Home › Forums › Back End › Try out my first PHP web app! › Reply To: Try out my first PHP web app!
Fatal error: Call to a member function bind_result() on a non-object
…
Think backwards: where are you trying to call bind_result
?
On $stmt
.
What is $stmt
? You expect it to be the prepared statement object returned by $con->prepare
, but PHP claims it’s not an object.
How could that be? Check the docs:
mysqli_prepare() returns a statement object or FALSE if an error occurred.
So, if $stmt
is not an object, it is most likely FALSE
, meaning there was an error when you prepare
d it. You can check $con->error
to see the error message.
Thought that was how it was supposed to be written. How would you write it differently?
Your query should be:
"SELECT password FROM users WHERE username = ?"
Putting the variable $username
into the sql completely defeats the security of using a prepared statement. Always use parameter markers (?
) for user data.
Also, before you execute
the statement, you need to use bind_param
to bind $username
to the query.