Jump to content


Photo

Expereincing Fatal Error, But Probably An Easy Fix For You Guys/Gals


  • Please log in to reply
4 replies to this topic

#1 BlackStones

BlackStones

    Newbie

  • New Members
  • Pip
  • 4 posts

Posted 14 May 2014 - 07:56 PM

Fatal error: Can't use function return value in write context on line 21

 

Hello, I am creating a login_parse php file that will facilitate user authentication on a website.  I have received the above error with the code below.

 

The line that yields the error is $_SESSION('uid') = $row['id'];

 

As always, I am grateful for the assistance.

<?php

session_start();
include_once("connect.php");

	if (!isset($_POST['username'])) 
	{
		$username = $_POST['username'];
		$password = $_POST['password'];
		
		
		$sql = "SELECT * FROM users WHERE username='".$username."'  AND password ='".$password."' LIMIT 1";
		$res = mysql_query($sql) or die(mysql_error());
		
		$ifstmt = mysql_num_rows(mysql_query($res));
		
		if($ifstmt == 1)
		{
			$row = mysql_fetch_assoc($res);
			
			$_SESSION('uid') = $row['id'];
			
			$_SESSION('username') = $row['username'];
			
			header("Location: demo.php");
			exit();
			
		}
		else
		{
			echo "Invalid login information.  Please return to the previous page";
			exit();
		}
	}

?>


#2 bsmither

bsmither

    Advanced Member

  • Members
  • PipPipPip
  • 137 posts
  • LocationRocky Mountains

Posted 14 May 2014 - 07:59 PM

Please observe how you are using $_SESSION('uid') as the name of a function, rather than the name of an array variable.


Just waiting until my question gets answered.


#3 Jacques1

Jacques1

    Advanced Member

  • Members
  • PipPipPip
  • 955 posts

Posted 14 May 2014 - 08:36 PM

Besides that, your code is extremely insecure:

  • You insert the raw user input into your query, which allows arbitrary visitors to perform an SQL injection attack. This can be used to steal sensitive data from your database or even take over the entire server.
  • Since you store the passwords as plaintext (WTF?), this will be first target.
  • You leak sensitive information about your database by outputting mysql_error() directly on the screen.
  • Since you reuse the old running session without generating a new ID, your code is vulnerable to session fixation attacks.

And of course all mysql_* functions are obsolete since more than 10 years and will be removed in one of the next PHP releases. Haven't you seen the big red warnings in the manual?

 

I don't think you should upload this.



#4 BlackStones

BlackStones

    Newbie

  • New Members
  • Pip
  • 4 posts

Posted 15 May 2014 - 08:52 PM

Thanks for the replies, I've been a bit busy but now I have time to allocate to educating myself.

 

@bsmither I'm trying to resolve this error, I was following a video tutorial online.

 

@Jacques1 I'm so uneducated, I'm learning on W3 schools.  Do you have any additional resources I can use to help myself?



#5 mac_gyver

mac_gyver

    Advanced Member

  • Administrators
  • 2,537 posts

Posted 16 May 2014 - 04:45 AM

the php.net documentation is the best place to learn the basic syntax and usage. programming is the type of task where you must really grasp the meaning of everything, every character counts. watching videos cannot do that well because after the information goes past, it is hard to find it for reference. printed information is the best way of learning a programming language because you can easily find it to keep referring to it as many times as necessary.

 

your error is because you are assigning one array variable - $row['id'] to a session array variable but the syntax you used on the left-hand side is not that of array variables, but of calling a function, which uses ( ).

 

the syntax for referencing elements of array variables uses [ ] around the index/key, as in $row['id']. the syntax on the left-hand side to assign that value to a session array variable would be the same usage - $_SESSION['uid']


multi-purpose programming fool. well written source-code should be self-documenting. well written code should be self-troubleshooting. 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Cheap Linux VPS from $5
SSD Storage, 30 day Guarantee
1 TB of BW, 100% Network Uptime

AlphaBit.com