Problem with form: PHP Uncaught Error: Call to a member function prepare () on string

Question

Problem with form: PHP Uncaught Error: Call to a member function prepare () on string

Navigation

#1 by (0 votes)

2

I'm testing a form and I get that error on line 21 that says:

$stat1 = $db->prepare("insert into about values(?,?,?,?,?)");

The code is like this:

<?php
$host = 'localhost';
$db = 'form';
$user = 'root';
$dbpass = '';


if(isset($_POST['save'])){
    $id = uniqid();
    $name = $_POST['name'];
    $email = $_POST['email'];
    $phone = $_POST['phone'];
    $address = $_POST['address'];
    $username = $_POST['username'];
    $password = md5($_POST['password']);
    $title = $_POST['title'];
    $description = $_POST['description'];
    $sites = $_POST['sites'];
    $category = $_POST['category'];
    $stat1 = $db->prepare("insert into about values(?,?,?,?,?)");
    $stat1->bindParam(1, $id);
    $stat1->bindParam(2, $name);
    $stat1->bindParam(3, $email);
    $stat1->bindParam(4, $phone);
    $stat1->bindParam(5, $address);
    $stat1->execute();
    $stat2 = $db->prepare("insert into account values(?,?,?)");
    $stat2->bindParam(1, $id);
    $stat2->bindParam(2, $username);
    $stat2->bindParam(3, $password);
    $stat2->execute();
    $stat3 = $db->prepare("insert into website values(?,?,?,?,?)");
    $stat3->bindParam(1, $id);
    $stat3->bindParam(2, $title);
    $stat3->bindParam(3, $description);
    $stat3->bindParam(4, $sites);
    $stat3->bindParam(5, $category);
    $stat3->execute();
    header('Location: save.php');
}
?>

I have PHP 7 and I test it on localhost

php7 formularios

asked by Sebastián Contreras 12.06.2018 в 04:25

source

1 answer

Filter by class without using stream when reading an array of objects with Java lambda expressions 8 ARM Undefine Instruction

score 0 · Accepted Answer

The problem is that you are not creating an instance of the connection.

Try doing it like that.

I have put two settings that will save you a lot of headaches:

$charset to avoid foreign character problems
$arrOptions with the configuration of two options that will allow: a correct handling of errors (without this, in some cases your password could be revealed in the error log); avoid emulated preparations, which could allow SQL injection through emulated prepared queries.

This would be the connection code:

$host = 'localhost';    // o '127.0.0.1' regularmente
$dbname  = 'form';      //aquí el nombre de la base de datos
$user = 'root';
$pass = '';
$charset = 'utf8';

$dsn = "mysql:host=$host;dbname=$dbname;charset=$charset";
$arrOptions = array(
                      PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
                      PDO::ATTR_EMULATE_PREPARES => FALSE
                    );
$db = new PDO($dsn, $user, $pass, $arrOptions);

Or so:

$host = 'localhost'; // o '127.0.0.1' regularmente
$dbname  = 'form';      //aquí el nombre de la base de datos
$user = 'root';
$pass = '';

$dsn = "mysql:host=$host;dbname=$dbname";
$arrOptions = array(
                      PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
                      PDO::ATTR_EMULATE_PREPARES => FALSE,
                      PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'utf8'"
                    );
$db = new PDO($dsn, $user, $pass, $arrOptions);

In either case, you will have an instance of the connection properly configured in $db .