In my class 'uzytkownikclass.php' i have a variable which is called '$handler'. That variable store connection with my MySQL database. Before, i created few methods that query database for data. Those functions are working fine. But i created a new method called 'hasRole' which check user role (Administator, moderator etc). But i have a error, PDO is new for me and i can not fix this alone.
Here is my code:
public function hasRole()
{
$email=$_SESSION['email_session'];
$stmt = $this->handler->prepare("SELECT COUNT(*) FROM users INNER JOIN rolausera ON users.id = idusera INNER JOIN rola ON idroli = rola.id WHERE email = :email AND rola.id = :rola");
$stmt->bindValue(':email',$email, PDO::PARAM_STR);
$stmt->bindValue(':rola',$rola, PDO::PARAM_STR);
$stmt->execute();
$result = $stmt->fetchAll();
if($result[0]>0)
{
return TRUE;
}
else
{
return FALSE;
}
}
Here is an error:
Fatal error: Call to a member function prepare() on null in D:\Programy\XAMPP\htdocs\logic\uzytkownikclass.php on line 120
As i said before, i have working methods:
$stmt = $this->handler->prepare("SELECT id, login, email, haslo FROM users WHERE email=:email1 ");
$stmt->execute(array(':email1'=>$email1));
$userRow=$stmt->fetch(PDO::FETCH_ASSOC);
and here is my connection method:
public $handler;
public function connection()
{
$this->handler = new PDO('mysql:host=localhost;dbname=blog', 'root', '',array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'utf8'"));
if($this->handler==false)
{
echo 'Blad';
}
}
I tried to delete relation in query and use simple 'SELECT * FROM user' and i had same error.
Greetings.
The question is: did you call the connection() method before calling the hasRole(), or perhaps you closed the connection somewhere in your code? Anyway, I would check in all methods, that try to query the database, if the connection is established and call the connection() method if not. Php's is_null() function helps determining if a variable has been set. I would also check if $handle is false.
i think it's a problem with PHP 5.6 [Beta].
Check your active PHP version, if you have PHP 5.6 [Beta], change to 5.4.
I haved the same problem, a class for connection with PDO working fine, and without changes into the code, this error: Fatal error: Call to a member function prepare() on null in...
For experience, when i have these errors, i see into my PHP version. On my case the hosting changes the PHP version without advise :(
See: PHP bugs
Related
Here is the function where I create a DB connection:
function get_db_connection()
{
$host = "127.0.0.1:3306";
$username = "root";
$password = "";
$db = "crm";
return mysqli_connect($host, $username, $password, $db);
}
Here is a function where I use my query:
function query_user_by_username($username)
{
$conn = get_db_connection();
$stmt = $conn->prepare("SELECT * FROM `users` WHERE `username`=?");
$stmt->bind_param("s", $username);
$stmt->execute();
//var_dump($stmt->get_result()->fetch_assoc());
return $stmt;
}
When I execute var_dump inside the function I get NULL which is perfectly fine response for current scenario.
However, when I call this function from another place, I get an error when executing that same var_dump.
Example code:
require_once(__DIR__ . '/../../db/dbh.inc.php');
$db_response = query_user_by_username("zxc");
var_dump($db_response->get_result()->fetch_assoc());
When this is executed, I get the following error:
Fatal error: Uncaught Error: Call to a member function fetch_assoc() on boolean in /opt/lampp/htdocs/src/signinscreen/repo/signin.inc.php:17 Stack trace: #0 {main} thrown in /opt/lampp/htdocs/src/signinscreen/repo/signin.inc.php on line 17
For some reason, $stmt->get_result() inside the function is an actual object but when returned from the function, it is bool.
Why?
When you call get_db_connection() it creates a new instance of the mysqli class and opens a connection to the MySQL server. This object lives as long as you have a PHP variable pointing to it. In your case the connection is alive only within the scope of your query_user_by_username() function.
Prepared statements in mysqli are by default producing unbuffered results. The results are not fetched from MySQL server automatically and you need to call get_result(), store_result() or fetch them row by row. To fetch the result set from the server the connection must be open.
When you leave the query_user_by_username() function, PHP will close the connection and discard any remaining results. When you try to fetch the result set using get_result() outside the function, there are no results to be fetched because the connection is closed.
To fix this problem you should pass the mysqli connection as an argument to the function.
function query_user_by_username(mysqli $conn, $username)
{
$stmt = $conn->prepare("SELECT * FROM `users` WHERE `username`=?");
$stmt->bind_param("s", $username);
$stmt->execute();
return $stmt;
}
Then you should ensure that the connection lives for as long as your code needs it. Effectively it means you should create only one instance of mysqli class and pass it as an argument to functions that require it.
require_once(__DIR__ . '/../../db/dbh.inc.php');
$conn = get_db_connection();
$db_response = query_user_by_username($conn, "zxc");
var_dump($db_response->get_result()->fetch_assoc());
As you can see, mysqli is a low-level API that makes handling database operations difficult. For this reason it is better to use PDO. If you wish to continue using mysqli then you can consider writing a wrapper class or write your function in such a way that they never expose the underlying mysqli functions to your business layer. For example:
function query_user_by_username(mysqli $conn, $username): ?array
{
$stmt = $conn->prepare("SELECT * FROM `users` WHERE `username`=?");
$stmt->bind_param("s", $username);
$stmt->execute();
// only return the data, not the mysqli object
return $stmt->get_result()->fetch_assoc()
}
I have cerb2 https://github.com/wgm/cerb2, it is an old ticketing system, it might looks weird but I have a a lot of knowledgeable information burried that I want to exploit.
It is basically a PHP5/Mysql software with the mysql_connect() constructor
The main issues are queries that stay null at all times. The code base lays on Class definition and pseudo-variable $this to call a query method from another Class.
function CER_HASH_QUEUES(&$parent)
{
global $session;
global $queue_access; e();
$this->db = (new cer_Database())->getInstance();
$this->_parent = &$parent;
if(empty($queue_access))
$this->queue_access = new CER_QUEUE_ACCESS();
else
$this->queue_access = $queue_access;
$sql = "SELECT q.queue_id, q.queue_name FROM queue q ORDER BY q.queue_name";
$res = $this->_db->query($sql);
That last line ($res =… ) is stopping code execution with:
Fatal error: Call to a member function query() on null in
The Query method called from cer_Database.class looks like this ( https://raw.githubusercontent.com/wgm/cerb2/stable/cerberus-api/database/cer_Database.class.php )
function query($sqlString,$return_assoc=true)
{
$config_db = (new cerConfiguration())->getInstance();
if($return_assoc === true) $this->db->SetFetchMode(ADODB_FETCH_ASSOC);
else $this->db->SetFetchMode(ADODB_FETCH_NUM);
$res = $this->db->Execute($sqlString);
if($cfg->settings["debug_mode"]) {
$time_end = microtime();
$query_time = microtime_diff($time_end,$time_start) * 1000; // convert secs to millisecs
echo "<b>[CERBERUS QUERY]:</b> " . $sqlString . " (Ran: <b>" . sprintf("%0.3f",$query_time) . "ms</b>)<hr>";
}
return $res;
}
That last method depends on a second Class cerConfiguration() which relies on import_config_db() to construct the mysql connector.
I am unable to figure out how to pass successfully my sql request following the design pattern carried by the relevant software here.
The databases and the tables are OK on their sides, and the following php script is returning the sql query OK.
<?php
include('includes/third_party/adodb/adodb.inc.php');
$db = ADONewConnection('mysql');
$db->Connect("localhost", "user", "pass", "databasename");
$rs = $db->Execute('SELECT q.queue_id, q.queue_name FROM queue q ORDER BY q.queue_name');
print "<pre>";
print_r($rs->GetRows());
print "</pre>";
I guess without the object oriented design pattern understanding used by PHP I am going to struggle to resuscitate that old piece of software.
Any help, ideas very welcome.
Yours.
Fatal error: Call to a member function query() on null in
You are likely to find further issues in your investigation, but the problem you're asking for help with is relatively simple.
The database property in the class is defined early on in your code as $this->db, but you are then trying to access it as $this->_db. The underscore makes it a different variable name, and thus it doesn't exist. So it is null, hence why you are getting Call to a member function query() on null.
To fix it, make sure you're using the same name for it throughout the class.
OK, I see some similar questions to mine, but their examples all use PHP classes...mine does not. Maybe that's the problem? I shouldn't need classes because my site is exceedingly simple at this point in time.
Anyway, I'm trying to use PDO to connect to a MySQL db. I connect to the db fine in a file called config.php, and include this file in index.php with require_once().
I can successfully query the db from another file called process.php, but the problem is within a function within that file; it seems my DBO object is out of scope within that function.
Here are the relevant code snippets:
index.php
require_once('./lib/config.php');
config.php
// tested and connects fine
$pdo = new PDO('mysql:host=' . $hostname . ';dbname=' . $dbname, $username, $password, array(
PDO::ATTR_PERSISTENT => true
));
process.php
<?php
...
// can call $pdo fine in this file outside of functions
...
function authenticate($u, $p) {
// can't call $pdo in here, error says $pdo is non-object
$que = $pdo->query('select user_id, user_pass from users where user_name = \'' . $u . '\' limit 1');
...
}
?>
By the way, I'm using PDO because I was having similar trouble with mysqli, and am trying to get away from mysql, which is apparently depreciated and discouraged.
EDIT: I should have clarified first based on the number of responses I got on this matter: I did try to pass $pdo in as a param to the function, with no luck or change in the error message.
SOLUTION: OK, apparently the problem was that I needed to add require_once('config.php') in my process.php file as well. Not sure why (wouldn't it already be included when index.php was run first?). Then I was able to successfully pass $pdo in as a param to my function, and voila.
That's pretty basic PHP stuff. Variables inside functions are local variables unless you use the global keyword to load them. I suppose you want this:
function authenticate(PDO $pdo, $u, $p) {
$que = $pdo->query('select user_id, user_pass from users where user_name = \'' . $u . '\' limit 1');
//...
}
Edit: If PHP claims that $pdo is not an object, it's not an object, so it doesn't really matter how it's passed to the function. Inspect the variable right before you call authenticate():
var_dump($pdo);
Without the relevant code there's no way to say why. (Assuming it's true that new PDO succeeds.)
You need to pass the PDO object as a parameter to the authenticate() function:
function authenticate(PDO $pdo, $u, $p) {
// ..as in the question..
}
Oh and you should be using a place holder for that username in the query, not string concatenation which is prone to SQL injection attacks.
because $pdo has been declared outside of the function authenticate it isn't available inside it. You need to either pass $pdo in
function authenticate($u, $p, $pdo) {
$que = $pdo->query('...');
}
or declare it as global inside the function to be able to access it
function authenticate($u, $p) {
global $pdo;
$que = $pdo->query('...');
}
Hi im using PDO to update some fields of a MySQL database. I've written a class called "bakeIT" which connects to a DB and updates some fields depending on the parameters of the method simple_update().
Somehow the first instantiation call to BakeIT()->simple_update() is working but not the second one? Why is that? I'm getting really crazy on that...
Edit:
I found out some errors:
string(85) "SQLSTATE[28000] [1045] Access denied for user
'ODBC'#'localhost' (using password: NO)" Fatal error: Call to a member
function prepare() on a non-object in
BakeIT.php
The table looks like the following:
class BakeIT {
function simple_update(
$tablename,
$fieldname,
$value,
$id,
$idname,
$token,
$tokenvalue){
$conn=$this->connect_db();
$sql= "UPDATE $tablename SET $fieldname=? WHERE $idname=? AND $token=?";
$q = $conn->prepare($sql);
$q->execute(array($value,$id,$tokenvalue));
$conn = null;}
}
//This as the first query works!
$saveanchor = new BakeIT();
$saveanchor->simple_update('navigation','anchor','whoo',5,'idnavigation','hash','3234');
//This as the second query not!
$savetitle = new BakeIT();
$savetitle->simple_update('navigation','linkname','kawoom',5,'idnavigation','hash','3234');
The field linkname doesn't exists.
To my comment about the security: So far I know the prepred statemend prevents an attacker to inject any bad values into the field content.
function example($value, $primarykey, $condition) {
$q = $conn->prepare("UPDATE table SET somefield=? WHERE $primarykey=?");
$q->execute(array($value,$condition));
}
It is not possible to manipulate the parameters $value and $condition but you can set $tableid to 1=1 -- which would override your compleate table.
E.g. example(12, 34, "1=1 --");that would execute this here:
UPDATE table SET somefield=12 WHERE 1=1 --=34
okay i got it! It's the require_once for the external db-access data. with only "require" the data.php (script with db-access variables) everything works fine...
Thanks for helping though!
This question already has answers here:
Why does this PDO statement silently fail?
(2 answers)
Closed 6 years ago.
I am just trying out PDO and I get this error, Fatal error: Call to a member function fetch() on a non-object, but isn't it already on the $this->db object?
class shoutbox {
private $db;
function __construct($dbname, $username, $password, $host = "localhost" )
{ # db conections
try {
$this->db = new PDO("mysql:host=".$hostname.";dbname=".$dbname, $username, $password);
}
catch(PDOException $e)
{
echo $e->getMessage();
}
}
function getShouts()
{
$sql_shouts = $this->db->query('SELECT shoutid, message, pmuserid, ipadress, time FROM shouts WHERE pmuserid == 0');
return $sql_shouts->fetch(PDO::FETCH_OBJ);
}
}
Look carefully at the documentation for PDO::query, particularly the "Return Values" section:
PDO::query() returns a PDOStatement
object, or FALSE on failure.
The important bit is "FALSE on failure". FALSE is not an object, so calling ->fetch() is bad news.
The error is probably due to your use of "==" comparison operator. In SQL, it's just "=".
You should test that the $sql_shouts is not false, and then do something smart with the error, if there was one:
<?PHP
$sql_shouts = $this->db->query('...');
if ($sql_shouts === false){
$errorInfo = $this->db->errorInfo();
//log the error or take some other smart action
}
return $sql_shouts->fetch(PDO::FETCH_OBJ);
I would say that your query is not executing due to incorrect syntax. You should really check PDO's errorinfo static function to see if the query errored out or not.
Here is a potential correct SQL statement:
$sql_shouts = $this->db->query('SELECT shoutid, message, pmuserid, ipadress, `time` FROM shouts WHERE pmuserid = 0');
I believe Time is a reserved word in MySQL I would recommend using a different name but encasing it in backticks will alleviate that issue. 1 equal sign is used for mysql, not two. But yea, look into the errorinfo function to determine if your query failed due to a syntax error and handle it gracefully.
It happens when the table doesn't exist also. make sure it actually exists, and isn't just a holder in the database due to hard drive errors.
When that happens I suggest you recreate the database/table.
I got this error message due to a silly mistake with brackets. It was nested inside an if statement and just didn't see it.
db_query("SELECT thing FROM table WHERE var=:var", array(":var" => $var)->fetchField());
It took me a while to work out that I didn't close the db_query bracket in the right place. Maybe it helps someone else staring at this wondering wth. Correct:
db_query("SELECT thing FROM table WHERE var=:var", array(":var" => $var))->fetchField();