PHP / MySQLi execute() on non-object

Question

This question applies specifically to issues in the Openwall tutorial on PHP password hashing. Please read the edit below.

This question has been asked hundreds of times, but none of the answers found my issue.

$app->post("/movies", function() use ($app, $log){
   $db = new mysqli(db_address,db_user,db_pass,db_database,db_port);
   if ($db->connect_errno) {
     $log->emergency("EM[MYSQL] Can't connect to MySQL: " . $db->error);
   }
   ($stmt = $db->prepare("INSERT INTO movies (MovieName, MovieCover, MovieDescription, MovieDirector, MovieDate) VALUES (':title', ':cover', ':description', ':director', ':release_date')") || $log->error('ER[MYSQL] Could not prepare statement: ' . $db->error));
   echo $db->error;
   var_dump($stmt);

   $title = grabPostVar('title');
   $cover = grabPostVar('cover');
   $desc = grabPostVar('desc');
   $director = grabPostVar('director'); 
   $release_date = grabPostVar('release_date');

   if(!($stmt->execute(array(':title' => $title, ':cover' => $cover, ':description' => $desc, ':director' => $director, ':release_date' => $release_date)))) 
   {
     $log->emergency('EM[MYSQL] Misc issue: ' .  $db->errno);
   } else{
     $log->info('I[MOVIE] Movie "' . $title . '" created, by user (u)$current_user(/u).');
   }

   $stmt->close();
   $db->close();
}

On the front of this, it looks exactly the same as the other questions, but var_dump($stmt) retuns true, and according to the documentation

mysqli_prepare() returns a statement object or FALSE if an error occurred.

I used the following lines to check for this:

echo $db->error;
var_dump($stmt);

No error is printed, and var_dump yields bool(true). Any ideas? A statement very like this was working 100% very recently, but with no MySQL error return I'm completely stumped.

Edit:

Yes it was all to do with that stupid OR comparison, thank you for your answers.

if(!($stmt = $db->prepare('INSERT INTO movies (MovieName, MovieCover, MovieDescription, MovieDirector) values (?, ?, ?, ?)'))){
        $log->error('ER[MYSQL] Could not prepare statment: ' . $db->error);
    }

On a sidenote, I suggest that anyone following the Openwall tutorial on password hashing should change to if statements as well.

Answer 1

You have an issue with your parenthesis, which is causing '$stmt' to be evaluated to the result of the logical or represented by || in the line:

($stmt = $db->prepare("INSERT INTO movies (MovieName, MovieCover, MovieDescription, MovieDirector, MovieDate) VALUES (':title', ':cover', ':description', ':director', ':release_date')") || $log->error('ER[MYSQL] Could not prepare statement: ' . $db->error));

Changing it to:

($stmt = $db->prepare("INSERT INTO movies (MovieName, MovieCover, MovieDescription, MovieDirector, MovieDate) VALUES (':title', ':cover', ':description', ':director', ':release_date')")) || $log->error('ER[MYSQL] Could not prepare statement: ' . $db->error);

Will fix it, though you might consider making your code cleaner.