function does not require the parameter to be sanitized if you are preparing the statement, You should use a placeholder and bind the parameter to the placeholder. It is the separation of data from query statement that makes preparation effective. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.