0

please bear with me as I'm just learning PDO. Anyway I keep getting the error:

Fatal error: Call to a member function prepare() on a non-object

The code is below, am I doing anything wrong? The function itself is being called out on another file as so: 

$result = $database->confirmIPAddress($this->ip);

Function code:

function confirmIPAddress($value) {
    $stmt = $db->prepare("SELECT attempts, (CASE when lastlogin is not NULL and DATE_ADD(LastLogin, INTERVAL `.TIME_PERIOD.` MINUTE)>NOW() then 1 else 0 end) as Denied `.
    ` FROM `.TBL_ATTEMPTS.` WHERE ip = :ip");
    $stmt->execute(array(':ip' => $value));
    $data = $stmt->fetch(PDO::FETCH_ASSOC);

    //Verify that at least one login attempt is in database
   if (!$data) {
     return 0;
   } 
   if ($data["attempts"] >= ATTEMPTS_NUMBER)
   {
      if($data["Denied"] == 1)
      {
         return 1;
      }
     else
     {
        $this->clearLoginAttempts($value);
        return 0;
     }
   }
   return 0;  
  }
joran
  • 169,992
  • 32
  • 429
  • 468

2 Answers2

2

This is a variable scoping issue, nothing to do specifically with PDO. In your function, you use the variable $db. I assume this is a global variable you set in the main code of your script. before calling the function. In PHP, global variables are not automatically visible inside functions. You must either pass the variable in as a parameter, or use a global declaration:

function confirmIPAddress($value) {
    global $db;
    $stmt = $db->prepare(...);
    ...
}
Barmar
  • 741,623
  • 53
  • 500
  • 612
  • Fixed it :), thank you. I keep getting Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 now, any fix on that? –  Aug 16 '13 at 00:32
  • See my answer for the fix for the syntax error. – Bill Karwin Aug 16 '13 at 00:33
  • any other solution to this problem because i get same problem even if i have a global variable –  Sep 01 '14 at 09:08
0

prepare() returns false if there's any parse error, or else throws an exception if you have configured PDO to use that error mode.

Your statement has some syntax problems. You appear to be embedding a PHP constant for your table name and the time period, but you have used back-ticks to delimit your string. You need to use double-quotes in this case.

Current statement:

$stmt = $db->prepare("SELECT attempts, (CASE when lastlogin is not NULL and
    DATE_ADD(LastLogin, INTERVAL `.TIME_PERIOD.` MINUTE)>NOW() then 1 else 0 end) 
    as Denied `.
  ` FROM `.TBL_ATTEMPTS.` WHERE ip = :ip");

Should be:

$stmt = $db->prepare("SELECT attempts, (CASE when lastlogin is not NULL and
    DATE_ADD(LastLogin, INTERVAL ".TIME_PERIOD." MINUTE)>NOW() then 1 else 0 end) 
    as Denied
  FROM `".TBL_ATTEMPTS."` WHERE ip = :ip");
Bill Karwin
  • 538,548
  • 86
  • 673
  • 828
  • Thank you good sir. You're solution worked, just curious is it right to do `".TBL_ATTEMPTS."`? Or is ".TBL_ATTEMPTS." acceptable too? –  Aug 16 '13 at 01:29
  • You would use the back-ticks if TBL_ATTEMPTS needs to be delimited -- that is, if the name of your table contains special characters, whitespace, or an SQL reserved word. – Bill Karwin Aug 16 '13 at 02:10