Fatal error: Call to a member function bind_param() on a non-object line 52

Question

I have seen numorous questions similar to this, however I still can't seem to resolve the problem, so sorry if this may be a duplicate.

Anyway here is the code:

$email = $_POST['emailAddress'];
$username = $_POST['userName'];
$dob = $_POST['dobYear'] . "-" . $_POST['dobMonth'] . "-" . $_POST['dobDay'];
$fname = $_POST['firstName'];
$sname = $_POST['lastName'];
$country = $_POST['country'];
$squestion = $_POST['secretQuestion'];
$sanswer = $_POST['secretAnswer'];


require('db_connect.php');
$insert_stmt = $mysqli->prepare("INSERT INTO users (username, email, password, salt, fname, sname, country, dob, squestion, sanswer) VALUES (:username, :email, :password, :salt, :fname, :sname, :country, :dob, :squestion, :sanswer)");
var_dump($mysqli->error);
$insert_stmt->bind_param(':username', $username); // error is here 
$insert_stmt->bind_param(':email', $email);
$insert_stmt->bind_param(':password', $password);
$insert_stmt->bind_param(':salt', $random_salt);
$insert_stmt->bind_param(':fname', $fname);
$insert_stmt->bind_param(':sname', $sname);
$insert_stmt->bind_param(':country', $country);
$insert_stmt->bind_param(':dob', $dob);
$insert_stmt->bind_param(':squestion', $squestion);     
$insert_stmt->bind_param(':sanswer', $sanswer);     
$insert_stmt->execute();

And this is the output of var_dump:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ':username, :email, :password, :salt, :fname, :sname, :country, :dob, :squestion,' at line 1"

I know that there must be a problem on the prepare line but, I am really not seeing it.

Here is the db_connect.php just in case anyone wants to see though, this file is working fine:

define("HOST", "localhost"); // The host you want to connect to.
define("USER", "sec_user"); // The database username.
define("PASSWORD", "eKcGZr59zAa2BEWU"); // The database password. 
define("DATABASE", "secure_login"); // The database name.

$mysqli = new mysqli(HOST, USER, PASSWORD, DATABASE);

Again, sorry if this is a duplicate or if I'm missing something blatent and obvious.

Oswald · Accepted Answer · 2013-01-27T12:02:40.733

2

The class mysqli_stmt does not support named SQL-parameters. Also, the first parameter to mysql_stmt::bind_param() is not the name of the SQL-parameter (because the class mysqli_stmt does not support named SQL-parameters).

edited Jan 27 '13 at 12:02

answered Jan 27 '13 at 11:48

Oswald

31,254
3
43
68

1

That's why it's a good idea to always read the documentation before using an unfamiliar API. The PHP documentation usually contains examples, too. – Oswald Jan 27 '13 at 12:04
so what was the fix? I am having this EXACT issue... I am using the ?,?,? values – jflay Dec 04 '13 at 19:09
@jflay The fix is to make `$mysqli->prepare()` work. In the above question, `$mysqli->prepare()` failed because of the assumption that MySQLi understands named parameters. In your case, it fails for a different reason. Use the attributes of the [`mysqli`](http://www.php.net/manual/en/class.mysqli.php) class to get more information about the reason. – Oswald Dec 04 '13 at 20:07
yay I found it thanks to reading up on those class names... needed to stay consistent with the O-O approach and use bind_param() instead of bindParams or whatever the other php.net method was. Thanks. – jflay Dec 04 '13 at 21:33

score 0 · Answer 2 · answered Jan 27 '13 at 11:50

0

$insert_stmt = $mysqli->prepare("INSERT INTO users (username, email, password, salt, fname, sname, country, dob, squestion, sanswer) VALUES (?, ?,?, ?, ?, ?, ?, ?, ?, ?)");

change your bind accordingly

answered Jan 27 '13 at 11:50

knightrider

2,063
1
16
29

Fatal error: Call to a member function bind_param() on a non-object line 52

2 Answers2