I have a table called candidates with some fields. The table contains a column named "keypass" which is the same for all users and is set as default. Using prepared statement I'm trying to first capture the value for key pass (which is the same for this example) and compare it to the user input.

the connection

<?php 
$dbServerName = "localhost"; 
$dbUserName = "root"; 
$dbPassword = ""; 
$dbName = "candidateDB"; 
$conn = mysqli_connect($dbServerName,$dbUserName,$dbPassword,$dbName‌​); 

here is my code:

$stm_keypass = $conn ->prepare ("SELECT * FROM candidates WHERE keypass = ?");
$stm_keypass -> bind_param("s", $keypass);
$sql_keypass = $stm_keypass->execute();

when I run the script I get this error "Fatal error: Call to a member function bind_param() on a non-object" what is the issue? thanks

table here

"Fatal error: Call to a member function bind_param() on a non-object" here would mean your $stm_keypass was likely not created properly, and is thus not an object. Check out the docs on how to handle error detection of prepared statements and go from there.