Jump to content

Recommended Posts

My error log: "Call to a member function fetch_assoc() on a non-object in /home/strea345/public_html/usersignup.php on line 17"

 

 

Line 17: 

if($row = $results->fetch_assoc()) 

This happens when users try signing up or signing in; gives an error to them saying 

 

 

{"success":0,"error_message":"Invalid Data 

 

 

Any solution?

Wherever you think you created $results you need to check. Probably your query failed and you didn't check it first.

<?php

if($_REQUEST) 
{
$uname = $_REQUEST["set_username"];
$email = $_REQUEST["set_email"];
$pword = $_REQUEST["set_password"];

if (isset($_POST['submit1'])) 
{
	include 'db_connect.php';
$USERNAME=$_REQUEST["username"];
$PASSWORD=$_REQUEST["password"];

$results = $conn->query("SELECT * FROM strea345_db1 where username='$USERNAME' AND password='$PASSWORD'");

if($row = $results->fetch_assoc()) 
{
    session_start();
    $id=$row['username'];
	$_SESSION["username"] = $id;
	//echo $id;
	header("Location: welcome.php");
   
}
else
{
	header("Location: error1.php");
}	



// Frees the memory associated with a result
$results->free();
}


if($email && $pword) 
{
include 'db_connect.php';
 $query = "SELECT * FROM strea345_db1  WHERE username ='$uname' || username ='$uname' && email ='$email' ||email ='$email' ";
        $result = mysqli_query($conn, $query); 
        if (mysqli_num_rows($result) == 0) 
		{
$stmt = $conn->prepare("INSERT INTO strea345_db1 (username, password, email) VALUES (?, ?, ?)");
				//$password = md5($password);
				$stmt->bind_param('sss', $uname,$pword,$email);

				/* execute prepared statement */
				$stmt->execute();

				if ($stmt->error) {error_log("Error: " . $stmt->error); }

				$success = $stmt->affected_rows;

				/* close statement and connection */
				$stmt->close();

				/* close connection */
				$conn->close();
				error_log("Success: $success");

				if ($success > 0) {
					error_log("User '$email' created.");
					header("Location: index.html");
				
				}
				
				else {
					echo '{"success":0,"error_message":"Email Exist."}';
				}
			
		}
		
		else
		{
			header("Location: error.php");
		}
	



	
}
else 
{
		echo '{"success":0,"error_message":"Invalid Email."}';
	
}
}

else 
{
	echo '{"success":0,"error_message":"Invalid Data"}';
}


?>

What looks like it needs fixed?

For security sake use the password_hash and password_verify functions.

 

$_REQUEST is always set so if($_REQUEST){ is useless
 

 

$results = $conn->query("SELECT * FROM strea345_db1 where username='$USERNAME' AND password='$PASSWORD'");

 

First check your query statement and php doesn't parse within single quotes.

$sql = "SELECT * FROM strea345_db1 where username='".$USERNAME."' AND password='".$PASSWORD."'";

   echo $sql;

$results = $conn->query($sql);

if (mysqli_num_rows($result) > 0){

//code...

} else {

//handle results not being there

}

QOC,

You seem to be misinterpreting the single quote restriction. This applies when the entire string is in single quotes. Single quotes inside a double quoted string do not turn off variable parsing.

$myvar = 'abc';
echo "The value in \$myvar is '$myvar' ";  //--> The value in $myvar is 'abc'

$_REQUEST is always set so if($_REQUEST){ is useless

 

 

that statement is testing if $_REQUEST is logically true or not, which is effectively testing if it is empty or not. it is always set, but if it is empty/there are no array indexes present, that's a false value. if it is not empty/there are array indexes present, that's a true value.

 

php doesn't parse within single quotes.

 

 

the overall php $sql string statement is within double-quotes and the php variables will be parsed. the single-quotes within the php string are part of the sql syntax, not the php string syntax.

 

@StreamersUnited, the error message you are getting, which is very common and if you had researched the web for it, means that the query failed due to an error. you must ALWAYS test if a query even ran before you can try to use the result from the query.

 

$results will be a false value if the query failed due to an error and you can echo/log the $conn->error property to find out what sort of error occurred. $results will be a result object/true value if the query ran without any errors.

 

lastly, your code should only make one database connection. you need an exit;/die; statement after your header() redirect to prevent the rest of the code from running. and, if you are expecting post data from a form, use $_POST, not $_REQUEST. $_REQUEST combines $_GET, $_POST, $_COOKIE (default order is GPC) data and if you are in a habit of using $_REQUEST you will likely at some point write some code that adds a same name variable between those three different sources and end up with code that doesn't do what you expect. using $_REQUEST just makes more work when writing code, because you and all the programmers working on a larger project need to keep straight all the possible same name $_GET, $_POST, $_COOKIE and $_REQUEST variables.

Edited by mac_gyver

I guess I should have written there could be different $_GET, $_POST, $_COOKIE and $_REQUEST variables but not the three that were defined in that if statement.

 

Such as if one or all three of these did not exist

  • $uname = $_REQUEST["set_username"];
  • $email = $_REQUEST["set_email"];
  • $pword = $_REQUEST["set_password"];

that statement is testing if $_REQUEST is logically true or not, which is effectively testing if it is empty or not. it is always set, but if it is empty/there are no array indexes present, that's a false value. if it is not empty/there are array indexes present, that's a true value.

 

 

the overall php $sql string statement is within double-quotes and the php variables will be parsed. the single-quotes within the php string are part of the sql syntax, not the php string syntax.

 

@StreamersUnited, the error message you are getting, which is very common and if you had researched the web for it, means that the query failed due to an error. you must ALWAYS test if a query even ran before you can try to use the result from the query.

 

$results will be a false value if the query failed due to an error and you can echo/log the $conn->error property to find out what sort of error occurred. $results will be a result object/true value if the query ran without any errors.

 

lastly, your code should only make one database connection. you need an exit;/die; statement after your header() redirect to prevent the rest of the code from running. and, if you are expecting post data from a form, use $_POST, not $_REQUEST. $_REQUEST combines $_GET, $_POST, $_COOKIE (default order is GPC) data and if you are in a habit of using $_REQUEST you will likely at some point write some code that adds a same name variable between those three different sources and end up with code that doesn't do what you expect. using $_REQUEST just makes more work when writing code, because you and all the programmers working on a larger project need to keep straight all the possible same name $_GET, $_POST, $_COOKIE and $_REQUEST variables.

I paid $500 for a guy to code it; he showed me via his site the signup worked and then sent me all files, but mine has that issue.

 

One guy told me that this guy coding sucked.

In one way it is rather deficient. It is recommended to NOT use $_REQUEST as a catchall/shortcut for accessing your expected input. If you are expecting $_GET input then USE it to get it. Same for POSTs - if it is supposed to be coming in via the $_POST array, then reference the $_POST array. One less way for a hacker to get the best of you

if you paid anything for this script, it should have been written with proper error checking and error handling logic in it, because well written code is self troubleshooting. the code should be telling you why it is failing. all the database statements - connection/query/prepare/execute should have error checking/handling logic.

 

until you add some error handling that tests the result of the query and echoes/logs the $conn->error property when the query fails, you will not know why the query is failing. it could be that the database connection isn't selecting the correct/a database, or that the database table or column names don't exist or are incorrect for that database.

 


 

in addition to what has already been mentioned, there are a number of other shortcomings with this code. it's not protecting against sql injection in most of the queries. it's not hashing the user passwords. the code referencing the signup variables isn't part of any of the singnup form processing code. there's a race-condition in the singup code between the select query and the insert query that would let multiple visitors try to use the same username.

Edited by mac_gyver

if you paid anything for this script, it should have been written with proper error checking and error handling logic in it, because well written code is self troubleshooting. the code should be telling you why it is failing. all the database statements - connection/query/prepare/execute should have error checking/handling logic.

 

until you add some error handling that tests the result of the query and echoes/logs the $conn->error property when the query fails, you will not know why the query is failing. it could be that the database connection isn't selecting the correct/a data, or that the database table or column names don't exist or are incorrect for that database.

how much would I need to pay just have this error fixed?

you need to post a topic in the freelancing/job offers forum section to find that out.

 

the php coding help forum section is for programmers and those leaning to program to get help with code they are working on.

  • Like 1
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.