I'm currently working on a login script, and I got this code:
$selectUser = $db->prepare("SELECT `id`,`password`,`salt` FROM `users` WHERE `username`=?");
$selectUser->bind_param('s', $username);
$selectUser->execute();
if ($selectUser->num_rows() < 0)
echo "no_user";
else
{
$user = $selectUser->fetch_assoc();
echo $user['id'];
}
Here's the error I get:
Fatal error: Uncaught Error: Call to undefined method
mysqli_stmt::fetch_assoc()
I tried all sorts of variations, like:
$result = $selectUser->execute();
$user = $result->fetch_assoc();
and more... nothing worked.
That's because fetch_assoc is not part of a mysqli_stmt object. fetch_assoc belongs to the mysqli_result class. You can use mysqli_stmt::get_result to first get a result object and then call fetch_assoc:
$selectUser = $db->prepare("SELECT `id`,`password`,`salt` FROM `users` WHERE `username`=?");
$selectUser->bind_param('s', $username);
$selectUser->execute();
$result = $selectUser->get_result();
$assoc = $result->fetch_assoc();
Alternatively, you can use bind_result to bind the query's columns to variables and use fetch() instead:
$selectUser = $db->prepare("SELECT `id`,`password`,`salt` FROM `users` WHERE `username`=?");
$selectUser->bind_param('s', $username);
$selectUser->bind_result($id, $password, $salt);
$selectUser->execute();
while($selectUser->fetch())
{
//$id, $password and $salt contain the values you're looking for
}
1) you need the mysqlInd driver.
The variable $db is of type mysqli_stmt, not mysqli_result. The mysqli_stmt class doesn't have a method fetch_assoc() defined for it.
You can get a mysqli_result object from your mysqli_stmt object by calling its get_result() method. For this you need the mysqlInd driver installed!
Alternative try this
$selectUser = $db->prepare("SELECT `id`,`password`,`salt` FROM `users` WHERE `username`=?");
$selectUser->bind_param('s', $username);
$selectUser->execute();
$selectUser->bind_result($id, $password,$salt);
while ($selectUser->fetch()) {
printf("%s %s %s\n", $id, $password,$salt);
}
for more info about this Reference link
Now talk of alternatives.
PDO, unlike mysqli, never have a problem like this. It can fetch you an array out of a prepared statement without the need of installing any additional modules.
$stmt = $db->prepare("SELECT `id`,`password`,`salt` FROM `users` WHERE `username`=?");
$stmt->execute([$username]);
$user = $stmt->fetch();
if (!$user) {
echo "no_user";
} else {
echo $user['id'];
}
See, it works exactly the way you would expect and require two times less code to write. Not to mention other wonderful features.
Related
I've been doing SQL for over a year now, and have became completely stuck. For some reason, i'm not able to return any values from this table as I get the error
mysqli_fetch_array(): Argument #1 ($result) must be of type mysqli_result, mysqli_stmt given
I'm completely floored as to why this is happening, as i've used these kind of queries in the past
The code i'm using is
$user = "testuser";
$q = $conn->prepare("SELECT * FROM users WHERE username = ?");
$q->bind_param("s", $user);
$q->execute();
while($row = mysqli_fetch_array($q))
var_dump($row);
If I do var_dump($q), then I get an object object(mysqli_stmt)#3 (10) with no errors and the correct amount of fields. I'm just not able to read anything from this for some reason.
Thanks!
You need to call a get_result() before you can fetch your data
$user = "testuser";
$stmt = $conn->prepare("SELECT * FROM users WHERE username = ?");
$stmt->bind_param("s", $user);
$stmt->execute();
$result = $stmt->get_result();
while($row = $result->fetch_assoc()) {
var_dump($row);
}
PS. better to use fetch_assoc() instead of fetch_array()
I'm currently working on a login script, and I got this code:
$selectUser = $db->prepare("SELECT `id`,`password`,`salt` FROM `users` WHERE `username`=?");
$selectUser->bind_param('s', $username);
$selectUser->execute();
if ($selectUser->num_rows() < 0)
echo "no_user";
else
{
$user = $selectUser->fetch_assoc();
echo $user['id'];
}
Here's the error I get:
Fatal error: Uncaught Error: Call to undefined method
mysqli_stmt::fetch_assoc()
I tried all sorts of variations, like:
$result = $selectUser->execute();
$user = $result->fetch_assoc();
and more... nothing worked.
That's because fetch_assoc is not part of a mysqli_stmt object. fetch_assoc belongs to the mysqli_result class. You can use mysqli_stmt::get_result to first get a result object and then call fetch_assoc:
$selectUser = $db->prepare("SELECT `id`,`password`,`salt` FROM `users` WHERE `username`=?");
$selectUser->bind_param('s', $username);
$selectUser->execute();
$result = $selectUser->get_result();
$assoc = $result->fetch_assoc();
Alternatively, you can use bind_result to bind the query's columns to variables and use fetch() instead:
$selectUser = $db->prepare("SELECT `id`,`password`,`salt` FROM `users` WHERE `username`=?");
$selectUser->bind_param('s', $username);
$selectUser->bind_result($id, $password, $salt);
$selectUser->execute();
while($selectUser->fetch())
{
//$id, $password and $salt contain the values you're looking for
}
1) you need the mysqlInd driver.
The variable $db is of type mysqli_stmt, not mysqli_result. The mysqli_stmt class doesn't have a method fetch_assoc() defined for it.
You can get a mysqli_result object from your mysqli_stmt object by calling its get_result() method. For this you need the mysqlInd driver installed!
Alternative try this
$selectUser = $db->prepare("SELECT `id`,`password`,`salt` FROM `users` WHERE `username`=?");
$selectUser->bind_param('s', $username);
$selectUser->execute();
$selectUser->bind_result($id, $password,$salt);
while ($selectUser->fetch()) {
printf("%s %s %s\n", $id, $password,$salt);
}
for more info about this Reference link
Now talk of alternatives.
PDO, unlike mysqli, never have a problem like this. It can fetch you an array out of a prepared statement without the need of installing any additional modules.
$stmt = $db->prepare("SELECT `id`,`password`,`salt` FROM `users` WHERE `username`=?");
$stmt->execute([$username]);
$user = $stmt->fetch();
if (!$user) {
echo "no_user";
} else {
echo $user['id'];
}
See, it works exactly the way you would expect and require two times less code to write. Not to mention other wonderful features.
I am actually using this to store and know some fields of my database:
$conn_2 = dbConnect();
$stmt2 = $conn_2->prepare("SELECT firstname, lastname, type FROM BrokerMaster.users WHERE email = ?");
$stmt2->bind_param("s", $email);
$stmt2->execute();
$stmt2->bind_result($firstname, $lastname, $type);
while ($stmt2->fetch()) {
printf("%s %s %s\n", $firstname, $lastname, $type);
}
But I would like to do something like:
$stmt2 = $conn_2->prepare("SELECT * FROM BrokerMaster.users WHERE email = ?");
$stmt2->bind_param("s", $email);
$stmt2->execute();
$stmt2->bind_result($result); //??
while ($row = $stmt2->fetch()) {
$firstname = $row["firstname"]
}
I couldn't find a way to do it object oriented. The problem I found is that the $result is not a mysqli_result class (if I am not wrong) and unlike query() the execute() and bind_results() don't create it. (I also couldn't manage to use this answer
What are my mistakes (or misunderstandings)? How can I do it?
Sure you can, but you would use fetch_assoc() function.
So you use fetch_assoc() on the mysqli_result. Doing it in a while loop, will continue cycling until there are available rows.
while ($row = $result->fetch_assoc()) {
//Use $row["column_field"];
}
Edit
It happens that we can't get result object straight from a prepared statement.
$stmt2->store_result();
$result = $stmt2->get_result();
Now you should be able to use fetch_assoc() over your mysqli_result
I keep getting the same error message...
Fatal error: Call to a member function fetch() on a non-object
I've tried:
- removing quotes from ':user' and ':pass'
- changing fetch() to fetchAll()
- using PDO::FETCH_ASSOC
I can't seem to find a question that solves this, they all are solid SQL statements, there's no variables inside them.
$q = $dbh->prepare("SELECT * FROM users WHERE username= ':user' AND password= ':pass' ");
$q -> bindParam(':user', $username);
$q -> bindParam(':pass', $password);
$result = $q -> execute();
$numrows = count($result);
echo $numrows;
if($numrows == 1){
while($row = $result->fetch(PDO::FETCH_OBJ)){
$row["id"] = $_SESSION["id"];
$row["username"] = $_SESSION["username"];
$row["password"] = $_SESSION["password"];
$row["email"] = $_SESSION["email"];
}
} else {
header("location: index.php?p=5");
}
Fetch should be used on the PDOstatement object.
According to the PDO manual:
PDOStatement::fetch — Fetches the next row from a result set
The fetch function is a member function of the PDOStatement object.
Example from the manual:
$sth = $dbh->prepare("SELECT name, colour FROM fruit");
$sth->execute(); //no need in another variable, like: $r = $sth->
/* Exercise PDOStatement::fetch styles */
$result = $sth->fetch(PDO::FETCH_ASSOC); //$sth, not "$r"
Another note:
Regarding your usage of execute, according to the manual it returns a boolean value (true/false) and not an array of values.
I believe you've used mySQL so the "migration" to PDO is a bit strange for you, look at the manual and follow some tutorials.
Remove quote from user and pass
$q = $dbh->prepare(" SELECT * FROM users WHERE username= :user AND password= :pass");
trying to convert all my old mysql_* operations into new and, from what i've heard, improved PDO, but this query wont seem to run successfully, I am trying to select all from the table PEOPLE where the username = $username (which has previously been declared $username = $_SESSION['username'];)
$query = "SELECT * FROM people WHERE username=?";
$stmt = $conn->prepare($query);
$stmt->bindParam(1, $username);
$stmt->execute();
$num_rows = $stmt->fetchColumn();
if ($num_rows == 1) {
// ...
}
THE WORKING CODE IS:
$query = "SELECT * FROM people
WHERE username=?";
$stmt = $conn->prepare($query);
$stmt->bindParam(1, $username);
$stmt->execute();
$num_rows = $stmt->fetchColumn();
$user = $stmt->fetchObject();
if ($user) {
//do something
}
$stmt->fetchColumn does not fetch the number of rows; in this case it will fetch the first column from the first row of the result set. Since that will not be equal to 1 generally your test will fail.
In this case there is also no real need to count the number of returned rows because you are expecting either one or zero (if the username does not exist). So you can simply do:
$stmt->execute();
$user = $stmt->fetchObject();
if (!$user) {
// not found
}
else {
echo "User $user->username found!";
}
The if(!$user) test works because if there is no row to fetch $user will be false (see the documentation for fetchObject).
$query = "SELECT * FROM people WHERE username = :username";
$stmt = $conn->prepare($query);
$stmt->bindParam(':username', $username);
$stmt->execute();
while ($row = $stmt->fetchObject()) {
// do stuff
}
Use PDOStatement::rowCount as the num_rows and PDOStatement::fetch(PDO::FETCH_ASSOC) as fetch_assoc equivalent.
You want
if ($stmt->num_rows == 1) {
instead.