Jump to content
phreak3r

$row['index here'] outputs null

Recommended Posts

<?php
include('header.php');
require('dbcon/dbcon.php');

	// if fields in form are set and submitted, check if user exists and is logged in or not
	if ($_SERVER['REQUEST_METHOD'] == 'POST') {
		$username = $_POST['username'];
		$password = $_POST['password'];
		$user_query = $pdo->query("SELECT * FROM profiles001 WHERE username = '$username'");
                $row = $user_query->fetchAll(PDO::FETCH_ASSOC);

		// if username and password match, init session and redirect to another page.
		if ($row == 1 && password_verify($password, $row['password'])) {
			$_SESSION['logged_in_user'] = $username; // set to IDnum later on...
			$_SESSION['username'] = $username;		
			// check if the user is logged in
			// if so, redirect to main page for logged-in users.
			if (isset($_SESSION['logged_in_user'])) {
				$_SESSION['logged_in_user'] = TRUE;
				header('Location: main.php');

			} else {
				// not logged in, keep on same page...
				session_destroy();
				exit();
			}
		} else if ($username != $row['username'] || $password != $row['password']) {
                        echo var_dump($row); echo var_dump($row['password']); echo var_dump($row['username']); echo var_dump($row['email']);
			echo "Incorrect username or password.";
		}
	}
?>

This code is responsible for authenticating the user upon logging in. I went ahead and updated the mysqli portion to PDO. As you can see I var_dump some variables near the end. Variable $row prints out as array(1) { [0]=> array(9) { ["username"]=> string(4) "test" ["password"]=> string(60) "$2y$10$uQEUsIwm0usWyZjWk/vo8e90e867oPLBu3ThKCk1aUseMcQuuHrVq" ["avatar"]=> string(15) "assets/soap.jpg" ["doc"]=> NULL ["las"]=> NULL ["email"]=> string(13) "test@test.org" ["c_status"]=> string(1) "0" ["account_age"]=> NULL ["bio"]=> string(4) "test" } }. The other three print out as NULL. What exactly is going on here?

Share this post


Link to post
Share on other sites

Dumping variables is only helpful if you read the dump.

array(1) { [0]=> array(9) {

Do you know what that means?

Share this post


Link to post
Share on other sites
Posted (edited)
2 minutes ago, requinix said:

Dumping variables is only helpful if you read the dump.


array(1) { [0]=> array(9) {

Do you know what that means?

No, I program on and off and am not too well-versed. Empty array?

Edited by phreak3r

Share this post


Link to post
Share on other sites

It means $row is an array containing one element, and that element has a key of 0 and a value that is another array of nine elements.

Share this post


Link to post
Share on other sites
Posted (edited)

So this would not work?

 I would need to change $row == 1 to $row['username'] == 1

if ($row == 1 && password_verify($password, $row['password'])) {
Edited by phreak3r

Share this post


Link to post
Share on other sites

Let me put it this way:

$row = $user_query->fetchAll(PDO::FETCH_ASSOC);

a) Describe using English what $row will be. Not according to what you think it is but according to what the code says it will be.
b) Does that match what you think $row will be? Is there perhaps a simple change you can make here that will bring it into line with your expectations?

Share this post


Link to post
Share on other sites

Stop creating variables for nothing and use Prepared Statements. Never ever put user supplied variables in your query.

Share this post


Link to post
Share on other sites

Another thing to think about is this - Don't you think you might need to actually RUN the query before trying to fetch any results?

Share this post


Link to post
Share on other sites
1 hour ago, ginerjm said:

Another thing to think about is this - Don't you think you might need to actually RUN the query before trying to fetch any results?

Executing the query does nothing.

Share this post


Link to post
Share on other sites
3 hours ago, requinix said:

Let me put it this way:


$row = $user_query->fetchAll(PDO::FETCH_ASSOC);

a) Describe using English what $row will be. Not according to what you think it is but according to what the code says it will be.
b) Does that match what you think $row will be? Is there perhaps a simple change you can make here that will bring it into line with your expectations?

Here is what they mysqli version looked like:

<?php
include('header.php');
require('dbcon/dbcon.php');

	// if fields in form are set and submitted, check if user exists and is logged in or not
	if ($_SERVER['REQUEST_METHOD'] == 'POST') {
		$username = mysqli_real_escape_string($conn, $_POST['username']);
		$password = mysqli_real_escape_string($conn, $_POST['password']);
		$user_query = "SELECT * FROM profile0 WHERE username = '$username'";
		$result = mysqli_query($conn, $user_query);
		$row = mysqli_fetch_assoc($result);

		// if username and password match, init session and redirect to another page.
		if (mysqli_num_rows($result) == 1 && password_verify($password, $row['password'])) {
			$_SESSION['logged_in_user'] = $username; // set to IDnum later on...
			$_SESSION['username'] = $username;		
			// check if the user is logged in
			// if so, redirect to main page for logged-in users.
			if (isset($_SESSION['logged_in_user'])) {
				$_SESSION['logged_in_user'] = TRUE;
				header('Location: main.php');

			} else {
				// not logged in, keep on same page...
				session_destroy();
				exit();
			}
		} else if ($username != $row['username'] || $password != $row['password']) {
			echo "Incorrect username or password.";
		}
	}
?>

 

Share this post


Link to post
Share on other sites

Compare:

$row = $user_query->fetchAll(PDO::FETCH_ASSOC);
$row = mysqli_fetch_assoc($result);

I'm sure that if you take the minute to do what I said about understanding precisely what each line does then you would figure out what's going on.

Share this post


Link to post
Share on other sites
10 minutes ago, requinix said:

Compare:


$row = $user_query->fetchAll(PDO::FETCH_ASSOC);

$row = mysqli_fetch_assoc($result);

I'm sure that if you take the minute to do what I said about understanding precisely what each line does then you would figure out what's going on.

From my understanding it fetches result from or of the array?

Share this post


Link to post
Share on other sites

Could you show us the NEW code that actually executes the query and tests for a result and hopefully even shows an error message from the call?

Share this post


Link to post
Share on other sites

My bad.  I do apologize.  I was misreading your code and having a major brain f..... and thought you were doing a prepare followed by a fetch.  Mad bad again... 

To speed things up here, the fetchall function is handy if you need to retrieve ALL of the results in a new array of the row contents which would be a multi-dimensional array.  In your case where I don't think you will need to do that kind of handling and also because you are probably only going to get a single record, you'll want to use the Fetch function to retrieve the one row with the desired user name.

You might want to add some error checking after the query call to be sure you ran successfully and then maybe even a check of the row count to be sure you got a row and only one row.  Assuming things are always going to run smoothly is bad programming practice.

Share this post


Link to post
Share on other sites
2 hours ago, phreak3r said:

From my understanding it fetches result from or of the array?

The first one fetches all rows and the second one fetches one row.

Share this post


Link to post
Share on other sites
2 hours ago, requinix said:

The first one fetches all rows and the second one fetches one row.

Right, right. Sorry. 😬

Share this post


Link to post
Share on other sites

So you know what the problem is now, right?

Share this post


Link to post
Share on other sites
On 1/7/2019 at 9:07 PM, requinix said:

So you know what the problem is now, right?

Yes, however, that was not really the issue. Not sure if this is the solution I am looking for, but I changed $row == 1 && password_verify($password, $row['password']) to $row['username'] == $username && password_verify($password, $row['password']. But, thank you.

Share this post


Link to post
Share on other sites
On 1/7/2019 at 3:54 PM, ginerjm said:

My bad.  I do apologize.  I was misreading your code and having a major brain f..... and thought you were doing a prepare followed by a fetch.  Mad bad again... 

To speed things up here, the fetchall function is handy if you need to retrieve ALL of the results in a new array of the row contents which would be a multi-dimensional array.  In your case where I don't think you will need to do that kind of handling and also because you are probably only going to get a single record, you'll want to use the Fetch function to retrieve the one row with the desired user name.

You might want to add some error checking after the query call to be sure you ran successfully and then maybe even a check of the row count to be sure you got a row and only one row.  Assuming things are always going to run smoothly is bad programming practice.

Okay, thank you.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.