Jump to content

My_Sqli Error

vikram12345

By vikram12345
in PHP Coding Help

 Share

Recommended Posts

vikram12345 Newbie

vikram12345

Posted
Posted (edited) 


<?php


// $goto = $_GET['goto'] ;
session_start() ;
$useremail = $_POST['emailfield'] ;
$passwording = $_POST['pwfield'] ;




$salt = "@cmiplpnp##" ;
$iterations = 4;
$hash = crypt($passwording,$salt);
for ($i = 0; $i < $iterations; ++$i)
{
   $hash = crypt($hash . $passwording,$salt);
}

echo $passwording ;
echo '<br>' ;
echo $hash ;
echo '<br>' ;
require ('sqliauth2.php') ;
/* create a prepared statement */
if ($stmt = $mysqli->prepare("SELECT * FROM userregistry WHERE email= ? AND password11=? ")) ;
{

   /* bind parameters for markers */
   $stmt->bind_param("ss",$email, $hash);

   /* execute query */
   $stmt->execute();



   /* bind result variables */
   $stmt->bind_result($email,$hash);
   $stmt->fetch();
   $row_cnt = $result->num_rows ;
   /* close statement */
   $stmt->close();
}

/* close connection */
$mysqli->close();

echo $row_cnt ;

?>

 

ERRORS ::::

 

Warning: mysqli_stmt::bind_result(): Number of bind variables doesn't match number of fields in prepared statement in D:\xampp\htdocs\bullet2\sqlilogincheck.phpon line 39

 

Notice: Undefined variable: result in D:\xampp\htdocs\bullet2\sqlilogincheck.php on line 41

 

Notice: Trying to get property of non-object in D:\xampp\htdocs\bullet2\sqlilogincheck.php on line 41

 

 

Trying to understand why, but no clue :(

HELP !!!

Edited by vikram12345
Link to comment
https://forums.phpfreaks.com/topic/270972-my_sqli-error/
Share on other sites
Muddy_Funster Regular Member

Muddy_Funster

Posted
Posted

That post from annarocco39 is just spam.

 

Your error msgs :

1st one :

$stmt->bind_param("ss",$email, $hash);

You are sending 3 paramaters to the query sting when you have only put 2 ? holders in place in the query string.

 

2nd and 3rd both relate to

$row_cnt = $result->num_rows

You have not defined $result as anything previous to this line. You have to define a variable before you can use it on the tight hand side of an assignment.

As the parser does not know what $result is, it can't access the object properties you think it should have.

Link to comment
https://forums.phpfreaks.com/topic/270972-my_sqli-error/#findComment-1394034
Share on other sites
vikram12345 Newbie

vikram12345

Posted
  • Author
Posted

That post from annarocco39 is just spam.

 

Your error msgs :

1st one :

$stmt->bind_param("ss",$email, $hash);

You are sending 3 paramaters to the query sting when you have only put 2 ? holders in place in the query string.

 

2nd and 3rd both relate to

$row_cnt = $result->num_rows

You have not defined $result as anything previous to this line. You have to define a variable before you can use it on the tight hand side of an assignment.

As the parser does not know what $result is, it can't access the object properties you think it should have.

 

 

I solved the result issue .

 

Now i'm gettin this

 

Warning: mysqli_stmt::bind_result(): Number of bind variables doesn't match number of fields in prepared statement in D:\xampp\htdocs\bullet2\sqlilogincheck.phpon line 39

 

my current code :

 

// $goto = $_GET['goto'] ;
session_start() ;
$useremail = $_POST['emailfield'] ;
$passwording = $_POST['pwfield'] ;

$salt = "@cmiplpnp##" ;
$iterations = 4;
$hash = crypt($passwording,$salt);
for ($i = 0; $i < $iterations; ++$i)
{
   $hash = crypt($hash . $passwording,$salt);
}

echo $passwording ;
echo '<br>' ;
echo $hash ;
echo '<br>' ;
require ('sqliauth2.php') ;
/* create a prepared statement */
if ($stmt = $mysqli->prepare("SELECT * FROM userregistry WHERE email= ? AND password11=? ")) ;
{


   /* bind parameters for markers */
   $stmt->bind_param("ss",$email, $hash);


   /* execute query */
   $stmt->execute();




   /* bind result variables */
   $stmt->bind_result($email,$hash);
   $stmt->fetch();

   $row_cnt = $stmt->num_rows ;
   /* close statement */
   $stmt->close();
}


/* close connection */
$mysqli->close();


echo $row_cnt ;


?>

Link to comment
https://forums.phpfreaks.com/topic/270972-my_sqli-error/#findComment-1394036
Share on other sites
Christian F. Member

Christian F.

Posted
Posted (edited) 

SELECT * FROM

You have only two fields in that table? If not, then this won't work:

$stmt->bind_result($email,$hash);

 

Always define the fields you want to retrieve from the database, and avoid using the "*" (all) selector. Not only for performance issues, but also because you'll avoid situations like these.

Edited by Christian F.
Link to comment
https://forums.phpfreaks.com/topic/270972-my_sqli-error/#findComment-1394038
Share on other sites
vikram12345 Newbie

vikram12345

Posted
  • Author
Posted 

SELECT * FROM

You have only two fields in that table? If not, then this won't work:

$stmt->bind_result($email,$hash);

 

Always define the fields you want to retrieve from the database, and avoid using the "*" (all) selector. Not only for performance issues, but also because you'll avoid situations like these.

 

really sorry for buggin you guys, but what can I replace it with ?

any other changes required in the code ??

Link to comment
https://forums.phpfreaks.com/topic/270972-my_sqli-error/#findComment-1394039
Share on other sites
Muddy_Funster Regular Member

Muddy_Funster

Posted
Posted

you raplace * with the column names that you actualy want to retrieve. have a look at this example:

$sql = "SELECT firstName, lastName, idNumber FROM users where email = ? and pass = ?";
$stmt = $mysqli->prepare($sql);
$stmt->bind_param($email, $hash);
$stmt->bind_results($firstName, $lastName, $idNumber);
echo " welcome $firstName $lastName, your ID Number is $idNumber";

you see how the results get bound to the variables in the same order they are selected in? if you select the whole table, then you will need to bind every result.

Link to comment
https://forums.phpfreaks.com/topic/270972-my_sqli-error/#findComment-1394044
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.