php - Error when attempting to "cleanly" insert data into a MySQL database; Fatal error: Call to a member function execute() on a non-object in -

i'm relatively new php , i'm attempting make registration + login system. running issue when attempt safely insert users "username" , "password" database.

i error:

http://puu.sh/2suog.png

i'm following guide...

how can prevent sql injection in php?

.. , unless i'm blind , 30 minutes worth of searching / googling has failed me, syntax appears correct?

any ideas?

error points line 107.

<?php include('assets/repository/mysql.php') ?>  <?php   /*    * -------------------------------------------------------------------------------------   * -------------------- variable declaration & sql connection stuff --------------------   * -------------------------------------------------------------------------------------   */    // variable declaration previous page (register/login page)   $email                 = strtoupper($_post["email"]);   $password              = $_post["password"];   $password_confirmation = $_post["passwordconfirmation"]; ?>  <?php   /*   * -------------------------------------------------------------------------------------   * ---------------------------- registration form valdiation ---------------------------   * -------------------------------------------------------------------------------------   * loginerr=0 -> passwords don't match   * loginerr=1 -> username exists in db   * loginerr=2 -> registration disabled   * loginerr=3 -> password long and/or short   * loginerr=4 -> email isn't in proper format   * loginerr=5 -> email long and/or short   */    // ----- passwords match? loginerr=0 -----   // working 2013/05/13   if($password != $password_confirmation){     header('location: http://127.0.0.1/login.php?loginerr=0') ;     exit();   }    // ----- username exist in db? loginerr=1 -----   // working 2013/05/13   $finduserquery = "select * `users` email='".$email."'";   $result = $dbconnection->query($finduserquery) or die($dbconnection->error.__line__);   if($result->num_rows > 0){     header('location: http://127.0.0.1/login.php?loginerr=1');     exit();   }    // ----- registration allowed in system? loginerr=2 -----   // working 2013/05/13   $isregistrationenabledquery = "select * `global_settings` registration_enabled='0'";   $result = $dbconnection->query($isregistrationenabledquery) or die($dbconnection->error.__line__);   if($result->num_rows > 0){     header('location: http://127.0.0.1/login.php?loginerr=2');     exit();   }    // ----- password greater 4 characters, less 32 characters? loginerr=3 -----   // working 2013/05/13   if(strlen($password) > 32 || strlen($password) < 4){     header('location: http://127.0.0.1/login.php?loginerr=3');     exit();   }    // ----- email in proper format? (regex) loginerr=4 -----   // working 2013/05/13   if(!filter_var($email, filter_validate_email)){     header('location: http://127.0.0.1/login.php?loginerr=4');     exit();   }    // ----- email greater 4 characters, less 32 characters? loginerr=5 -----   // working 2013/05/13   if(strlen($email) > 32 || strlen($email) < 4){     header('location: http://127.0.0.1/login.php?loginerr=5');     exit();   } ?>  <?php   /*   * -------------------------------------------------------------------------------------   * ------------------------- passed checks - insert db ------------------------   * -------------------------------------------------------------------------------------   */    //todo: hash password + salt + pepper?    // preparing our query statement via mysqli auto-escape bad characters prevent injection   $query = $dbconnection->prepare(     'insert users (       email,password     ) values (       :email,:password     )'   );    // replacing ":xxxxx" in above statement actual values want insert   $query->execute(array(':email' => $email, ':password' => $password)) or die($dbconnection->error.__line__);    // perform actual query; , if returns false (aka if there error), print error   /*if (!mysqli_query($dbconnection,$query)){     die('error: ' . mysqli_error($dbconnection));   }*/    // never forget close connection, otherwise memory leaks happen!   mysqli_close($dbconnection); ?>  <?php include('header.php') ?> <?php include('footer.php') ?> 

you seem using pdo syntax instead of mysqli.

replace ln. 96 ln. 107 with

// preparing our query statement via mysqli auto-escape bad characters prevent injection $query = 'insert users (             email,              password           ) values (             ?,             ?           )';  $stmt = $mysqli->prepare($query);     $stmt->bind_param("ss", $email, $password);     $stmt->execute();