Call to a member function prepare() on a non-object PHP

Question

Heres my code to connect to the database

function createConnection($DB_USER, $DB_PASSWORD){

    $dbc = new PDO('mysql:host=****', $DB_USER, $DB_PASSWORD);

}

and below and is the code for a function being called

function checkIfUserExists($dbc, $username, $table){

    global $dbc;

    $stmt = $dbc->prepare("SELECT * FROM ? WHERE username = ?");
    $stmt = bindParam(1, $table);
    $stmt = bindParam(2, $username);
    $stmt->execute();

}

below is the code i use to call them

$connect = new databaseOperations;
$connect->createConnection($DB_USER, $DB_PASSWORD);
$connect->checkIfUserExists($dbc, login, Username);

my question is why am i getting the call to a member function prepare() on a non-object error when the page loads?

I could be wrong, but creating $dbc within a function, it isn't known outside of this function, right? — michi, Mar 02 '13 at 22:16
In addition to @WouterJ's answer, remember that PDOs bind data variables only. I.e. you can bind ? to username, but you cannot bind a table name. If you have a variable $table, you should include it in the query via string manipulations. But make sure to sanitize it if it comes from the user: http://stackoverflow.com/questions/13405392/pdo-bindparam-issue/13406590#13406590 — Jonathan Spiller, Mar 02 '13 at 22:34
please consider to accept an answer (click tick mark on the left) if it actually answered your question — michi, Apr 14 '13 at 12:56

score 3 · Answer 1 · answered Mar 02 '13 at 22:20

You get that because the $dbc you pass to the checkIfUserExists method is not available in the global scope, only in the scope where it is created (in this case, the scope of createConnection).

The solution is simple: Never ever use globals in your code and the last code where you should use globals is in OOP code.

Use something like this:

class DatabaseOperations
{
    private $dbc;

    public function createConnection(...)
    {
        $this->dbc = new PDO(...);
    }

    public function checkIfUserExists(...)
    {
        $this->dbc->prepare(...);
        // ...
    }
}

$db = new DatabaseOperations();
$db->createConnection(...);
$db->checkIfUserExists(...);

Or return the $dbc variabele in the createConnection function and pass that to the other functions.

Important side note: This is surely not the way you should use classes. Read something about OOP and program like that. In that case, you usually have a method on the User (Active Record) or UserMapper (DataMapper) object to check if it exists.

score 0 · Answer 2 · edited Mar 02 '13 at 22:29

0

function createConnection($DB_USER, $DB_PASSWORD){

    $dbc = new PDO('mysql:host=****', $DB_USER, $DB_PASSWORD);
    return $dbc; // <---- add this...

}

function checkIfUserExists($dbc, $username, $table){

// ---> no need to use global, because you pass $dbc as an argument

calling...

$dbc = $connect->createConnection($DB_USER, $DB_PASSWORD);

edited Mar 02 '13 at 22:29

Wouter J

41,455
15
107
112

answered Mar 02 '13 at 22:20

michi

6,565
4
33
56

please note that you also need to save the return value in a var called `$dbc` – Wouter J Mar 02 '13 at 22:26
yes, of course, I clarified it in my answer. – michi Mar 02 '13 at 22:27

Call to a member function prepare() on a non-object PHP

2 Answers2