Fatal error: Call a member function prepare () on a non-object

0

I am creating a class to perform querys on the database, but I am having the following error when I have to use prepared statements:

  

Fatal error: Call a member function prepare () on a non-object in   C: \ xampp \ htdocs \ MyOffices \ php \ model.php on line 13

Where can I be wrong? I thought I was the builder, but apparently it is not.

Index:

<?php
require_once 'model.php';
 $conn = new model("mysql","localhost", "teocratico", "UTF8","root","");
 $conn->consulta("descricao","desafios");
?>

Class:

 <?php
    class model {
      private $conexao;

      public function __construct ($db, $host, $dbname, $charset, $usuario, $senha){
        try{
          $this->conexao = new PDO ("$db:host=$host; dbname=$dbname; charset=$charset","$usuario","$senha");
        } catch (PDOException $erro){
            return $erro->getmessage();
        }
      }
      public function consulta ($campos, $tabela){
        $this->conexao->prepare("SELECT :campos FROM :tabela"); //erro nessa linha
        $this->conexao->BindParam(':campos', $campos);
        $this->conexao->BindParam(':tabela', $tabela);
        $this->conexao->execute();
        $resultado = $this->conexao->fetchAll(PDO::FETCH_ASSOC);
        echo $resultado;
      }
    }

    ?>
    
asked by anonymous 24.05.2017 / 01:07

1 answer

2

Using try / catch inside the constructor no longer looks good and even using return in it, this will not work, you'd better use try / catch outside of the class, because at least it will have a sensible use for they, since using a try / catch just to check the PDO and not stop the rest of what should be part of the "same" block does not make much sense

So to explain it better, I think the problem is occurring in the connection and how you used try / catch does not emit anything or finish the script and as I said return "does not work" in __construct , then in then you try to use the consulta method, but the $this->conexao variable did not go through try because of some failure in the new PDO call, so it was still NULL .

You also passed bindParam on the connection instead of using prepare and execute :

$this->conexao->prepare("SELECT :campos FROM :tabela"); //erro nessa linha
$this->conexao->BindParam(':campos', $campos);
$this->conexao->BindParam(':tabela', $tabela);

It should be this:

$prepare = $this->conexao->prepare("SELECT :campos FROM :tabela"); //erro nessa linha
$prepare->BindParam(...);
$prepare->BindParam(...);

Another problem that Rray addressed to me was the use of the parameters for FROM and columns, there is no way this works the way you did, bindParam and bindValue function as character escapes, in fact the parameters after processing would look something like:

SELECT 'id, nome, senha' FROM 'minhatabela'

In other words, query will not look for minhatabela in the database, it will look for 'minhatabela' with the included apostrophes and instead of searching the 3 columns it will look for generate a column with the name id, nome, senha , as if it were all one thing.

I suggest switching to this:

<?php
class model {
  private $conexao;

  public function __construct ($db, $host, $dbname, $charset, $usuario, $senha){
        $this->conexao = new PDO ("$db:host=$host; dbname=$dbname; charset=$charset","$usuario","$senha");
  }

  public function consulta (array $campos, $tabela){
    $prepare = $this->conexao->prepare("SELECT ' . $campos . ' FROM " . $tabela);

    $prepare->execute();

    $resultado = $prepare->fetchAll(PDO::FETCH_ASSOC);
    print_r($resultado);
  }
}

And in the call:

require_once 'model.php';

try{
    $conn = new model("mysql","localhost", "teocratico", "UTF8","root","");
    $conn->consulta("descricao","desafios");
} catch (PDOException $erro){
    echo $erro->getmessage();
}

Of course, you should not pass control of $campos and $tabela to the end user by GET and POST, otherwise use bindParam remembering that it always "escapes" the characters and "adds the apostrophes" in the processing

    
24.05.2017 / 01:29