This question already has answers here:
Can I mix MySQL APIs in PHP?
(4 answers)
Closed 3 years ago.
I try to select username from the database, and when I fetch it, I got the error message.
mysqli_stmt::fetch() expects exactly 0 parameters, 1 given in
<?php
require 'dbh.inc.php';
if(!empty($_POST['username']) && !empty($_POST['password'])):
$records = $conn->prepare('SELECT id, username, password FROM users WHERE username = ?');
$records->bind_param('s', $_POST['username']);
$records->execute() or die($records->error);
$result = $records->fetch(PDO::FETCH_ASSOC);
if(count($result) > 0 && password_verify($_POST['password'], $result['password'])){
die('We have a login');
}else{
die('Something went wrong!');
}
endif;
?>
You appear to be calling mysqli_stmt::fetch(), but expecting it to act like PDOStatement::fetch().
Even though the functions have the same name, they come from different extensions, and you can't mix them. If you want to use the PDO fetch(), you should connect to your database using PDO.
Also, the mysqli_stmt::fetch() function does not return a row of data. It relies on you binding results to variables.
I prefer the PDO style, where PDOStatement::fetch() returns a row. I recommend you convert your code to use PDO throughout.
You are using PDO fetch style with the fetch() MySQLi method.
Try this :
$result = $records->fetch();
If you really want to use the PDO fetch style, I recommend to use PDO instead of MySQLi.
Related
This question already has answers here:
Can I mix MySQL APIs in PHP?
(4 answers)
mysqli_query() expects at least 2 parameters, 1 given in? [duplicate]
(3 answers)
Reference - What does this error mean in PHP?
(38 answers)
Closed 5 years ago.
<?php
ini_set('display_errors', 1); ini_set('log_errors',1); error_reporting(E_ALL); mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
include 'dbconnection.php';
$first = $_POST['fname'];
$last = $_POST['lname'];
$email = $_POST['email'];
$password = $_POST['password'];
$query = mysql_query("SELECT * FROM users WHERE Email='$email'");
if(mysql_num_rows($query) > 0){
echo "That account already exists!";
}else{
$query = mysqli_query("INSERT INTO users (FirstName, LastName,Email,Password) values ('$first','$last','$email','$password')");
header("location: signedup.php");
}
?>
I'm still learning Php so excuse myself. I think I understand the basic principles however have hit a wall. Anyhow when posting the entered data into the text field, the form should take those entries and place them into the variables. One variable being the email to which should be used to validate the form, it should do this by checking the variable data against the database itself and checking if any rows match, if they do then return a message to the user otherwise proceed to enter the data into the user table. Can anyone see where i've gone wrong code wise? my error shows as so "Fatal error: Uncaught Error: Call to undefined function mysql_query() in php_page:12 Stack trace: #0 {main} thrown in php_page on line 12"
First off you probably don't have mysql_query as a function, because this extension was deprecated in PHP 5.5.0. It was removed from PHP 7. You will want to use the mysqli extension. See http://php.net/manual/en/book.mysqli.php. This is very similar to the mysql extension, but is 'improved.' You will need to modify your code to use the mysqli extension. Also, have a look at prepared statements: http://php.net/manual/en/mysqli.prepare.php. You will want to use prepared statements to prevent SQL injection, which is when someone injects malicious values into your queries. Using unfiltered $_POST data is not good for security reasons, as it can lead to SQL injection, among other things. You will want to see: http://php.net/manual/en/function.filter-input.php for various ways to filter your $_POST data.
in all your $query prefer to use like that
$query = mysql_query("SELECT * FROM users WHERE Email='".$email."'");
This question already has answers here:
mysqli_affected_rows in PHP insert
(3 answers)
Closed 6 years ago.
I'm working with PHP and mysqli, what the program is doing is that it is asking for a reset code and email address if the email add and reset code are found in the database it sets the password,this part of the function is working,
I need help with this part: what I need to do is tell the user if the password was set or not so if the update was successful or not.
What I'm working on:
$uinsert = "UPDATE member SET password = '$password' WHERE emailadd = '$emailadd' AND resetCode = '$resetcode'";
$update = mysqli_query($mysqli, $uinsert) or die(mysqli_error($mysqli));
if(mysqli_affected_rows($update) == 1 ){ //ifnum
header("location: ../index.php"); // Redirecting To Other Page
}
else{
echo "<script> alert('Incorrect code, try again!');</script>";
}
Note: $mysqli is my connection string
"#Fred-ii- Thank you so much that works! – Coffee coder 58 secs ago"
Use if(mysqli_affected_rows($mysqli) >0 ) or no comparison at all.
Sidenote: ==1 is only comparing for 1, as opposed to >0 which you may be trying to update more than one row. However and on the rare occasion, >0 is required where this has also happened to me before; that is the reason of my answer.
affected_rows() uses the connection, not the one for the query.
http://php.net/manual/en/mysqli.affected-rows.php
Plus, if you're storing plain text passwords, use password_hash() since it's much safer:
http://php.net/manual/en/function.password-hash.php
Sidenote: If you do decide to move over to that function, make sure that you do not manipulate the password at all. Hashing/verifying it takes care of that and you may be doing more harm than good in doing so and limiting passwords.
I.e.: A valid password of test'123 would be interpreted as test\'123 and rendering FALSE when using real_escape_string() for example.
Or you may still be using hash_hmac as per your other question Comparing/check if correct Password from mysqli database [hash_hmac]
and a prepared statement:
https://en.wikipedia.org/wiki/Prepared_statement
It is also best to add exit; after header. Otherwise, your code may want to continue to execute.
header("location: ../index.php");
exit;
Change the parameter of mysqli_affected_rows(), the parameters must be the mysql connection
mysqli_affected_rows($update)
to
mysqli_affected_rows($mysqli)
Please see this reference
https://www.w3schools.com/php/func_mysqli_affected_rows.asp
if (mysqli_affected_rows($mysqli) == 1 ) {
Because mysqli_affected_rows() does not use the query $update as its parameter, it uses the connection variable: $mysqli
pass your mysqli connection object ($connection) to mysqli_affected_rows(connection_object) to check affected rows.
connection_object is like - $con=mysqli_connect("localhost","bd_user","db_password","your_db_name");
So , code will be
if(mysqli_affected_rows($con)== 1 ){
header("location: ../index.php");
}
This question already has answers here:
mysql_fetch_array()/mysql_fetch_assoc()/mysql_fetch_row()/mysql_num_rows etc... expects parameter 1 to be resource
(31 answers)
Closed 5 months ago.
I am trying to get an old PHP script to work but I keep getting this notice:
Notice: Trying to get property of non-object in ...
The notice is based on the last line of this code:
$result_id_check = mysql_query("select ses_userid from fe_sessions where ses_id = '".$_COOKIE['fe_typo_user']."';");
$row_check = mysql_fetch_object($result_id_check);
if ($row_check->ses_userid) {
I also tried using mysqli_query and mysqli_fetch_object but that won't take any changes.
Any ideas how I can resolve this?
This error normally means that the query failed.
You should be checking for errors as you go like this, also the string concatenation can be made simpler if you use either the {$_COOKIE['fe_typo_user']} form of variable expansion inside a double quoted string, or alternatively this will also work $_COOKIE[fe_typo_user]
$sql = "select ses_userid
from fe_sessions
where ses_id = '{$_COOKIE['fe_typo_user']}'"
$result_id_check = mysql_query($sql);
if ( $result_id_check === false ) {
echo mysql_error();
echo 'Bad SQL : ' . $sql;
exit;
}
$row_check = mysql_fetch_object($result_id_check);
This way when you make small mistakes with your SQL, you get told about them directly and you dont have to wonder what nay have gone wrong.
Please dont use the mysql_ database extension, it
is deprecated (gone for ever in PHP7)
Specially if you are just learning PHP, spend your energies learning the PDO database extensions.
Start here
You should also be using parameterized queries ( available in the mysqli_ and PDO database extensions, but not the old deprecated mysql_ extension) to avoid SQL Injection Attack Specially if you are using data got from $_POST or $_GET or $_COOKIE
If you are considering moving to mysqli_ or PDO you should read also read this Can I mix MySQL APIs in PHP?
Before using $row_check->ses_userid just check whether $row_check is true or false.
if ($row_check) {
if ($row_check->ses_userid) {
}
}
This question already has answers here:
mysql query result in php variable
(5 answers)
Closed 10 years ago.
How can I get the results?:
$check = mysql_query("select username, email, case
when max(username = '$username') > 0 and max(email = '$email') > 0 then 'both'
when max(username = '$username') > 0 then 'username'
when max(email = '$email') > 0 then 'email'
end
from school_users
WHERE username = '$username' or email = '$email'") or die(mysql_error());
I need "username" or "email" or "both" when it exists. How do I receive these variables?
You should use fetch functions.
mysql_query() returns resource of data, for getting this data, you need to use either mysql-fetch_assoc or mysql_fetch_array.
As already mentioned, mysql_* functions are deprecated as of >PHP 5.5, and they are bad practice of using. You should learn about mysqli or PDO.
Resources:
http://php.net/mysql_query
http://php.net/mysql_fetch_assoc
http://php.net/mysql_fetch_array
http://php.net/mysqli
http://php.net/pdo
Ok I think I understand what you are trying to do. You have alot more work than you think you do. What you need is template to work with so you can make it your own. The link below will allow you to create your own php API to communicate with a MySQL database in the manner you are talking about. It is step by step and he gives you the code to work with, all of it!
android login and registration with php mysql and sqlite
I used it and it it awesome, if you have any questions feel free to message me.
put the green check if this helps
This question already has answers here:
Can I mix MySQL APIs in PHP?
(4 answers)
Closed 2 years ago.
I am getting the above warning when I try to run this code:
$mysqli=new mysqli("localhost", "***", "***","***") or die(mysql_error());
function checklogin($username, $password){
global $mysqli;
$result = $mysqli->prepare("SELECT * FROM users WHERE username = ?");
$result->bind_param("s", $username);
$result->execute();
if($result != false){
$dbArray=mysql_fetch_array($result);
You are mixing mysql and mysqli calls in your code. Use mysqli_fetch_array instead of mysql_fetch_array.
You are mixing mysqli and traditional mysql commands.
Use $result->fetch_array().
You're using two different sets of functions... mysqli and mysql.
I think you want to use the fetch_assoc() method.
Check out http://php.net/manual/en/book.mysqli.php