I'm working on a very simple CMS system for a school project, and I'm having a bit of trouble.
Right now, my webpage is set up as so:
Every webpage that I create that a user can access - at the top and bottom, I have an include_once(header.php) and include_once(footer.php) respectively. These contain the top and bottom of what should be any page that gets loaded.
In my header.php I have this, along with other miscellaneous HTML:
<?php
require_once('php/constants.php');
require_once("php/functions.php");
?>
For constants.php - Contains every defined constant I can think of since I'd rather change the one constant here than search in my code to find the however many instances I could have elsewhere.
For Functions.php - Contains every function I'm creating for usage on this CMS. Contains everything from my emailing functions using PHPMailer, to Registering and Logging in using MeekroDB for Database interaction.
Here lies the problem.
On a page I have for account registration, have something along the lines of this
//get the username, password, first/last name, and send it to register function.
$firstName = $_POST['first_name'];
$lastName = $_POST['last_name'];
$password = $_POST['password'];
$email_address = $_POST['email_address'];
//register the user. where register() is in functions.php
if(register($email_address, $password, $firstName, $lastName))
{
echo "REGISTRATION SUCCESSFUL";
}
else
{
echo "REGISTRATION UNSUCCESSFUL";
}
In my functions.php file, I declare my database information using the DB::QUERY assignment that MeekroDB mentions I use.
//MeekroDB - Used for database CRUDding
require_once("php/meekrodb.php");
DB::$user = 'root'; //yes i'll change this later
DB::$password = ''; //this too
DB::$dbName ="testDB";
In the actual register function I have this:
function register($email, $password, $firstName, $lastName)
{
//check to see if the user already exists
//poll the DB to see if the email is already in there.
$results = DB::QUERY("SELECT email FROM users WHERE email = %s", $email);
//if there is a row in the DB with this email...
if(DB::count() >= 1)
{
return false;
}
else
{
//lets prepare the user for insertion into the database.
$username = $firstName . '_' . $lastName;
//generate a salt for database insertion and password hashing
$salt = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true));
$password = hash('sha512', $password . $salt);
//create the insert statement array for insertion.
$insertionArray =
array(
'username' => $username,
'password' => $password,
'email' => $email,
'salt' => $salt,
'isAdmin' => 0
);
//insert the new user into the database.
DB::INSERT('users', $insertionArray);
//Send a registration email to the new user.
//Send an email to the user stating they've registered.
$mailer = createMailer();
//set the contents of the email
$mailer->MsgHTML(generateEmail_Registration($username));
//set the destination address
$mailer->AddAddress($email, $firstName . ' ' . $lastName);
if($mailer->Send())
{
return true;
}
else
{
return false;
}
}
}
To me, this should work.
HOWEVER:
WHenever I try running the register() function, I end up getting tons of errors involving MeekroDB and I'm not 100% sure how to fix them (whether it's an INCLUDE issue, or maybe it's something with meekroDB?)
Here are the errors I'm getting.
Warning: mysqli::set_charset(): invalid object or resource mysqli in D:\xampp\htdocs\finalproject\php\meekrodb.php on line 186
Warning: MeekroDB::get(): Property access is not allowed yet in D:\xampp\htdocs\finalproject\php\meekrodb.php on line 188
Warning: mysqli::real_escape_string(): invalid object or resource mysqli in D:\xampp\htdocs\finalproject\php\meekrodb.php on line 496
Warning: mysqli::query(): invalid object or resource mysqli in D:\xampp\htdocs\finalproject\php\meekrodb.php on line 628
Warning: MeekroDB::queryHelper(): Property access is not allowed yet in D:\xampp\htdocs\finalproject\php\meekrodb.php on line 662
Warning: MeekroDB::queryHelper(): Property access is not allowed yet in D:\xampp\htdocs\finalproject\php\meekrodb.php on line 663
Warning: mysqli::real_escape_string(): invalid object or resource mysqli in D:\xampp\htdocs\finalproject\php\meekrodb.php on line 496
Warning: mysqli::real_escape_string(): invalid object or resource mysqli in D:\xampp\htdocs\finalproject\php\meekrodb.php on line 496
Warning: mysqli::real_escape_string(): invalid object or resource mysqli in D:\xampp\htdocs\finalproject\php\meekrodb.php on line 496
Warning: mysqli::real_escape_string(): invalid object or resource mysqli in D:\xampp\htdocs\finalproject\php\meekrodb.php on line 496
Warning: mysqli::query(): invalid object or resource mysqli in D:\xampp\htdocs\finalproject\php\meekrodb.php on line 628
Warning: MeekroDB::queryHelper(): Property access is not allowed yet in D:\xampp\htdocs\finalproject\php\meekrodb.php on line 662
Warning: MeekroDB::queryHelper(): Property access is not allowed yet in D:\xampp\htdocs\finalproject\php\meekrodb.php on line 663
REGISTRATION UNSUCCESSFUL //of course.
I think it has something to do with the way I'm including my various PHP files, and that in return is buggering up my MeekroDB connection somehow.
If you guys need more information, let me know but I think I've pretty much gotten everything out on the table.
I don't post here often, so if I've missed out on some kind of ettiquette somewhere, I apologize in advance.
Thanks! :)
If you follow along in the meekrodb.php file, the first error is called on your $mysql object which has just attempted a connection (have a look at the meekrodb.php file to see what I'm talking about) so these errors probably have to do with the connection information being bad or some other issue connecting to the database, and so other functions are failing.
A simple way to see more informative errors would be to try using their $throw_exception_on_error function:
function register($email, $password, $firstName, $lastName)
{
//check to see if the user already exists
//poll the DB to see if the email is already in there.
DB::$error_handler = false; // since we're catching errors, don't need error handler
DB::$throw_exception_on_error = true;
try {
$results = DB::QUERY("SELECT email FROM users WHERE email = %s", $email);
} catch(MeekroDBException $e) {
echo "Error: " . $e->getMessage() . "<br>\n"; // this should be a better error...
echo "SQL Query: " . $e->getQuery() . "<br>\n"; // SELECT email FROM users...
}
...
If this was an issue with the include/include_once you would get completely different messages. I would firstly recommend using the latest version of the library which is 2.3, and most importantly, check what version of PHP you are using.
From what I can tell there is most likely an issue with the MySQLi connection and depending on your version of PHP the check to ensure that a connection hasn't failed has had issues as found on this page http://php.net/manual/en/mysqli.connect-error.php
Warning
The mysqli->connect_error property only works properly as of PHP versions 5.2.9 and 5.3.0. Use the mysqli_connect_error() function if compatibility with earlier PHP versions is required.
As there is no connection this will cause the multiple warnings you are seen in this form.
Warning: mysqli::method_name(): invalid object or resource mysqli
Related
I'm getting the following errors from php7 on a new Ubuntu server:
Notice: Trying to get property of non-object in ~/tLogServ.php on line 14
Warning: mysqli::query(): Couldn't fetch mysqli in ~/tLogServ.php on line 17
Fatal error: Uncaught Error: Call to a member function fetch_assoc() on null in ~/tLogServ.php:18
Stack trace:
0 {main}thrown in ~/tLogServ.php on line 18
Here's the tLogServ.php
<?php
header("Access-Control-Allow-Origin: *");
header("Content-Type: application/json; charset=UTF-8");
$request = json_decode( file_get_contents('php://input') );
$variable = $request->data;
// echo($variable);
$result = $conn->query("SELECT password FROM login where userID LIKE 'technician'");
$rows = $result->fetch_assoc();
$passHashed = $rows['password'];
if(password_verify($variable, $passHashed)){
$loginMess = "success";
}else{
$loginMess = "fail";
}
echo json_encode($loginMess);
$conn->close();
?>
and my connection script
<?php
DEFINE ('user', '$%^*(');
DEFINE ('pass', '^*&%*');
DEFINE ('host', '1*&^*&^');
DEFINE ('DB', '^*%*(&%^');
$conn = new mysqli(host, user, pass, DB) OR die('Fail Whale ' . mysqli_connect_error());
?>
The notice will go away with input, but I'm unsure about and the warning and the fatal error it causes.
This code works without issue on Ubuntu 14 with PHP5. I've uncommented
extension=php_mysqli.dll
in php.ini. This is obviously a compatibility issue, but I'm unsure if I need to re-write my code or if it's a matter of a simple setting that I can't find.
The issue was two stupid mistakes.
1)The user I referenced in my connection was not given proper rights.
and
2) 'Host' was defined as the IP of the localhost. For whatever reason this worked on Cat connection, but not on WiFI (both had static Ip's).
For others with the same/similar issue. Verify that your php.ini mysqli extension is enabled/uncommmented. As A.L was onto the issue was with mySQL settings not PHP/Ubuntu.
I have a a form that pulls data from a database(mysql to be specific) and echos the data into the value section of <input> tags. It doesn't seem to be working I have coded a view section of my website to do the same thing but from a different table in my database. I use the same code to make making changes easy and if another developer works on my site in the future. Anyway it doesn't seem to be working I'm not sure why though.
The full error I get:
Warning: mysqli_query() expects parameter 1 to be mysqli, null given in /home/caseol5/public_html/jj/admin/news_update.php on line 9
Here is line 9 that the error is referring to:
$result = mysqli_query($link,$sql);
I know that both of those function are not null as I did:
echo $link
echo $sql
before that line after I started feting the error and they both are not null.
Here is the full code segment:
$nid = $_GET['nid'];
include ("../sql/dbConnect.php");
$sql = "SELECT * FROM jj_news WHERE news_id = $nid";
echo "<p>The SQL Command: $sql </p>";
echo "<p>Link: $link </p>";
$result = mysqli_query($link,$sql);
if (!$result)
{
echo "<h1>You have encountered a problem with the update.</h1>";
die( "<h2>" . mysqli_error($link) . "</h2>") ;
}
$row = mysqli_fetch_array($result);
$ntitle = $row['news_title'];
$ntline = $row['news_titleline'];
$ndesc = $row['news_desc'];
$nother = $row['news_other'];
I have looked into mysqli_query and I can't find anything I'm missing. I have also tired breaking the code down (and running parts of it and it gives the same error. My guess is it something small that I missed. I've looked at other question on this site that do that are a little similar but none seem to help. I've been looking at this for a while now and need another pair of eyes.
Update
As requested the contents of my dbconnect.php file:
$hostname = "localhost";
$username = "caseol5_jjoes";
$database = "caseol5_jj_site";
$password = "password1";
$link = mysqli_connect($hostname, $username, $password, $database);
$link = mysqli_connect($hostname,$username,$password,$database) or die("Error " . mysqli_error($link));
if (!$link)
{
echo "We have a problem!";
}
As clearly stated in the error message, mysqli_querydocs expects the first parameter to be a mysqli resource. In your case, this parameter is called $link but it holds a null value. A proper mysqli resource is normally obtained from connecting with the database by making use of mysqli_connectdocs
I expect the ../sql/dbConnect.php file holds the logic to connect with the database. Verify whether the $link variable is indeed initialized there. If it's not there, try to find an occurrence of mysqli_connect - maybe the resource is set to a different variable.
Without knowing what exactly is in ../sql/dbConnect.php, your problem right now is that you do not have a valid mysqli resource to use for mysqli_query.
I am working on PHP and MySQL environment for first time..
And I got another problem with my connectivity.
I am unable to create a connection between both of them.
I am trying to make a code for login page.
My database name and all those things are correct.
Here's my code..
<?php
$con = NULL;
if (empty($_POST['username']) || empty($_POST['password'])) {
$error="Username or Password is invalid";
}
else {
global $con;
$con=mysqli_connect("localhost","root","","student");
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
else {
$sql = "select * from login where password='" . $_POST['password'] . "' AND username='" . $_POST['username'] . "'";
echo $sql;
$query=mysqli_query($sql,$con);
$rows=mysqli_num_rows($query);
echo $rows;
if ($rows==1) {
$_SESSION['login_user'] = $_POST['username'];
//Initializing Session
header("location: /pages/profile.php"); //Redirecting to other page
} else {
$error = "Username or Password is invalid";
}
}
//SQL query to fetch information of registered users and finds user match.
//Closing Connection
mysql_close($con);
}
?>
Errors :
Warning: mysqli_query() expects parameter 1 to be mysqli, string given in C:\xampp\htdocs\pages\login.php on line 21
Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, null given in C:\xampp\htdocs\pages\login.php on line 24
Warning: mysql_close() expects parameter 1 to be resource, object given in C:\xampp\htdocs\pages\login.php on line 39
The first warning tells you exactly what's wrong:
Warning: mysqli_query() expects parameter 1 to be mysqli, string given in C:\xampp\htdocs\pages\login.php on line 21
Here you define your variables:
$con=mysqli_connect("localhost","root","","student");
// ...
$sql = "select * from login where password='" . $_POST['password'] . "' AND username='" . $_POST['username'] . "'";
So $con is a mysqli object and $sql is a string. Then you call the function:
$query=mysqli_query($sql,$con);
You're passing it the string and then the connection. The error says that the first object should be the connection. Like this:
$query=mysqli_query($con,$sql);
Also, and this is important... I realize you're just getting started and just learning the concepts. But make sure you understand this before writing any code which would be used in any live system or which would be responsible for any user's data. Your code is wide open to SQL injection attacks. Basically, any user has complete access to your database and probably you server. Please start by reading this.
What this code currently does, even though you may not be aware of it, is it executes user input as code. Clearly you don't want any user to be able to execute any arbitrary code they want on your server, but currently that's exactly what you're allowing. Again, you're new, so it's an understandable mistake. I'm not trying to blame you, just convince you of the importance of this. Especially when your websites start to contain user data.
I've recently been working on a uni assignment and had a lot of trouble getting my code to work.
The errors that seem to occur when I upload my .php file onto the server and then try to view them are the following:
Warning: oci_parse() expects parameter 1 to be resource, string given in /home/contactusphp.php on line 227
Warning: ociexecute() expects parameter 1 to be resource, null given in /home/contactusphp.php on line 232
Your mesage has been sent successfully!
Additional details:
This is for use in an Oracle database, and the original purpose was for a user to use a contact form to send a message to the site owner (putting the message into the database).
My code is as follows:
211. <?
212. // extract form data
213. $emailcontact = $_REQUEST['emailcontact'] ;
214. $email_address = $_REQUEST['email_address'] ;
215.
216. // Create the SQL statement to add data into the database
217. $sql = "INSERT INTO contactus (emailcontact, email_address) VALUES ('$emailcontact', '$email_address')";
218.
219. // Set the oracle user login and password info
220. $dbuser = 'XXXX';
221. $dbpass = 'XXXX';
222. $db = 'SSID';
223. $connect = 'OCI_Logon($dbuser, $dbpass, $db)';
224.
225.
226. // Add this data into the database as a new record
227. $stmt = OCI_Parse($connect, $sql);
228. if(!stmt) {
229. echo 'An error occurred in parsing the SQL string./n';
230. exit;
231. }
232. OCI_Execute($stmt); {
233. echo ('Your mesage has been sent successfully!');
234. }
235. ?>
I can't seem to find what could be wrong, and I'm not very experienced with web development either.
EDIT: I got rid of quotes, and changed OCI_Logon/OCI_Parse/OCI_Execute to OCILogon, etc.
However, the problem changed when I did so.
There's a new error code, which is as follows:
Warning: ociexecute() [function.ociexecute]: ORA-00904: "EMAILCONTACT": invalid identifier in /home/contactusphp.php on line 232
The new code is:
211. <?
212. // extract form data
213. $emailcontact = $_REQUEST['emailcontact'] ;
214. $email_address = $_REQUEST['email_address'] ;
215.
216. // Create the SQL statement to add data into the database
217. $sql = "INSERT INTO contactus (emailcontact, email_address) VALUES ('$emailcontact', '$email_address')";
218.
219. // Set the oracle user login and password info
220. $dbuser = 'XXXX';
221. $dbpass = 'XXXX';
222. $db = 'SSID';
223. $connect = OCILogon($dbuser, $dbpass, $db);
224.
225.
226. // Add this data into the database as a new record
227. $stmt = OCIParse($connect, $sql);
228. if(!stmt) {
229. echo 'An error occurred in parsing the SQL string./n';
230. exit;
231. }
232. OCIExecute($stmt); {
233. echo ('Your mesage has been sent successfully!');
234. }
235. ?>
EDIT:
The problem ended up fixing itself, and I have no idea how.
Why the quotes around this function?
$connect = 'OCI_Logon($dbuser, $dbpass, $db)';
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result
$err = mysql_query("INSERT INTO tridy (id,NazevTridy,url) VALUES (
'$i',
'$tridy->find('div[class=rozvrhseznam]', 0)->find('a[href]', $i)->outertext',
'$tridy->find('div[class=rozvrhseznam]', 0)->find('a[href]', $i)->href')");
mysql_error($err); // line 97
Warning: mysql_error(): supplied argument is not a valid MySQL-Link resource in /hosting/www/cran-web.com/www/rozvrh/engine.php on line 97
--- lines 2-6:
$username="*****.com";
$password="*********";
$database="*********";
mysql_connect('127.0.0.1', $username, $password) or die('Could not connect'.mysql_error());
mysql_select_db($database) or die( "Cannot select db.");
I'm getting this error when I try to execute my query. Can you tell what does the error message mean and how to fix it?
mysql_error($err); remove the argument!
It takes link to the resource not number of error.
Link is used to recognise different connections (you can retrieve one using mysql_connect) read about this if u need more.
mysql_error() expects a "Link resource" and no "result resource". Te correct way would be something like:
$username="*****.com";
$password="*********";
$database="*********";
$connection = mysql_connect('127.0.0.1', $username, $password) or die('Could not connect'.mysql_error());
mysql_select_db($database, $connection) or die( "Cannot select db.");
$err = mysql_query("INSERT INTO tridy (id,NazevTridy,url) VALUES (
'$i',
'$tridy->find('div[class=rozvrhseznam]', 0)->find('a[href]', $i)->outertext',
'$tridy->find('div[class=rozvrhseznam]', 0)->find('a[href]', $i)->href')", $connection);
mysql_error($connection); // line 97
Mind the use of $connection. Wile $connection could be dropped everywhere as in
mysql_error();
Which uses the last opened connection or opens a new one by default. While depending on the default connection is bad. You might also want to look into mysqli or PDO as alternative ways to talk to MySQL.
You are passing a query into mysql_error, you need to pass a link identifier.
Also mind that mysql_query() dealing with INSERT returns true on success and false on failure.
So naming the variable $err is somehow misleading, if($err) would mean no error occurred and vice versa.
Better:
$success = mysq_query("INSERT....");
if(!$success) {
// use of $connection is pointed to in other answers
$error_msg = mysql_error($connection);
// so some error handling
}
About mysql_error():
Parameter: The MySQL connection. If the link identifier is not specified, the last link opened by mysql_connect() is assumed
and the return value:
Returns the error text from the last MySQL function, or '' (empty string) if no error occurred.
So you also do something with the return value. Just calling mysql_error() is of no use!