0

Can someone help me understand this error?

Fatal error: Call to a member function bind_param() on a non-object in C:\MAMP\htdocs\MyCMS\insert_posttwo.php on line 64

<?php    

    $mysqli = mysqli_connect("localhost", "root", "root", "mycms");

    if (isset($_POST['submit'] )) {  
        $post_author    = $_POST['post_author'];

       $stmt = $mysqli->prepare ("INSERT INTO 'posts' ('post_author') VALUES(?)");

       $stmt->bind_param('s', $post_auth);

       $post_auth =     $post_author;
       $stmt->execute();


       echo "<script>alert('Post has been published')</script>";
       echo "<script>window.open('insert_post','_self')</script>";

       $stmt->close();

   }

?>
potashin
  • 44,205
  • 11
  • 83
  • 107
rrr rrr
  • 7
  • 5

2 Answers2

3

Instead of single quotes ' use backticks ` to escape field or table names .

$stmt = $mysqli->prepare ("INSERT INTO `posts` (`post_author`) VALUES(?)");
potashin
  • 44,205
  • 11
  • 83
  • 107
1

Change this (For columns you have to use back ticks not single quotes):

'posts'

to:

`posts`

Also you have to create a object and not the procedural method otherwise you can't do that so use this:

$mysqli = new mysqli_connect("localhost", "root", "root", "mycms");
        //^^^ See here so you create a object

And also you have to close your connection like this:

$mysqli->close();
//^^^^^ Close the connection and not the stmt
Rizier123
  • 58,877
  • 16
  • 101
  • 156
  • Thanks guys!! that work brilliantly. But isn't it terrible practice to keep the username and password in a php file? Is it possible to inspect the file and find the username and password? – rrr rrr Jan 08 '15 at 17:12
  • @rrrrrr You're welcome! What do you mean with: `keep the username and password in a php file`? – Rizier123 Jan 08 '15 at 17:14
  • just to clarify, for example -- the connection string has my username and password exposed in text format (in this case it's root root).. but in a real project this will contain the username and password – rrr rrr Jan 08 '15 at 17:16