php - Error when attempting to "cleanly" insert data into a MySQL database; Fatal error: Call to a member function execute() on a non-object in -


i'm relatively new php , i'm attempting make registration + login system. running issue when attempt safely insert users "username" , "password" database.

i error:

http://puu.sh/2suog.png

i'm following guide...

how can prevent sql injection in php?

.. , unless i'm blind , 30 minutes worth of searching / googling has failed me, syntax appears correct?

any ideas?

error points line 107.

<?php include('assets/repository/mysql.php') ?>  <?php   /*    * -------------------------------------------------------------------------------------   * -------------------- variable declaration & sql connection stuff --------------------   * -------------------------------------------------------------------------------------   */    // variable declaration previous page (register/login page)   $email                 = strtoupper($_post["email"]);   $password              = $_post["password"];   $password_confirmation = $_post["passwordconfirmation"]; ?>  <?php   /*   * -------------------------------------------------------------------------------------   * ---------------------------- registration form valdiation ---------------------------   * -------------------------------------------------------------------------------------   * loginerr=0 -> passwords don't match   * loginerr=1 -> username exists in db   * loginerr=2 -> registration disabled   * loginerr=3 -> password long and/or short   * loginerr=4 -> email isn't in proper format   * loginerr=5 -> email long and/or short   */    // ----- passwords match? loginerr=0 -----   // working 2013/05/13   if($password != $password_confirmation){     header('location: http://127.0.0.1/login.php?loginerr=0') ;     exit();   }    // ----- username exist in db? loginerr=1 -----   // working 2013/05/13   $finduserquery = "select * `users` email='".$email."'";   $result = $dbconnection->query($finduserquery) or die($dbconnection->error.__line__);   if($result->num_rows > 0){     header('location: http://127.0.0.1/login.php?loginerr=1');     exit();   }    // ----- registration allowed in system? loginerr=2 -----   // working 2013/05/13   $isregistrationenabledquery = "select * `global_settings` registration_enabled='0'";   $result = $dbconnection->query($isregistrationenabledquery) or die($dbconnection->error.__line__);   if($result->num_rows > 0){     header('location: http://127.0.0.1/login.php?loginerr=2');     exit();   }    // ----- password greater 4 characters, less 32 characters? loginerr=3 -----   // working 2013/05/13   if(strlen($password) > 32 || strlen($password) < 4){     header('location: http://127.0.0.1/login.php?loginerr=3');     exit();   }    // ----- email in proper format? (regex) loginerr=4 -----   // working 2013/05/13   if(!filter_var($email, filter_validate_email)){     header('location: http://127.0.0.1/login.php?loginerr=4');     exit();   }    // ----- email greater 4 characters, less 32 characters? loginerr=5 -----   // working 2013/05/13   if(strlen($email) > 32 || strlen($email) < 4){     header('location: http://127.0.0.1/login.php?loginerr=5');     exit();   } ?>  <?php   /*   * -------------------------------------------------------------------------------------   * ------------------------- passed checks - insert db ------------------------   * -------------------------------------------------------------------------------------   */    //todo: hash password + salt + pepper?    // preparing our query statement via mysqli auto-escape bad characters prevent injection   $query = $dbconnection->prepare(     'insert users (       email,password     ) values (       :email,:password     )'   );    // replacing ":xxxxx" in above statement actual values want insert   $query->execute(array(':email' => $email, ':password' => $password)) or die($dbconnection->error.__line__);    // perform actual query; , if returns false (aka if there error), print error   /*if (!mysqli_query($dbconnection,$query)){     die('error: ' . mysqli_error($dbconnection));   }*/    // never forget close connection, otherwise memory leaks happen!   mysqli_close($dbconnection); ?>  <?php include('header.php') ?> <?php include('footer.php') ?>

you seem using pdo syntax instead of mysqli.

replace ln. 96 ln. 107 with

// preparing our query statement via mysqli auto-escape bad characters prevent injection $query = 'insert users (             email,              password           ) values (             ?,             ?           )';  $stmt = $mysqli->prepare($query);     $stmt->bind_param("ss", $email, $password);     $stmt->execute();

Comments

Post a Comment

Popular posts from this blog

c# - DetailsView in ASP.Net - How to add another column on the side/add a control in each row? -

i have detailsview control on page used edit various fields of record, works in respect. i looking way add 1 column (and if works, why not more) right, absolutely read-only, show same fields of record comparison purposes. i aware there no obvious way such thing out of box detailsview . have looked other controls (transposed gridview , recommended formview , listview ), nothing satisfies. have special data binding setup using detailsview , can't out of without losing features. anyone on how "hack in" additional columns (for display only) on detailsview ? the solution have now, use second detailsview , visible set false in aspx. in code, make sure databind hidden detailsview hosts data third column first, initial detailsview named itemdetails . and in item created event, pass third column html rendering of hidden controls (in last code block) : protected void itemdetails_itemcreated(object sender, eventargs e) { if (dataite
Read more

javascript - firefox memory leak -

i have following script (i use raphaeljs also) draws circle, waits 1 second, draws circle again, etc (you can copy paste - functional, need include raphael raphaeljs.com): <div id="holder"> </div> <script src="raphael.js" type="text/javascript"></script> <script> var paper = raphael(10, 50, 320, 200); var rad = math.pi / 180; var finangle = 0; function sector(cx, cy, r, startangle, endangle, params) { var x1 = cx + r * math.cos(-startangle * rad), x2 = cx + r * math.cos(-endangle * rad), y1 = cy + r * math.sin(-startangle * rad), y2 = cy + r * math.sin(-endangle * rad); return ["m", cx, cy, "l", x1, y1, "a", r, r, 0, +(endangle - startangle > 180), 0, x2, y2]; } var path = sector(100,100,50,0,180); var arc = paper.path(path); function draw() { path = sector(100,100,50,0,finangle);
Read more

Trying to import CSV file to a SQL Server database using asp.net and c# - can't find what I'm missing -

i student , quite new programming, , given task using asp.net , c#, without being taught either. plan learn teach ourselves. the task stuck on making website import csv file sql server database of last year's room bookings around campus. the table has following columns: request_id; priority; module_id; day; start_time; length; park; students; room_code; status; semester_id; linked_request; week_1; week_2; week_3; week_4; week_5; week_6; week_7; week_8; week_9; week_10; week_11; week_12; week_13; week_14; week_15; ) in code, try make work 3 columns (request_id,priority,module) starters. when press import button, want read .csv file (with fixed name @ fixed directory) eg "1,2,3" - comma separating fields [delimiter] - , import sql server datab
Read more