So this is only a part of my code but the only relevant thing:
if ($check == 0) {
$host = "localhost";
$user = "root";
$pass = "";
$db = "myfirstdb";
$connect = new mysqli($host,$user,$pass,$db);
if ($connect->connect_error){
die("Connection failed: " . $connect->connect_error);
} else {
echo "Connected successfully!";
}
//$sql = "INSERT INTO table1 (firstname , lastname , phone , email , date) VALUES (:fname, :lname, :phone, :email, :date)";
$secure = $db->prepare("INSERT INTO table1 (firstname , lastname , phone , email , date) VALUES (:fname, :lname, :phone, :email, :date)");
$secure->bindParam(':fname' , $firstname);
$secure->bindParam(':lname' , $lastname);
$secure->bindParam(':phone' , $phone);
$secure->bindParam(':email' , $email);
$secure->bindParam(':date' , $date);
$secure->execute();
/*if ($connect->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $connect->error;
}*/
$connect->close();
The problem i have is whenever i execute the code an error pops out:
Fatal error: Uncaught Error: Call to a member function prepare() on string in C:\xampp\htdocs\example\Index.php:206 Stack trace: #0 {main} thrown in C:\xampp\htdocs\example\Index.php on line 206
I'm trying to avoid the SQL injection by using this code but I'm not sure whether I understood it.
