Home >Database >Mysql Tutorial >Why Am I Getting 'Call to a member function execute() on a non-object' with mysqli Prepared Statements?
Understanding Mysqli Prepared Statements
Preparing statements is a crucial practice for preventing SQL injection vulnerabilities. However, a common error encountered when using mysqli prepared statements is receiving the error "Call to a member function execute() on a non-object."
To resolve this issue and effectively use mysqli prepared statements, you'll need to understand the following:
Here's an example to illustrate the complete process:
<?php // Connect to MySQL $mysqli = new mysqli("localhost", "root", "root", "test"); // Prepare statement $stmt = $mysqli->prepare("INSERT INTO users (name, age) VALUES (?, ?)"); // Bind parameters $name = 'one'; $age = 1; $stmt->bind_param('si', $name, $age); // Execute statement $stmt->execute(); // Insert another row with different values $name = 'two'; $age = 2; $stmt->bind_param('si', $name, $age); $stmt->execute(); ?>
Using mysqli for prepared statements is highly recommended as it's the recommended way to protect against SQL injection in PHP. The example above covers not only connection, insertion, and selection, but also provides error handling.
The above is the detailed content of Why Am I Getting 'Call to a member function execute() on a non-object' with mysqli Prepared Statements?. For more information, please follow other related articles on the PHP Chinese website!