I have a table called candidates with some fields. The table contains a column named "keypass" which is the same for all users and is set as default. Using prepared statement I'm trying to first capture the value for key pass (which is the same for this example) and compare it to the user input.
the connection
<?php
$dbServerName = "localhost";
$dbUserName = "root";
$dbPassword = "";
$dbName = "candidateDB";
$conn = mysqli_connect($dbServerName,$dbUserName,$dbPassword,$dbName);
here is my code:
$stm_keypass = $conn ->prepare ("SELECT * FROM candidates WHERE keypass = ?");
$stm_keypass -> bind_param("s", $keypass);
$sql_keypass = $stm_keypass->execute();
when I run the script I get this error "Fatal error: Call to a member function bind_param() on a non-object" what is the issue? thanks
table here
"Fatal error: Call to a member function bind_param() on a non-object" here would mean your $stm_keypass was likely not created properly, and is thus not an object. Check out the docs on how to handle error detection of prepared statements and go from there.
Related
I wrote my code as simple as possible to make a simple login, because its my first time working with SQLite3 databases.
Here is my code:
<?php
$db = new SQLite3("FirstDatabase.db");
if (isset($_POST['login'])) {
$username = $_POST['user'];
$password = $_POST['pass'];
$query = $db->prepare("SELECT COUNT(`id`) FROM data WHERE `username` = '$username' AND `password` = '$password'");
$query->execute();
$count = $query->fetchColumn();
if($count = 1){
echo "Welcome $username!";
} else {
echo "Wrong credentials";
}
}
?>
I'm really confused why this is not working.. I updated all the extensions etc.
I know this is vulnerable to pretty much every type of attack, but I'm just trying to figure out the SQLite3 database connection.
Thanks! :)
This is the Error I get btw:
Fatal error: Uncaught Error: Call to undefined method SQLite3Stmt::fetchColumn() in C:\XAMPP\htdocs\PHP-Login\index.php:41 Stack trace: #0 {main} thrown in C:\XAMPP\htdocs\PHP-Login\index.php on line 41
The SQL is vulnerable to SQL injection which could be devastating to your database and your system and your health. First and foremost you should change the select to a parametrized query.
There are very good examples in the doc for using a parametrized query and binding the values, not to mention a ton of resource on this site.
The error is telling you that that there is not method fetchColumn() for a SQLite3Stmt object. The PHP: SQLite3Stmt doc confirms that. It is a method on the PDO database extension.
This question already has answers here:
Giving my function access to outside variable
(6 answers)
Closed 8 years ago.
I have a problem. I am including my database details in my functions.php file. Like this:
db.php:
$dbhost = "localhost";
$dbname = "test";
$dbuser = "root";
$dbpass = "root";
$dbc = new PDO("mysql:host=" . $dbhost . "; dbname=" . $dbname ."", $dbuser, $dbpass);
functions.php:
include_once 'db.php';
function retrieve($count)
{
$query = "SELECT * FROM table WHERE column = ?";
$sth = $dbc->prepare($query);
$sth->bindValue(1, $count);
$sth->execute();
$resultCount = $sth->rowCount();
}
file.php:
include 'functions.php';
...
When I try to call my functions file in file.php, so I can use the function retrieve, my php_error.log file shows the following:
[Date] PHP Notice: Undefined variable: dbc in functions.php on line 6
My goal is to create an instance of PDO and use that in all the other pages so I don't have to create an instance over, and over again. I tried to achieve this by creating the $dbc variable and instancing a new PDO connection to it in db.php. Then, I would include it in functions.php so whenever a function is called, the $sth variable will hold the methods used, using $dbc (the instance of the PDO connection).
Does anyone know why am I getting this error, and possibly, could anyone give me some advice on how to parametrize the creation of an instance of PDO and use it/them throughout other pages?
Thank you for your time and help!
Cheers!
You have to pass the database connection to the function where your query is in order for it to work.
I have a func.php file that contains a function that gets my user's details:
require_once 'connection.php';
function getUI($username){
$query = "SELECT * FROM usernames WHERE username = ?";
$sth = $pdo->prepare($query);
$sth->bindValue(1, $username);
$sth->execute();
$result = $sth->fetch(PDO::FETCH_ASSOC);
return $result;
}
in my connection.php I have:
require_once 'details.php';
$pdo = new PDO("mysql:host=" . $dabhost . "; dbname=" . $dabname ."", $dabusern, $dabpassw);
and in details.php I have:
$dabhost = "localhost";
$dabname = "dab1";
$dabusern = "root";
$dabpassw = "root";
And ultimately, I have my userdetails.php that has a bunch of HTML code and displays the results that the function getUI() would bring back. I require func.php at the beginning:
require_once 'folder1/func.php';
My directory looks like this:
rootfolder/userdetails.php
rootfolder/folder1/details.php
rootfolder/folder1/connection.php
rootfolder/folder1/func.php
The issue is that when I open userdetails.php, I get an error in my php_error.log file that says the following:
PHP Notice: Undefined variable: pdo in /rootfolder/folder1/func.php on line 58
PHP Fatal error: Call to a member function prepare() on null in /rootfolder/folder1/func.php on line 58
Where if I were to just put all the code at the top of my userdetails.php, it would work and bring back the expected results. Therefore, there is something wrong with how I am requiring the files/scope of the variables I think...
Could someone explain to me what am I doing wrong?
Your help is much appreciated!
Thanks a lot!
UPDATE:
Passing my $pdo connection as a second argument in the function solved my proble, but now I am unable to retrieve x result from my returned $return variable, for instance:
echo $result['date'];
It says that the variable $result is not defined. Any idea why is this occurring?
Thanks a lot again!
When you declare
function getUI($username) {}
$pdo is not available because it is outside the scope of the function.
You'll need to pass it in as an additional parameter or find some other mechanism for getting $pdo inside getUI().
If you need more information
require_once 'connection.php';
function getUI($username,$pdo){
$result = null ;
$query = "SELECT * FROM usernames WHERE username = ?";
$sth = $pdo->prepare($query);
$sth->bindValue(1, $username);
$sth->execute();
$result = $sth->fetch(PDO::FETCH_ASSOC);
return $result;
}
Note : Pass PDO object as second parameter when you call above function.
hoping someone can help me, I am having the following error, looked online and tried a load of things but can't seem to figure it out, error:
Fatal error: Call to undefined method mysqli::mysqli_fetch_all() in C:\xampp\htdocs\cyberglide\core-class.php on line 38
heres my code:
<?php
class Core {
function db_connect() {
global $db_username;
global $db_password;
global $db_host;
global $db_database;
static $conn;
$conn = new mysqli($db_host, $db_username, $db_password, $db_database);
if ($conn->connect_error) {
return '<h1>'."Opps there seems to be a problem!".'</h1>'.'<p>'."Your Config file is not setup correctly.".'</p>';
}
return $conn;
}
function db_content() {
//this requires a get, update and delete sections, before its complete
$conn = $this->db_connect();
if(mysqli_connect_errno()){
echo mysqli_connect_error();
}
$query = "SELECT * FROM content";
// Escape Query
$query = $conn->real_escape_string($query);
// Execute Query
if($result = $conn->query($query)){
// Cycle through results
while($row = $conn->mysqli_fetch_all()){
//echo $row->column;
}
}
}
}
$core = new Core();
?>
I am trying to create a db_connect function, which I want to be able to call anywhere on the site that needs a database connection, I am trying to call that function on a function within the same class, I want it to grab and display the results from the database. I am running PHP 5.4.7, I am calling the database on a blank php file which includes a require to include the class file, then using this at the moment $core->db_content(); to test the function. I am building this application from scratch, running from MySQLi guides (not used MySQLi before, used to use normal MySQL query's) so if I am doing anything wrong please let me know, thanks everyone.
mysqli_fetch_all is a method of a mysqli_result, not mysqli.
So presumably it should be $result->fetch_all()
References:
http://php.net/manual/en/mysqli-result.fetch-all.php
Important: keep in mind mysqli_result::fetch_all returns the whole result set not a row as you assume in your code
There are three problems I see here.
while($row = $conn->mysqli_fetch_all()){
The method name is fetch_all() when used in the OOP way.
fetch_all() should be used with the $result object
fetch_all() is only available when the mysqlnd driver is installed - it frequently is not.
Reference
Only $result has that method. If you want to use it in a while loop use fetch_assoc(). fetch_all() returns an associative array with all the data already.
while($row = $result->fetch_assoc()){
}
thanks all, its working fine now, i had it as while($row = $conn->fetch_assoc()){
} before and changed to what i put above, but dident see it should of been $result instead of $conn, thanks for pointing that out.
I'm trying to use this script to see if there's a registered using in my database, but I'm having trouble on line 6. I keep getting the error:
Fatal error: Call to a member function bind_param() on a non-object in
-redacted-/check_login.php on line 6
I'm stumped as to why it's failing, because I have a similar statement working on the create user function.
<?php
ini_set('display_errors', 'On');
$db = new mysqli("localhost", "root", "-redacted-", "-redacted-");
$query = $db->prepare("SELECT user FROM users WHERE username = ? AND password = ?");
$query->bind_param('ss', $_POST['username'], md5($_POST['password']));
$query->execute();
$query->bind_result($result);
$query->fetch();
if($result->num_rows == 1) {
session_start();
$_SESSION['user'] = $_POST['username'];
header("Location: 10.0.0.15/index.php");
}
?>
This is usually caused by referencing a non-existant column/table in your database schema. Hence why the prepared is the root cause of this error.
What you should do, is check over your query. Making sure you are:
not using reserved mysql keywords
referencing columns/tables that
exist within the schema
There are no syntax errors within your SQL
Query