Jaypee Tan Jaypee Tan - 5 months ago 17
PHP Question

Fatal error: Call to a member function prepare() on a non-object ERROR

I'm having a problem about prepared statements
im trying to prevent a sql injection in my database so i tried to apply
prepared statements but i think im having a problem

this is the collector_db.php

<?php
require 'connection.php';

$username = $_POST["username"];
$password = $_POST["password"];
$repassword = $_POST["repassword"];
$email = $_POST["email"];
$surname = $_POST["surname"];
$fname = $_POST["fname"];
$mname = $_POST["mname"];

if($password == $repassword){
global $dbConnection;
$mysql_qry = $dbConnection->prepare("insert into account_info(surname,firsname,middlename,username,pass,email) VALUES (?,?,?,?,?,?);");
$mysql_qry- >bind_param('ssssss','$surname,$fname,$mname,$username,$password,$email');

$mysql_qry->execute();

if ($connect->query($mysql_qry)=== TRUE){
echo "<script language='javascript'>";
echo "alert('Registration Success');";
echo "window.close();";
echo "</script>";
$mysql_qry->close();
$conn->close();
}
else{
echo "REGISTRATION failed".$mysql_qry."<br>". $connect->error;
echo "<script language='javascript'>";
echo "alert('Registration Failed');";
echo "</script>";
}
}
elseif($password != $repassword){
echo 'Password doesnt Match';
}
elseif($username == "" || $password == "" || $email == "" || $surname == "" || $fname == "" || $mname == "" || $repassword == ""){
echo "<script language='javascript'>";
echo "alert('Some of the Textfields is null');";
echo "</script>";
}
else {
echo "<script language='javascript'>";
echo "alert('Error');";
echo "</script>";
}

?>


thanks for the help :)

Answer

Space between $mysql_qry- and > and execute query two time at if ($connect->query($mysql_qry)=== TRUE){ and $connect is undefined in your code

Just execute it once

$mysql_qry = $dbConnection->prepare("insert into  account_info(surname,firsname,middlename,username,pass,email) VALUES (?,?,?,?,?,?);");
$mysql_qry->bind_param('ssssss', $surname,$fname,$mname,$username,$password,$email);// remove quotes form here

if ($mysql_qry->execute()) {
    echo "<script language='javascript'>";
    echo "alert('Registration Success');";
    echo "window.close();";
    echo "</script>";
    $mysql_qry->close();
}

Remove this part if ($connect->query($mysql_qry)=== TRUE){...

Comments