0

I searched already, but nothing, that I found helped me with my code:

function getData($con, $table) {
    $stmt = $con->query('SELECT * FROM ' . $table);
    return $stmt->fetchAll(PDO::FETCH_ASSOC);
}

function getDataByUsername($con, $table, $username) {
    $stmt = $con->query('SELECT * FROM ' . $table . ' WHERE `username` = "' .     $username . '";');
    return $stmt->fetchAll(PDO::FETCH_ASSOC);
}

The getData function works just fine, but when I use getDataByUsername I get this error:

Fatal error: Call to a member function fetchAll() on a non-object in     /home/moe/www/status/inc/functions.php on line 12

Line 12 is this one:

return $stmt->fetchAll(PDO::FETCH_ASSOC);

Thanks for your help, moro

ovmcit5eoivc4
  • 163
  • 4
  • 13
  • 2
    Hello and welcome to StackOverflow. The error message is telling you exactly what's going on: `$stmt` is not an object. Since that is the return value of `query()`, you should consult the documentation to see when the return value is not an object. It turns out that when the query causes an error the return value is `false`. This means that your query is wrong, which at a glance happens because you are using double instead of single quotes to wrap `$username`. – Jon Mar 29 '13 at 20:07
  • In the future, please try to follow such steps or googling the error message before asking a question. Additionally, you should learn about how to use prepared statements and bound parameters in order to make your code [resistant to malicious hacking attempts](http://stackoverflow.com/questions/60174/how-to-prevent-sql-injection-in-php) (your current code looks vulnerable). – Jon Mar 29 '13 at 20:09

3 Answers3

1

Since it is , why not bind variables?

function getDataByUsername($con, $table, $username) {
    $stmt = $con->prepare('SELECT * FROM ' . $table . ' WHERE `username` = ?');
    $stmt->execute( array($username) );
    return $stmt->fetchAll(PDO::FETCH_ASSOC);
}
hjpotter92
  • 78,589
  • 36
  • 144
  • 183
0

Change

$con->query('SELECT * FROM ' . $table . ' WHERE `username` = "' .     $username . '";');

To

$con->query("SELECT * FROM `" . $table . "` WHERE `username` = `" .     $username . `";");

The extra character is called the "tick", which can be found above the TAB key.

Better:

$con->query("SELECT * FROM {$table} WHERE `username` = {$username};");

Didn't test that last, but you can use variables inline in this way.

Of course mind the remarks made by @Jon.

Daniel
  • 4,816
  • 3
  • 27
  • 31
  • 1
    No, that's wrong. If `$username` is the string `username` then your query will be `WHERE username = username`, which doesn't do anything. – Michael Mar 29 '13 at 20:19
  • hmm .. interesting. I'll keep that in mind. In the meantime I tested that I don't need the ticks on that last query. Does, in your experience, prevent that problem you mention? – Daniel Mar 29 '13 at 20:35
  • 2
    You only need ticks if the table/column name is a reserved word or if you want to use special characters. – Michael Mar 29 '13 at 20:39
  • Thanks, that is an interesting fact. – Daniel Mar 29 '13 at 21:37
-2

the problem is : the character ; delete it, it's the solution

like :

$stmt = $con->query('SELECT * FROM ' . $table . ' WHERE `username` = "' .     $username . '"');
Wiz
  • 13
  • 4