Jump to content

Expereincing Fatal Error, But Probably An Easy Fix For You Guys/Gals


BlackStones

Recommended Posts

Fatal error: Can't use function return value in write context on line 21

 

Hello, I am creating a login_parse php file that will facilitate user authentication on a website.  I have received the above error with the code below.

 

The line that yields the error is $_SESSION('uid') = $row['id'];

 

As always, I am grateful for the assistance.

<?php

session_start();
include_once("connect.php");

	if (!isset($_POST['username'])) 
	{
		$username = $_POST['username'];
		$password = $_POST['password'];
		
		
		$sql = "SELECT * FROM users WHERE username='".$username."'  AND password ='".$password."' LIMIT 1";
		$res = mysql_query($sql) or die(mysql_error());
		
		$ifstmt = mysql_num_rows(mysql_query($res));
		
		if($ifstmt == 1)
		{
			$row = mysql_fetch_assoc($res);
			
			$_SESSION('uid') = $row['id'];
			
			$_SESSION('username') = $row['username'];
			
			header("Location: demo.php");
			exit();
			
		}
		else
		{
			echo "Invalid login information.  Please return to the previous page";
			exit();
		}
	}

?>
Link to comment
Share on other sites

Besides that, your code is extremely insecure:

  • You insert the raw user input into your query, which allows arbitrary visitors to perform an SQL injection attack. This can be used to steal sensitive data from your database or even take over the entire server.
  • Since you store the passwords as plaintext (WTF?), this will be first target.
  • You leak sensitive information about your database by outputting mysql_error() directly on the screen.
  • Since you reuse the old running session without generating a new ID, your code is vulnerable to session fixation attacks.

And of course all mysql_* functions are obsolete since more than 10 years and will be removed in one of the next PHP releases. Haven't you seen the big red warnings in the manual?

 

I don't think you should upload this.

Link to comment
Share on other sites

Thanks for the replies, I've been a bit busy but now I have time to allocate to educating myself.

 

@bsmither I'm trying to resolve this error, I was following a video tutorial online.

 

@Jacques1 I'm so uneducated, I'm learning on W3 schools.  Do you have any additional resources I can use to help myself?

Link to comment
Share on other sites

the php.net documentation is the best place to learn the basic syntax and usage. programming is the type of task where you must really grasp the meaning of everything, every character counts. watching videos cannot do that well because after the information goes past, it is hard to find it for reference. printed information is the best way of learning a programming language because you can easily find it to keep referring to it as many times as necessary.

 

your error is because you are assigning one array variable - $row['id'] to a session array variable but the syntax you used on the left-hand side is not that of array variables, but of calling a function, which uses ( ).

 

the syntax for referencing elements of array variables uses [ ] around the index/key, as in $row['id']. the syntax on the left-hand side to assign that value to a session array variable would be the same usage - $_SESSION['uid']

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.