BlackStones Posted May 15, 2014 Share Posted May 15, 2014 Fatal error: Can't use function return value in write context on line 21 Hello, I am creating a login_parse php file that will facilitate user authentication on a website. I have received the above error with the code below. The line that yields the error is $_SESSION('uid') = $row['id']; As always, I am grateful for the assistance. <?php session_start(); include_once("connect.php"); if (!isset($_POST['username'])) { $username = $_POST['username']; $password = $_POST['password']; $sql = "SELECT * FROM users WHERE username='".$username."' AND password ='".$password."' LIMIT 1"; $res = mysql_query($sql) or die(mysql_error()); $ifstmt = mysql_num_rows(mysql_query($res)); if($ifstmt == 1) { $row = mysql_fetch_assoc($res); $_SESSION('uid') = $row['id']; $_SESSION('username') = $row['username']; header("Location: demo.php"); exit(); } else { echo "Invalid login information. Please return to the previous page"; exit(); } } ?> Quote Link to comment Share on other sites More sharing options...
bsmither Posted May 15, 2014 Share Posted May 15, 2014 Please observe how you are using $_SESSION('uid') as the name of a function, rather than the name of an array variable. Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted May 15, 2014 Share Posted May 15, 2014 Besides that, your code is extremely insecure: You insert the raw user input into your query, which allows arbitrary visitors to perform an SQL injection attack. This can be used to steal sensitive data from your database or even take over the entire server. Since you store the passwords as plaintext (WTF?), this will be first target. You leak sensitive information about your database by outputting mysql_error() directly on the screen. Since you reuse the old running session without generating a new ID, your code is vulnerable to session fixation attacks. And of course all mysql_* functions are obsolete since more than 10 years and will be removed in one of the next PHP releases. Haven't you seen the big red warnings in the manual? I don't think you should upload this. Quote Link to comment Share on other sites More sharing options...
BlackStones Posted May 16, 2014 Author Share Posted May 16, 2014 Thanks for the replies, I've been a bit busy but now I have time to allocate to educating myself. @bsmither I'm trying to resolve this error, I was following a video tutorial online. @Jacques1 I'm so uneducated, I'm learning on W3 schools. Do you have any additional resources I can use to help myself? Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted May 16, 2014 Share Posted May 16, 2014 the php.net documentation is the best place to learn the basic syntax and usage. programming is the type of task where you must really grasp the meaning of everything, every character counts. watching videos cannot do that well because after the information goes past, it is hard to find it for reference. printed information is the best way of learning a programming language because you can easily find it to keep referring to it as many times as necessary. your error is because you are assigning one array variable - $row['id'] to a session array variable but the syntax you used on the left-hand side is not that of array variables, but of calling a function, which uses ( ). the syntax for referencing elements of array variables uses [ ] around the index/key, as in $row['id']. the syntax on the left-hand side to assign that value to a session array variable would be the same usage - $_SESSION['uid'] Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.