0

I wrote thte following piece of code:

<?php

$username = $_POST['user'];
$password = $_POST['pass'];

$db = new PDO ('mysql:host=localhost;dbname=ozdatabase;charset=utf8', 'root', '');
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
$db->setAttribute(PDO::ATTR_ERRMODE, 'ERRMODE_EXCEPTION');

$stmt = $db->prepare("SELECT id, users FROM ozusers WHERE username=? AND password=?");
$stmt->execute(array($username, $password));
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);

$id = $rows['id'];
$user = $rows['users'];

if ($id) {
    print "Logged";
}

else {
    print "not good";
}

?>

This is the HTML Form:

<form id='login' action='login.php' method='post' accept-charset='UTF-8'>
<fieldset >
<LEGEND>COMMUNICATION</LEGEND>
<input type='hidden' name='submitted' id='submitted' value='1' />

<label for='username' >UserName*:</label>
<input type='text' name='user' id='username' maxlength="50" />

<label for='password' >Password*:</label>
<input type='password' name='pass' id='password' maxlength="50">

<input type='submit' name='Submit' value='Submit' />

</fieldset>
</form>

I get an error when trying to login in the page and it's written: "Fatal error: Call to a member function execute() on a non-object in.. On line 15"

Why is this happening? I followed best practice guide and it showed to use the "execute()" function exactly like that..

Thanks

Improve this question
9
  • also post your form code!! Commented Nov 17, 2015 at 12:57
  • It is possible that $db->prepare failed and $stmt value is false. Commented Nov 17, 2015 at 12:59
  • no idea why you had that mysqli tag; removed. Commented Nov 17, 2015 at 13:00
  • betting your form's failing you. the one you didn't include. Commented Nov 17, 2015 at 13:00
  • It is possible that the PDO connection itself is invalid. New PDO object is created and prepare can be called - but prepare fails and returns false. FALSE is not a object so you cannot call false->execute. Doesn't your database require password and username besides root and ''? Commented Nov 17, 2015 at 13:10

3 Answers 3

Reset to default
3

ERRMODE_EXCEPTION is constant wrap off quotes from it

$db->setAttribute(PDO::ATTR_ERRMODE, ERRMODE_EXCEPTION);//Your code fails at this line
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Yeah I think this makes sense. Let's see what the OP has to say about it. Good catch btw.
Your answer is also helpful specially for error reporting and for password protection
Thanks, but I risk being downvoted for it. I'll pass, cheers
0

Wrap your database init in try catch to capture any connection failures.

try {
    $db = new PDO($dsn, $user, $password);
} catch (PDOException $e) {
    echo 'Connection failed: ' . $e->getMessage();
}

Currently the db->prepare() is failing, returning false and therefor not allowing you to call execute on a non object.

Improve this answer

Comments

0 
<?php

    //error_reporting(0);

    $username = $_POST['user'];
    $password = $_POST['pass'];

    // Connecting, selecting database
    $db = new PDO ('mysql:dbhost=localhost;dbname=ozdatabase;charset=utf8', 'root', '');
    $db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
    $db->setAttribute(PDO::ATTR_ERRMODE, ERRMODE_EXCEPTION);

    //first
    $stmt = $db->prepare("SELECT id, users FROM ozusers WHERE username = :username AND password = :password");
    $stmt->execute(array(':username'=>$username, ':password' => $password));
    $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
    foreach($rows AS $r) {
        $id = $r['id'];
        $user = $r['users'];
    }

    if ($id) {
        print "Logged";
    }

    else {
        print "not good";
    }

?>
Improve this answer

5 Comments

Hey thanks for the answer, u have changed the "?" that I inserted to the query. From my understanding "?" is treated as the placeholder and should give me the ability to execute() by passing parameters.
@pwnphpown don't ignore comments under your question.
@pwnphpown Yeah ? is used as placeholder. Named placeholders can be used too like I did in above change.
@pwnphpown: Check for comments made on your question. You will get to know why your query wasn't working. Fred has mentioned something there
@pwnphpown check the updated answer. Confirm that your database name is correct and database / table / rows exist. Double check the provided details

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.