Call to member function on a non-object problem

I am having problem with this:

function do_login() {
global $db;

    $username = $_POST['username'];
    $password = md5($_POST['password']);

    $row = $db->query("SELECT username, password FROM users WHERE username = '$username' AND password = '$password'");

    while ($rows = mysql_fetch_array($row)) {
        if($username == $rows['username'] && $password == $rows['password']) {
            $_SESSION['Logedin'] = true;
            echo 'yah';
        }else{
            echo 'Neh';
        };
    }
}

becau开发者_开发百科se it gives me this error: Fatal error: Call to a member function query() on a non-object in C:\xampp\htdocs\falco\admin\class\auth.php on line 79

I dont know what I am missing! Thank you for your help

$db is probably not initialized. Issue a var_dump($db); in the previous line to see what it contains.

Also, your code is open to a full on sql injection... Sanitize $_GET/$_POST before using anything in it in queries. Try this username, for instance:

$_POST['username'] = "admin' OR 1 = 1 OR username='"

My guess (and it's only a guess) is that when you're calling off to connect to the database, you're getting an error code or a false back instead of a database object. And you're not checking for this condition, and later on using it like a normal variable. And of course, an int or false or whatever doesn't have the query method.

This is only a guess.