Fatal error: Using $this when not in object context in C:\xampp\htdocs\BaseballTuts\include\class.user.php

Question

I'd got a problem when i'm checking if username is available in the table.

In my class.user.php I've got this error:

* Fatal error: Using $this when not in object context in C:\xampp\htdocs\BaseballTuts\include\class.user.php on line 47 *

this how my class.user.php was written:

<?php 
include "db_config.php";

class User{

    public $db;
    public function __construct(){
        $this->db = new mysqli(DB_SERVER, DB_USERNAME, DB_PASSWORD, DB_DATABASE);

        if(mysqli_connect_errno()) {

            echo "Error: Could not connect to database.";

        exit;

        }
    }

    /*** for registration process ***/
    public function reg_user($name,$nickname,$gender,$birthdate,$address,$email,$short_info,$username,$password){


        $password = md5($password);
        $sql="SELECT * FROM `user` WHERE `username`='$username' OR `email`='$email'";

        //checking if the username or email is available in db
        $check =  $this->db->query($sql) ;
        $count_row = $check->num_rows;

        //if the username is not in db then insert to the table
        if ($count_row == 0){
            $sql1="INSERT INTO `user` SET `name`='$name', `nickname`='$nickname', `gender`='$gender', `birthdate`= '$birthdate',  `address`='$address', `email` = '$email', `short_info`= '$short_info', `username` = '$username', `password` = '$password'";
            $result = mysqli_query($this->db,$sql1) or die(mysqli_connect_errno()."Data cannot inserted");
            return $result;
        }
        else { return false;}
    }


    /*** for login process ***/
    public function check_login($emailusername, $password){

        $password = md5($password);
        $sql2="SELECT `user_id` from `user` WHERE `email`='$emailusername' or `username`='$emailusername' and `password`='$password'";

        //checking if the username is available in the table
    *** $result = mysqli_query($this->db,$sql2);***
        $user_data = mysqli_fetch_array($result);
        $count_row = $result->num_rows;

        if ($count_row == 1) {
            // this login var will use for the session thing
            $_SESSION['login'] = true; 
            $_SESSION['id'] = $user_data['user_id'];
            return true;
        }
        else{
            return false;
        }
    }

    /*** for showing the username or fullname ***/
    public function get_fullname($uid){
        $sql3="SELECT fullname FROM users WHERE uid = $uid";
        $result = mysqli_query($this->db,$sql3);
        $user_data = mysqli_fetch_array($result);
        echo $user_data['fullname'];
    }

    /*** starting the session ***/
    public function get_session(){    
        return $_SESSION['login'];
    }

    public function user_logout() {
        $_SESSION['login'] = FALSE;
        session_destroy();
    }

}

?>

and this how i call check_login:

session_start();
include_once 'include/class.user.php';
$user = new User();

if (isset($_REQUEST['submit'])) { 
    extract($_REQUEST);   
    $login = $user->check_login($emailusername, $password);
    if ($login) {
        // Registration Success
       header("location:home.php");
    } else {
        // Registration Failed
        echo 'Wrong username or password';
    }
}

Please use the preview before posting... it's there for a reason! — Niet the Dark Absol, Oct 03 '14 at 10:50
Your code is vulnerable to SQL injection. You should read on [how to prevent them in PHP](http://stackoverflow.com/q/60174/53114). — Gumbo, Oct 03 '14 at 10:52
Random guess: you're calling the method statically, like `User::check_login(..)`. That's not how to do it. — deceze, Oct 03 '14 at 10:53
*** $result = mysqli_query($this->db,$sql2);*** im guessing its this add a / in front and at the back so /* */ — chaos505, Oct 03 '14 at 10:54
From the last post he did, I guess that mysqli_connect is not working, therefore not returning an object, therefore php is telling that it is not referring to an object. — briosheje, Oct 03 '14 at 10:54
sorry but i'm not very good in php actually i'm beginner. i'm not familiar of "SQL injection". @deceze: but how do i do that? — Tardz Bert, Oct 03 '14 at 11:30
@briosheje: id tried reg_user earlier and it work properly i'd register many user but how come mysqli_connect is not working? — Tardz Bert, Oct 03 '14 at 11:31

Wissam El-Kik · Answer 1 · 2014-10-03T11:23:24.733

Call the function like the code below:

$emailusername = '';
$password = '';

$userObj = new User();
$result = $userObj->check_login($emailusername, $password);

If you still have a problem, I would suggest that you modify your code like the one below:

<?php 
include "db_config.php";

class User{

    private $db;

    public function  __construct(){
        $this->connect();
    }

    private function connect($db_connect=true){
        if($db_connect){
            $this->db = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
            if(mysqli_connect_errno()){
                printf("DB Connect failed: %s\n", mysqli_connect_error());
                exit();
            }
        }
    }

    /*** for registration process ***/
    public function reg_user($name,$nickname,$gender,$birthdate,$address,$email,$short_info,$username,$password){
        // Get the MySQLi object
        $db = $this->db;
        if(empty($db)){
            $this->connect();
            $db = $this->db;
        }

        $password = md5($password);
        $sql="SELECT * FROM `user` WHERE `username`='$username' OR `email`='$email'";

        //checking if the username or email is available in db
        $check =  $this->db->query($sql) ;
        $count_row = $check->num_rows;

        //if the username is not in db then insert to the table
        if ($count_row == 0){
            $sql1="INSERT INTO `user` SET `name`='$name', `nickname`='$nickname', `gender`='$gender', `birthdate`= '$birthdate',  `address`='$address', `email` = '$email', `short_info`= '$short_info', `username` = '$username', `password` = '$password'";
            $result = mysqli_query($this->db,$sql1) or die(mysqli_connect_errno()."Data cannot inserted");
            return $result;
        }
        else { return false;}

        mysqli_close($db);
        $this->db = null;
    }


    /*** for login process ***/
    public function check_login($emailusername, $password){
        // Get the MySQLi object
        $db = $this->db;
        if(empty($db)){
            $this->connect();
            $db = $this->db;
        }

        $password = md5($password);
        $sql2="SELECT `user_id` from `user` WHERE `email`='$emailusername' or `username`='$emailusername' and `password`='$password'";

        //checking if the username is available in the table
    *** $result = mysqli_query($this->db,$sql2);***
        $user_data = mysqli_fetch_array($result);
        $count_row = $result->num_rows;

        if ($count_row == 1) {
            // this login var will use for the session thing
            $_SESSION['login'] = true; 
            $_SESSION['id'] = $user_data['user_id'];
            return true;
        }
        else{
            return false;
        }

        mysqli_close($db);
        $this->db = null;
    }

    /*** for showing the username or fullname ***/
    public function get_fullname($uid){
        // Get the MySQLi object
        $db = $this->db;
        if(empty($db)){
            $this->connect();
            $db = $this->db;
        }

        $sql3="SELECT fullname FROM users WHERE uid = $uid";
        $result = mysqli_query($this->db,$sql3);
        $user_data = mysqli_fetch_array($result);
        echo $user_data['fullname'];

        mysqli_close($db);
        $this->db = null;
    }

    /*** starting the session ***/
    public function get_session(){    
        if(session_id() == '') session_start();
        return $_SESSION['login'];
    }

    public function user_logout() {
        if(session_id() == '') session_start();
        $_SESSION['login'] = FALSE;
        session_destroy();
    }

}

?>

First of all, it's better to have private $db, because you're only using this property inside the PHP Class.

Second of all, to avoid having an empty object, you need to check if this object is empty and if it is, you need to connect to the DB and fill that object. Also, you need to close the MySQL connection when you're done and you need to empty the variable.

EDIT 2:

I fixed a small issue in the PHP Session code, because it might throw an error if the Session isn't started.

I also added a flag in the __construct function so that you can call the object without connection to the DB, because the last 2 functions don't need a db call.

Also your code is vulnerable to SQL injection. Read more about this issue: http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php — Wissam El-Kik, Oct 03 '14 at 11:18

Fatal error: Using $this when not in object context in C:\xampp\htdocs\BaseballTuts\include\class.user.php

1 Answers1