Errors in prepared statement – Undefined variable: sql and Fatal error: Call to a member function bind_param()-Collection of common programming errors

11 years ago

admin

1 minute

I am getting 2 errors in my code:

Notice: Undefined variable: sql
AND
Fatal error: Call to a member function bind_param() on a non-object

My code is:

//if there is a plant name
if (isset($_POST['plant_name']) && $_POST['plant_name']) { 
$where .= "AND (common_name) LIKE ? OR (latin_name) LIKE ?";
}
$stmt = $conn2->prepare($sql . $where);
if (isset($_POST['plant_name']) && $_POST['plant_name']) { 
$stmt->bind_param('s', strtolower($_POST['plant_name']));
$stmt->bind_param('s', strtolower($_POST['plant_name'])."%");
}

//execute query
$stmt->execute();

// get the roses and do the query!
$sql = "SELECT * FROM rosename";

//do we have a 'where string' to add to this query
if ($where) {
$query .= $where;
}

$sql = mysql_query($query, $conn2);

I am basically trying to get someone to type in a plant in the plant_name field and then see if it is like any values from latin_name and common_name attributes in the DB.

Could somebody please help me out.