0

Need some help here, theres a fatal error when I try to bind.

Call to a member function bind_param() on a non-object.

Please help :(

<?php
$connection = mysqli_connect("localhost","root","","shopp"); //connect to database
if (!$connection){
    die('Could not connect: ' . mysqli_connect_errno()); //return error is connect fail
}

$query= $connection->prepare("select * from login where (USERNAME=?,PASSWORD=?");

$username=$_POST['uname'];
$password=$_POST['pass'];

 $query ->bind_param('ss',$password,$username);

// To protect MySQL injection for Security purpose
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

$rows = mysql_num_rows($query);
if ($rows == 1) {
$_SESSION['login_user']=$username; // Initializing Session
header("location: web.html"); // Redirecting To Other Page
} else {
header("location: loginerror.html");
}

?>

The error is at this line: 

$query ->bind_param('ss',$password,$username);
chris85
  • 23,846
  • 7
  • 34
  • 51
help
  • 1
  • why are using mysql_* extension here? – devpro Jan 18 '16 at 15:33
  • for fatal error use this $query->bind_param('ss',$password,$username); – devpro Jan 18 '16 at 15:33
  • You can't mix drivers, `mysqli` doesn't work with `mysql_*`. I've also never seen this syntax before `where (USERNAME=?,PASSWORD=?)`, does that work in your DB interface? – chris85 Jan 18 '16 at 15:35
  • 2
    You have a syntax error in your query, and you BLINDLY assumed that nothing could ever go wrong with your query, hence taking the boolean false that mysqli returned and trying to use it as an object. Plus, you need to learn about [sql injection attacks](http://bobby-tables.com). Using placeholders and then STILL trying to (incorrectly) manually escape is a strong indication of cargo-cult programming. – Marc B Jan 18 '16 at 15:37
  • The fatal error clearly tells you that `$query` is not an object, it's a boolean value `false`, which means your prepare statement has failed. – Rajdeep Paul Jan 18 '16 at 15:38
  • whats wrong with the prepare statement? – help Jan 18 '16 at 15:40
  • You are missing a closing `)` for the where clause, that also doesn't appear to be valid SQL. I think it should be where `username = ? and password = ?`. – chris85 Jan 18 '16 at 15:44
  • still got error. isit a valid SQL? – help Jan 18 '16 at 15:53
  • Same error? Have you corrected the other issues? Update your question to your current code.. Use the `@` if addressing comments to a user. – chris85 Jan 18 '16 at 16:00
  • While the linked duplicate is not the correct duplicate, it is still a problem in this code. See [this](http://stackoverflow.com/questions/12769982/reference-what-does-this-error-mean-in-php) and the documentation for the call you made for more details about the error you received. – Sumurai8 Jan 18 '16 at 16:18

0 Answers0