This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
PDO Database access WHERE title = $title
Here is a sample of $message's content :
String(108) "\n cc je t'ai envoy� une invitation A plus :p\n "
Here is the error message :
Fatal error: Call to a member function setFetchMode() on a non-object
in B:\wamp\www\messages.php on line 101
My request that doesn't work :
$resultats = $connexion->query("SELECT * FROM messages WHERE message LIKE '%$message%'");
$resultats->setFetchMode(PDO::FETCH_OBJ);
$occurences= $resultats->rowCount();
Why does this one work? (I changed $message by a) :
$resultats = $connexion->query("SELECT * FROM messages WHERE message LIKE '%a%'");
$resultats->setFetchMode(PDO::FETCH_OBJ);
$occurences= $resultats->rowCount();
Simply using PDO with the same techniques that were used for mysql_* doesn't do you any good, you need to take advantage of its parameterized queries:
$query = $connexion->prepare("SELECT * FROM messages WHERE message LIKE ?");
$query->setFetchMode(PDO::FETCH_OBJ);
if($query->execute(array('%'.$message.'%'))) {
// process
}
else {
// only for debugging purposes, not a live app
var_dump($connexion->errorInfo());
}
It performs all necessary escaping automatically and correctly for you on parameters, that you pass via the execute() method.
As for I used addslashes: That is not safe. Use prepared statements as demonstrated above.
Unless you are generating SQL – actual SQL logic, not filling in blanks with user generated content – you should never have a need for PHP variables within SQL.
Try using PDO Prepare. This is the 'almost' equivalent to mysql_real_escape_string(). This will probably eliminate most (if not all) of your errors due to special characters.
Related
This question already has answers here:
mysql_fetch_array()/mysql_fetch_assoc()/mysql_fetch_row()/mysql_num_rows etc... expects parameter 1 to be resource
(31 answers)
Closed 5 months ago.
I am trying to get an old PHP script to work but I keep getting this notice:
Notice: Trying to get property of non-object in ...
The notice is based on the last line of this code:
$result_id_check = mysql_query("select ses_userid from fe_sessions where ses_id = '".$_COOKIE['fe_typo_user']."';");
$row_check = mysql_fetch_object($result_id_check);
if ($row_check->ses_userid) {
I also tried using mysqli_query and mysqli_fetch_object but that won't take any changes.
Any ideas how I can resolve this?
This error normally means that the query failed.
You should be checking for errors as you go like this, also the string concatenation can be made simpler if you use either the {$_COOKIE['fe_typo_user']} form of variable expansion inside a double quoted string, or alternatively this will also work $_COOKIE[fe_typo_user]
$sql = "select ses_userid
from fe_sessions
where ses_id = '{$_COOKIE['fe_typo_user']}'"
$result_id_check = mysql_query($sql);
if ( $result_id_check === false ) {
echo mysql_error();
echo 'Bad SQL : ' . $sql;
exit;
}
$row_check = mysql_fetch_object($result_id_check);
This way when you make small mistakes with your SQL, you get told about them directly and you dont have to wonder what nay have gone wrong.
Please dont use the mysql_ database extension, it
is deprecated (gone for ever in PHP7)
Specially if you are just learning PHP, spend your energies learning the PDO database extensions.
Start here
You should also be using parameterized queries ( available in the mysqli_ and PDO database extensions, but not the old deprecated mysql_ extension) to avoid SQL Injection Attack Specially if you are using data got from $_POST or $_GET or $_COOKIE
If you are considering moving to mysqli_ or PDO you should read also read this Can I mix MySQL APIs in PHP?
Before using $row_check->ses_userid just check whether $row_check is true or false.
if ($row_check) {
if ($row_check->ses_userid) {
}
}
This question already has an answer here:
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
Closed 6 years ago.
I am trying to bind a variable in this prepared statement, but i keep receiving the error:
Call to a member function bind_param() on a non-object
The function is called, and variables are passed to it. When i change the function to just echo the variable, the variable prints on the page fine, but if i try to bind it here i receive the error. can anyone help?
//CALL FROM PAGE ONE
check($username);
//FUNCTION ON PAGE 2
function check($username){
$DBH = getDBH();
$qSelect = $DBH->prepare("SELECT * FROM users WHERE username = ?");
$qSelect->bind_param("s", $username);
}
i know the function is not completely written here, but that shouldn't be a problem. I don't understand why i am receiving this error.
Well, one reason prepare() can fail is if the sql statement sent to it is not valid in the current DB.
prepare() will then return false.
Eg - if the table name is not correct or one or more field in the query does not exist.
as the error-message says, $qSelect seems to be not an object. try to debug this by using var_dump($qSelect); right after your prepare-call. also check if getDBH() returns what you need.
sounds like the prepare-call fails (don't know why) and so it returns false - false is not an object, so you can't call bind_param() on that.
EDIT: you havn't given the info, but it looks like you're using PHP's PDO. In that case, take a look at the documentation.
If the database server successfully
prepares the statement, PDO::prepare()
returns a PDOStatement object. If the
database server cannot successfully
prepare the statement, PDO::prepare()
returns FALSE or emits PDOException
(depending on error handling).
You should configure your server to return those PDO-Exceptions, which would tell you why the prepare call fails.
i'm using the mysqli approach as well and got the same error when I created another instance of mysqli before closing the first instance. So its important to use close() before starting the same piece of code. For example:
$DBH = getDBH();
$qSelect = $DBH->prepare("SELECT * FROM users WHERE username = ?");
$qSelect->bind_param("s", $username);
$qSelect->close(); // <--- use close before calling the same function( wich contains $DBH code) again;
It appears that prepare is quite dumb. It doesn't rely query entirely into the MySQL side, by this, I mean, if in your query, you have a table that happens to have the same name of a keyword, say "user", "order", ..., it just doesn't recognize it as a table, but rather as what the keyword commands actually do, so the query turns out to be a mess and the prepare just fail.
To fix this is simple, you have to type it in the "correct" way adding "`" in both sides of the table name. Example:
`user`, `order`, `...`
It's correct, yet, I find it silly from prepare to have this behavior.
I am trying to help other people with little experience in PHP like me.
In my case, this error occurred because I had an SQL syntax error. The console stack trace did not show the problem.
When I fixed the SQL, the error was gone.
Check the permissions of the user in database. User without "insert" permission causes "Call to a member function bind_param() on a non-object" message error too, when trying to insert.
This question already has an answer here:
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
Closed 6 years ago.
I am trying to bind a variable in this prepared statement, but i keep receiving the error:
Call to a member function bind_param() on a non-object
The function is called, and variables are passed to it. When i change the function to just echo the variable, the variable prints on the page fine, but if i try to bind it here i receive the error. can anyone help?
//CALL FROM PAGE ONE
check($username);
//FUNCTION ON PAGE 2
function check($username){
$DBH = getDBH();
$qSelect = $DBH->prepare("SELECT * FROM users WHERE username = ?");
$qSelect->bind_param("s", $username);
}
i know the function is not completely written here, but that shouldn't be a problem. I don't understand why i am receiving this error.
Well, one reason prepare() can fail is if the sql statement sent to it is not valid in the current DB.
prepare() will then return false.
Eg - if the table name is not correct or one or more field in the query does not exist.
as the error-message says, $qSelect seems to be not an object. try to debug this by using var_dump($qSelect); right after your prepare-call. also check if getDBH() returns what you need.
sounds like the prepare-call fails (don't know why) and so it returns false - false is not an object, so you can't call bind_param() on that.
EDIT: you havn't given the info, but it looks like you're using PHP's PDO. In that case, take a look at the documentation.
If the database server successfully
prepares the statement, PDO::prepare()
returns a PDOStatement object. If the
database server cannot successfully
prepare the statement, PDO::prepare()
returns FALSE or emits PDOException
(depending on error handling).
You should configure your server to return those PDO-Exceptions, which would tell you why the prepare call fails.
i'm using the mysqli approach as well and got the same error when I created another instance of mysqli before closing the first instance. So its important to use close() before starting the same piece of code. For example:
$DBH = getDBH();
$qSelect = $DBH->prepare("SELECT * FROM users WHERE username = ?");
$qSelect->bind_param("s", $username);
$qSelect->close(); // <--- use close before calling the same function( wich contains $DBH code) again;
It appears that prepare is quite dumb. It doesn't rely query entirely into the MySQL side, by this, I mean, if in your query, you have a table that happens to have the same name of a keyword, say "user", "order", ..., it just doesn't recognize it as a table, but rather as what the keyword commands actually do, so the query turns out to be a mess and the prepare just fail.
To fix this is simple, you have to type it in the "correct" way adding "`" in both sides of the table name. Example:
`user`, `order`, `...`
It's correct, yet, I find it silly from prepare to have this behavior.
I am trying to help other people with little experience in PHP like me.
In my case, this error occurred because I had an SQL syntax error. The console stack trace did not show the problem.
When I fixed the SQL, the error was gone.
Check the permissions of the user in database. User without "insert" permission causes "Call to a member function bind_param() on a non-object" message error too, when trying to insert.
This question already has an answer here:
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
Closed 6 years ago.
I am trying to bind a variable in this prepared statement, but i keep receiving the error:
Call to a member function bind_param() on a non-object
The function is called, and variables are passed to it. When i change the function to just echo the variable, the variable prints on the page fine, but if i try to bind it here i receive the error. can anyone help?
//CALL FROM PAGE ONE
check($username);
//FUNCTION ON PAGE 2
function check($username){
$DBH = getDBH();
$qSelect = $DBH->prepare("SELECT * FROM users WHERE username = ?");
$qSelect->bind_param("s", $username);
}
i know the function is not completely written here, but that shouldn't be a problem. I don't understand why i am receiving this error.
Well, one reason prepare() can fail is if the sql statement sent to it is not valid in the current DB.
prepare() will then return false.
Eg - if the table name is not correct or one or more field in the query does not exist.
as the error-message says, $qSelect seems to be not an object. try to debug this by using var_dump($qSelect); right after your prepare-call. also check if getDBH() returns what you need.
sounds like the prepare-call fails (don't know why) and so it returns false - false is not an object, so you can't call bind_param() on that.
EDIT: you havn't given the info, but it looks like you're using PHP's PDO. In that case, take a look at the documentation.
If the database server successfully
prepares the statement, PDO::prepare()
returns a PDOStatement object. If the
database server cannot successfully
prepare the statement, PDO::prepare()
returns FALSE or emits PDOException
(depending on error handling).
You should configure your server to return those PDO-Exceptions, which would tell you why the prepare call fails.
i'm using the mysqli approach as well and got the same error when I created another instance of mysqli before closing the first instance. So its important to use close() before starting the same piece of code. For example:
$DBH = getDBH();
$qSelect = $DBH->prepare("SELECT * FROM users WHERE username = ?");
$qSelect->bind_param("s", $username);
$qSelect->close(); // <--- use close before calling the same function( wich contains $DBH code) again;
It appears that prepare is quite dumb. It doesn't rely query entirely into the MySQL side, by this, I mean, if in your query, you have a table that happens to have the same name of a keyword, say "user", "order", ..., it just doesn't recognize it as a table, but rather as what the keyword commands actually do, so the query turns out to be a mess and the prepare just fail.
To fix this is simple, you have to type it in the "correct" way adding "`" in both sides of the table name. Example:
`user`, `order`, `...`
It's correct, yet, I find it silly from prepare to have this behavior.
I am trying to help other people with little experience in PHP like me.
In my case, this error occurred because I had an SQL syntax error. The console stack trace did not show the problem.
When I fixed the SQL, the error was gone.
Check the permissions of the user in database. User without "insert" permission causes "Call to a member function bind_param() on a non-object" message error too, when trying to insert.
This question already has answers here:
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(2 answers)
Closed 6 years ago.
I am trying to bind a variable in this prepared statement, but i keep receiving the error:
Call to a member function bind_param() on a non-object
The function is called, and variables are passed to it. When i change the function to just echo the variable, the variable prints on the page fine, but if i try to bind it here i receive the error. can anyone help?
//CALL FROM PAGE ONE
check($username);
//FUNCTION ON PAGE 2
function check($username){
$DBH = getDBH();
$qSelect = $DBH->prepare("SELECT * FROM users WHERE username = ?");
$qSelect->bind_param("s", $username);
}
i know the function is not completely written here, but that shouldn't be a problem. I don't understand why i am receiving this error.
Well, one reason prepare() can fail is if the sql statement sent to it is not valid in the current DB.
prepare() will then return false.
Eg - if the table name is not correct or one or more field in the query does not exist.
as the error-message says, $qSelect seems to be not an object. try to debug this by using var_dump($qSelect); right after your prepare-call. also check if getDBH() returns what you need.
sounds like the prepare-call fails (don't know why) and so it returns false - false is not an object, so you can't call bind_param() on that.
EDIT: you havn't given the info, but it looks like you're using PHP's PDO. In that case, take a look at the documentation.
If the database server successfully
prepares the statement, PDO::prepare()
returns a PDOStatement object. If the
database server cannot successfully
prepare the statement, PDO::prepare()
returns FALSE or emits PDOException
(depending on error handling).
You should configure your server to return those PDO-Exceptions, which would tell you why the prepare call fails.
i'm using the mysqli approach as well and got the same error when I created another instance of mysqli before closing the first instance. So its important to use close() before starting the same piece of code. For example:
$DBH = getDBH();
$qSelect = $DBH->prepare("SELECT * FROM users WHERE username = ?");
$qSelect->bind_param("s", $username);
$qSelect->close(); // <--- use close before calling the same function( wich contains $DBH code) again;
It appears that prepare is quite dumb. It doesn't rely query entirely into the MySQL side, by this, I mean, if in your query, you have a table that happens to have the same name of a keyword, say "user", "order", ..., it just doesn't recognize it as a table, but rather as what the keyword commands actually do, so the query turns out to be a mess and the prepare just fail.
To fix this is simple, you have to type it in the "correct" way adding "`" in both sides of the table name. Example:
`user`, `order`, `...`
It's correct, yet, I find it silly from prepare to have this behavior.
I am trying to help other people with little experience in PHP like me.
In my case, this error occurred because I had an SQL syntax error. The console stack trace did not show the problem.
When I fixed the SQL, the error was gone.
Check the permissions of the user in database. User without "insert" permission causes "Call to a member function bind_param() on a non-object" message error too, when trying to insert.