PHP - prepared statement bind_param()

Question

I know there are lots of other people having this issue but I cant find a solution. I've had this problem before and I managed to fix it:

$check = $conn->prepare("SELECT password,key,user FROM `users` WHERE email = ?");
$check->bind_param("s",$url_email); <-- line 31
$check->execute();
mysqli_stmt_bind_result($check,$db_pass,$db_user_id,$db_username);  
$check->close();

But when using a prepared statement I get this error:

PHP Fatal error: Call to a member function bind_param() on a non-object in /var/www/html/login.php on line 31

Your query also isn't selecting the userid, `$db_user_id`. – chris85 May 12 '16 at 19:22 — chris85, May 12 '16 at 19:22

u_mulder · Accepted Answer · 2016-05-12T19:25:05.493

3

You're lucky. All your fields' names are keywords or reserved words in mysql.

You should escape them:

SELECT `password`, `key`, `user` FROM `users` WHERE email = ?

Strictly saying only key is a reserved word, password and user are not, but still escape'em.

Also, thanks to @chris85 you're mixing OO and procedural mysqli. Instead of

mysqli_stmt_bind_result($check,$db_pass,$db_user_id,$db_username);

use

$check->bind_result($db_pass, $db_user_id, $db_username);

edited May 12 '16 at 19:25

answered May 12 '16 at 19:18

u_mulder

54,101
5
48
64

Thanks for the tips, but my problem still has not been solved. after using var_dump on the $url_email, its definitely a string, – hayhay May 12 '16 at 20:22
While it's poor style to mix procedural with OO, it shouldn't cause an error AFAIK. – Barmar May 12 '16 at 21:05

PHP - prepared statement bind_param()

1 Answers1