php - Call to a member function bindParam() on a non-object

Question

I'm working a log-in script that I found on the web. (http://alias.io/2010/01/store-passwords-safely-with-php-and-mysql/)

As I was trying to make it work, I stumbled upon this error:

bool(false) Fatal error: Call to a member function bindParam() on a non-object in /srv/disk3/1446018/www/askmephilosophy.co.nf/session.php on line 25

My code:

<?php

  include('config.php');

  //  Establishing the connection:
  $MyConnection = mysqli_connect('hostname', 'user', 'pass', 'database')
    or die('An error has occured when you were trying to login. You can return to the main page
      by clicking: <a href="index.php">here</a>. <br />
      If this error is consistent, please <a href="contact.php">contact us</a>.');

  //  Information provide by the user:
  $username = $_POST['username'];
  $password = $_POST['password']; // Text version.

  $StatementHandle = $MyConnection->prepare('
    SELECT
      hash
    FROM Users
    WHERE
      username = :username
    LIMIT 1
    ');

  var_dump($StatementHandle);
  $StatementHandle->bindParam(':username', $username);

  $StatementHandle->execute();

  $user = $StatementHandle->fetch(PDO::FETCH_OBJ);

  // Hashing the password with its hash as the salt returns the same hash:
  if(crypt($password, $user->hash) == $user->hash) {
    echo 'You are logged in. Well, not actually. We only just confirmed that
      our system works. This service'll cost you $1';
  }

?>

Answer 1

your connection object is mysqli, you should use PDO to connect mysql like

$dsn = 'mysql:dbname=testdb;host=127.0.0.1';
$user = 'dbuser';
$password = 'dbpass';

try {
    $dbh = new PDO($dsn, $user, $password);
} catch (PDOException $e) {
    echo 'Connection failed: ' . $e->getMessage();
}