A community in which webmasters can ask for help with topics such as PHP coding , MySQL , IT jobs, web design, IT security.
Current location:homephp forumphp talk in 2009 yearmysqli why does this happens? - page 1
User InfoPosts
mysqli why does this happens?#1
I have two subsequent mysqli statements, and the second returns:


Fatal error: Call to a member function bind_param() on a non-object in ...


Why this happens? Does this means that I need to open two different connection?
Is there any way to avoid this (I love keeping the SQL connection details in one file)?

Here the code:

$db = new mysqli("localhost", "root", "", "database");

$stmt = $db->prepare("UPDATE posts SET vote_".$_POST[(vote(]." = vote_".$_POST[(vote(]." + 1 WHERE id=?");
$stmt->bind_param((s(, $_POST[(id_post(]);
$stmt->execute();
$stmt->close();

$stmt = $db->prepare("INSERT INTO votes (kind, users_id, posts_id) VALUES (?, ?, ?)");
$stmt->bind_param((sss(,$_POST[(vote(],$_POST[(id_user(],$_POST[(id_post(]);
$stmt->execute();
$stmt->close();

posted date: 2009-04-07 05:25:00


Re: mysqli why does this happens?#2
I had made out the solution of this problem. click to view my topic...

hope that hepls.

posted date: 2009-04-07 05:25:01


Re: mysqli why does this happens?#3
I think your $stmt variable is null when you call bind_param over it. maybe your $_POST[(vote(] is empty? you can check it before you bind the param on the command

posted date: 2009-04-07 05:28:00


Re: mysqli why does this happens?#4
Something might have gone wrong with $db->prepare(), check $db->error.

posted date: 2009-04-07 05:30:00


Re: mysqli why does this happens?#5
Check the return value of mysqli::prepare. If it is FALSE, you should get the details for the occured error with mysqli::error.

posted date: 2009-04-07 05:33:00


Re: mysqli why does this happens?#6
That was the problem, I named differently one of the fields.. shame on me for not checking the error.. I thought that was a problem of making two consecutive queries.. thanks!

posted date: 2009-04-07 05:52:00


Re: mysqli why does this happens?#7
I thought that using mysqli would completely avoid sql injection?

posted date: 2009-04-07 05:55:00


Re: mysqli why does this happens?#8
If using bound values/parameters, you're safe from SQL injection. But what prevents the user from sending the user id of somebody else?

posted date: 2009-04-07 06:17:00


Re: mysqli why does this happens?#9
Several checks that happens way before those queries that are terminated with die()

posted date: 2009-04-07 06:22:00


Re: mysqli why does this happens?#10
@0plus1: It's important to note that it's not MySQLi that protects you from SQL injection (it's very easy to use MySQLi and still be vulnerable!), but the prepared statements.

posted date: 2011-08-14 09:34:00


select page: « 1 »
Copyright ©2008-2017 www.momige.com, all rights reserved.