Prepared statement returns bind_param() on a non-object

Question

I'm trying to create a simple api which adds views to a table. i've then tried to use prepared statements inorder to avoid SQL injections, but cant seem to make it work. It keep returning following error: (Fatal error: Call to a member function bind_param() on a non-object in)

$con = new mysqli('host','user','pass','db');
$type = $_GET['type'];
$identifier = $_GET['identifier'];
$news = $_GET['newsid'];

$check = $con->prepare("SELECT * FROM news WHERE news.news_id =? OR news.type =? OR news.identifier=?");
$check->bind_param("iss", $news, $type, $identifier);
$check->execute();


if ($check->fetchColumn() > 0) {

    $add_view = $con->prepare("INSERT INTO views VALUES (:news_id, :identifier, :type, CURRENT_TIMESTAMP())");
    $add_view->bindValue(':news_id', $news);
    $add_view->bindValue(':identifier', $identifier);
    $add_view->bindValue(':ntype', $type);
    $add_view->execute();

}

score 2 · Answer 1 · answered Apr 18 '15 at 18:25

2

I think you are mixing mysqli and PDO implementation here. You should use bind_param for mysqli. bindParam and bindValue are PDOs.

answered Apr 18 '15 at 18:25

frz3993

1,595
11
13

score 0 · Answer 2 · answered Apr 18 '15 at 18:23

0

Turn on warnings. You have an error somewhere in your syntax. So $con->prepare returns false and issues a warning.

You can find the text of the error in $con->error.

answered Apr 18 '15 at 18:23

ircmaxell

163,128
34
264
314

Prepared statement returns bind_param() on a non-object

2 Answers2