我正在创建要在我的项目中使用的PDO登录类，但是由于它是我的新手，所以我无法将参数绑定到准备好的sql语句。这是执行此操作的功能：

include_once('connection.php');

class User{

    protected $db;

    public function __construct(){
        $oConnection = new Connection;
        $this->db = $oConnection->getConnection();
        //var_dump($this->db);
    }

    public function Login($name, $pass){
        if(!empty($name) && !empty($pass)){
            $st = $this->db;
            $st->prepare("SELECT * FROM users WHERE user_name=? and user_password=?");
            $st->bindParam(1, $name);
            $st->bindParam(2, $pass);
            $st->execute();
            var_dump($st);

            if($st->rowCount == 1){
                echo "User verified, Acces granted.";
            }else{
                echo "Incorrect username or password.";
            }

        }else{
            echo "Please fill in the entire form";
        }
    }

}

class Connection{

    protected $db;

    //Construct
    public function Connection(){

    $conn = NULL;
        try{
            $conn = new PDO("mysql:host=localhost;dbname=<db_name>", "<db_user>", "<db_pass>");
            $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

            } catch(PDOException $e){
                echo 'ERROR: ' . $e->getMessage();
                }

            $this->db = $conn;
    }

    public function getConnection(){
        return $this->db;
    }
}

您必须捕获prepare调用的结果（这是一个PDOStatement对象），然后在其上调用bindParam()，而不是PDO对象本身。

$st = $this->db->prepare("SELECT * FROM users WHERE user_name=? and user_password=?");
$st->bindParam(1, $name);
$st->bindParam(2, $pass);
$st->execute();