0

I'm creating a PDO Login class to use on my projects, but since I'm new to it I'm not being able to bind parameters to a prepared sql statement. Here's the function that is ment to do it :

include_once('connection.php');

class User{

    protected $db;

    public function __construct(){
        $oConnection = new Connection;
        $this->db = $oConnection->getConnection();
        //var_dump($this->db);
    }

    public function Login($name, $pass){
        if(!empty($name) && !empty($pass)){         
            $st = $this->db;
            $st->prepare("SELECT * FROM users WHERE user_name=? and user_password=?");
            $st->bindParam(1, $name);
            $st->bindParam(2, $pass);
            $st->execute();
            var_dump($st);

            if($st->rowCount == 1){
                echo "User verified, Acces granted.";
            }else{
                echo "Incorrect username or password.";
            }

        }else{
            echo "Please fill in the entire form";
        }
    }

}

And here is the Connection :

class Connection{

    protected $db;

    //Construct
    public function Connection(){

    $conn = NULL;
        try{
            $conn = new PDO("mysql:host=localhost;dbname=<db_name>", "<db_user>", "<db_pass>");
            $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

            } catch(PDOException $e){
                echo 'ERROR: ' . $e->getMessage();
                }

            $this->db = $conn;
    }

    public function getConnection(){
        return $this->db;
    }
}

I am Receiving the following error :

Fatal error: Call to undefined method PDO::bindParam() in ......... on line 22

If someone can help me out a bit that would be great, I really want to get to know PDo better.

Improve this question

3 Answers 3

Reset to default
2

You have to capture the result of the prepare call (which is a PDOStatement object) and then call bindParam() on that, not the PDO object itself.

$st = $this->db->prepare("SELECT * FROM users WHERE user_name=? and user_password=?");
$st->bindParam(1, $name);
$st->bindParam(2, $pass);
$st->execute();

$st is now the PDOStatement object and you can call bindParam() and execute().

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2

If you have copied your MySQL error to google you would see same errors in many many pages. Here is the first one saying:

The bindParam() method is inside the PDOStatement class, not the PDO class. The statement is the result of the prepare() method.

Please see: Call to undefined method PDO::bindParam()

Improve this answer

Comments

2

You are using PDO object as statement prepared object to bind

$db = $this->db;
$st = $db->prepare("SELECT * FROM users WHERE user_name=? and user_password=?");
$st->bindParam(1, $name);
$st->bindParam(2, $pass);
$st->execute();
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.