我错过了什么一直给成员函数错误打电话？

Question

I am trying to build a simple query to process search results. I will make it PDO safe later, but for now, I keep getting a Call to a member function execute() on a non-object error, BUT I can't see anything below that is causing this. The error is at the line $results->execute();

The PDO object/connection works fine and my code works on every other page but this one. What on Earth am I missing? Some syntax error somehow?

$last = $_GET['last'];
$author = $_GET['author'];

$results = $dbh->prepare("select
wp_users.ID AS user_id,
wp_users.ID,
wp_users.display_name,
FROM wp_users
WHERE wp_users.display_name = $author; ");
$results->execute();
$row = $results->fetchAll(PDO::FETCH_ASSOC);

Answer 1

If the database server successfully prepares the statement, PDO::prepare() returns a PDOStatement object. If the database server cannot successfully prepare the statement, PDO::prepare() returns FALSE or emits PDOException (depending on error handling).

It is returning false, due to invalid sql most likely. To check the actual error, you can do:

if (!$results) {
    echo "\nPDO::errorInfo():\n";
    print_r($dbh->errorInfo());
}

Most likely, the variable you are using is not quoted, which is why you should really just use named parameters to begin with, since it's not really any more difficult:

 $results = $dbh->prepare("select wp_users.ID AS user_id, 
                           wp_users.ID, 
                           wp_users.display_name,
                           FROM wp_users
                           WHERE wp_users.display_name = :author");

 $results->execute([':author' => $author]);