PHP
session_start();
$username = $_POST['regduser'];
$userpass = md5($_POST['regdpass']);
$sql = $sql->prepare("SELECT * from Students WHERE regduser='$username' and regdpass='$userpass'");
$sql->bindParam(':username', $username);
$sql->bindParam(':userpass', $userpass);
$stmnt->execute();
$result = mysql_query($sql);
if (mysql_num_rows($result)!= 1) {
$error = "Login failed";
#include "loginform.php";
} else {
echo "<h1>exists</h1>";
#$_SESSION['regduser'] = "$username";
#$_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
// any other data needed to navigate the site or
// to authenticate the user can be added here
#include "membersection.php";
}
?>
HTML:
<form action="inc/check_regUsr.php" method="post" id="userLogon">
<div class="field required">
Username: <input type="text" name="regduser" tabindex="1" /><br />
</div>
<div class="field required">
Password: <input type="password" name="regdpass" tabindex="2" /><br />
</div>
<input type="submit" name="submitUser" />
</form>
Fatal error: Call to a member function prepare() on a non-object on line 9
That line is:
$sql = $sql->prepare("SELECT * from Students WHERE regduser='$username' and regdpass='$userpass'");
What am I doing wrong here?!
Ohoh, where to begin…
$sqlmade?:placeholdernamein prepared statements, not$placeholdername.$sql, destroying your database connection if you ever had one.$stmntdoes not existmysql_querydo there? You have 3 options:mysql,mysqliorPDO. Stick with one, don’t mix & match.