Reply To: Try out my first PHP web app!

[__]

Fatal error: Call to a member function bind_result() on a non-object…

Think backwards: where are you trying to call bind_result?
On $stmt.

What is $stmt? You expect it to be the prepared statement object returned by $con->prepare, but PHP claims it’s not an object.

How could that be? Check the docs:

mysqli_prepare() returns a statement object or FALSE if an error occurred.

So, if $stmt is not an object, it is most likely FALSE, meaning there was an error when you prepared it. You can check $con->error to see the error message.

Thought that was how it was supposed to be written. How would you write it differently?

Your query should be:

"SELECT password FROM users WHERE username = ?"

Putting the variable $username into the sql completely defeats the security of using a prepared statement. Always use parameter markers (?) for user data.

Also, before you execute the statement, you need to use bind_param to bind $username to the query.