I'm moving away from mysql and mysqli as many users on stackoverflow are constantly saying good things about it.
I've made a database class and have tested this, this connects fine to the database. I've tried to update my prepared statements to match however I am in unfamiliar territory and have ended up getting the following error:
Fatal error: Call to undefined method PDOStatement::bind_param() in E:\xampp\htdocs\imanage\insert.php on line 50
which reflects this line:
$stmt->bind_param("s", $_POST['email']);
Also in regards to this I am getting the database connection success and close statements returned to me as well as the fatal error e.g:
Successfully connected to the database!Successfully connected to the database!Successfully disconnected from the database!
I'll explain what I am trying to achieve:
- Check e-mail exists in the database before registrating user
- if so tell user that this e-mail exists
- if no match insert the user into the users table and encrypt the password
The relevant code is below and would appreciate if anyone could give me some guidance on this.
index.php
<form id="loginForm" method="POST" action="class.Login.php"> <input type="text" id="email" name="email" placeholder="E-mail"> <input type="password" id="password" name="password" placeholder="Password" class="showpassword"> <input type="submit" name="submit" value="Log in"></form> insert.php
public function insert() { $stmt = $this->pdo->prepare("SELECT COUNT(*) FROM users WHERE email=?"); $stmt->bind_param("s", $_POST['email']); $stmt->execute(); $stmt->bind_result($email_count); $stmt->fetch();//fecth $stmt->close(); if ($email_count > 0) { echo "email exisits! click here to try <a href='register'>again</a>"; } else { //escape the POST data for added protection $username = isset($_POST['username']) ? $_POST['username'] : null; $cryptedPassword = crypt($_POST['password']); $password = $cryptedPassword; $name = isset($_POST['name']) ? $_POST['name'] : null; $email = isset($_POST['email']) ? $_POST['email'] : null; $stmta = $this->pdo->prepare("INSERT INTO users (username, password, name, email) VALUES (?, ?, ?, ?)"); //var_dump($this->pdo->error); $stmta->bind_param('ssss', $username, $password, $name, $email); // bind strings to the paramater /* execute prepared statement */ $stmta->execute(); printf("%d Row inserted.\n", $stmta->affected_rows); /* close statement and connection */ $stmta->close(); } // end email_count and insert to table } // end function connect/class.Database.php
<?php // Database connection PDO class Database { public function __construct() { // Connection information $host = 'localhost'; $dbname = 'imanage'; $user = 'root'; $pass = ''; // Attempt DB connection try { $this->pdo = new PDO("mysql:host=$host;dbname=$dbname", $user, $pass); $this->pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); echo 'Successfully connected to the database!'; } catch(PDOException $e) { echo $e->getMessage(); } } public function __destruct() { // Disconnect from DB $this->pdo = null; echo 'Successfully disconnected from the database!'; } } $run = new Database(); ?> 
mysqi. Also, why are you writing your own ORM when there are several out there like Doctrine or Propel which are feature-complete and tested?