Home › Forums › Back End › Try out my first PHP web app! › Reply To: Try out my first PHP web app!
Fatal error: Call to a member function bind_result() on a non-object…
Think backwards: where are you trying to call
$stmt? You expect it to be the prepared statement object returned by
$con->prepare, but PHP claims it’s not an object.
How could that be? Check the docs:
mysqli_prepare() returns a statement object or FALSE if an error occurred.
$stmt is not an object, it is most likely
FALSE, meaning there was an error when you
prepared it. You can check
$con->error to see the error message.
Thought that was how it was supposed to be written. How would you write it differently?
Your query should be:
"SELECT password FROM users WHERE username = ?"
Putting the variable
$username into the sql completely defeats the security of using a prepared statement. Always use parameter markers (
?) for user data.
Also, before you
execute the statement, you need to use
bind_param to bind
$username to the query.