I'm trying to make a prepared statement to query a customer database and set their user session variables. When I try to run it I get this error.

Fatal error: Call to a member function bind_param() on a non-object in C:\wamp\www\HW2\user_login.php on line 57

Can someone help me with why I'm getting this error and if their is anything else wrong with my code.

include_once "connect_to_mysql.php";

$stmt = $db_obj->prepare("SELECT `id`FROM `customer` WHERE `username` = ? AND pass = ? LIMIT 1");
$stmt->bind_param('ss', $username, $password); 
$stmt->execute(); 
//$stmt->bind_result($username, $password);
 

//$sql = mysql_query("SELECT * FROM members WHERE email='$email' AND password='$password'"); 
//$login_check = $result->num_rows;
$login_check = $stmt->num_rows;
/*if ($stmt->fetch())*/
if($login_check == 1){ 
    while($row = $stmt->fetch()){ 
        // Get member ID into a session variable
        $id = $row["id"]; 
	}
        $_SESSION['id'] = $id;
        // Get member username into a session variable
	       
        $_SESSION['username'] = $username;
       
        // Print success message here if all went well then exit the script
		//header("location: index.php?id=$id"); 
		header("location: index.php");
		exit();
     // close while
} else {
// Print login failure message to the user and link them back to your login page
  print '<br /><br /><font color="#FF0000">No match in our records, try again </font><br />
<br /><a href="user_login.php">Click here</a> to go back to the login page.';
  exit();
}

connect_to_mysql.php

$host = "localhost";  // database server host domain name
    // $host = "p:webdev.cs.kent.edu";  // persistent connection
    // $host = "dbdev.cs.kent.edu";  // database server host domain name
    $phphost=trim(`hostname`);     // host of php script
    if ( $phphost == $host )
    {  $host="localhost";  }

    $uid="root";
    $pass="";
    $dbname="HW2";
    // $uid="db";
    // $pass="need2know";
    // $dbname="trialdb";

    $db_obj = new mysqli($host, $uid, $pass, $dbname);  // connetion object

    if (mysqli_connect_errno())  // connection failed
    {  printf("Can't connect to $host $dbname. %s:%s\n",
         mysqli_connect_errno(), mysqli_connect_error());
       exit();
    }

hmmn is this mysqli? Wow! have not seen this for years.. try

$stmt->bind_param('ss', $username, $password);

## prepare your statements
$username = "define it here";
$password = "define it here also";
## now execute the prepared statements above
$stmt->execute();

ONly then, you can begin with your query or whatever task you have in mind..

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.