0

Working on echoing the users questions out so far I can insert the values and this is working thru the php admin but its not working thru , the form on the users profile page?

The error says ,"Call to a member function query() on a non-object in profile.php on line 82" The php code on this line is as follows

   $query1=$db->query("SELECT id,title,question,username FROM  QnA WHERE username='$dbusername'");

The rest of profile.php is below

   <?php 
     session_start();
     $dusername=$_GET['username'];
    if (isset($dusername)){
        require('connect.php');

        $userquery =$db->query("SELECT id,firstname,username,lastname,email FROM users WHERE username = '".$dusername."'");
                while ($row =$userquery->fetch()){
                        $id=$row["id"];
                        $dbusername =$row["username"];
                        $dfirstname = $row["firstname"];
                        $demail =$row["email"];
                        $dlastname =$row["lastname"];

                        }

    }

 ?>
  <html>
   <head><title><?php  echo $dfirstname;?></title>
    <link rel="stylesheet" href="stylesheets/profile.css" type="text/css">
 </head>
 <body>
    <div id="container">

<?php
echo'
 <div id="qform"><center>
  <form action="ask.php" method="post">
   <b>Title</b>
   <br/>
   <input type ="text" name="title"/>
   <br/>
   <b>Question</b>
   <br/>
   <textarea name="question"></textarea>
   <br/>
   <b>This is to make sure your not a robot  2+2=</b>
   <input type="text" name="plus"/>
   <br/>
   <input type="submit" value="Submit"name="submit"/> 
   </form></center>
   </div>
    ';
?>  
<div id="questions">
 <?php 

   $query1=$db->query("SELECT id,title,question,username FROM  QnA WHERE username='$dbusername'");
  //$query2=$db->query("SELECT * FROM answers");

   while($asked=$query1->fetch()){
    if($asked['username']==$dbusername){
     echo '<div class="asked"><b>Title</b><br/><b> ',$asked['title'],'</b>   <hr/><br/><b>Question</b><br/><b>',$asked['question'],'</b></div><br/><br/>';

   }
     else if(!$asked['username']==$dbusername){
          error_reporting(E_ALL);
    echo 'No questions have been asked';
        }

 }
     ?>
 </div>
 </div>
 </center>
 </body>
</html>

The form is in the profile.php the action for the form is in a separate file named ask.php which is below.

   <?php

   //form action below
   require('profile.php');
   session_start();
   require('connect.php');
   $plus=$_POST['plus'];
   $title=$_POST['title'];
   $question=$_POST['question'];
   $dusername=$_SESSION['username'];
         if(isset($_POST['submit'])){
          if(!empty($_POST['title']) && !empty($_POST['question'])&& $plus==4){
              $query="INSERT INTO `QnA` (id,title,question,username) VALUES (?,?,?,?)";
              $query=$db->prepare($query);
              $query->execute(array(' ',$title,$question,$dusername));
                echo'succes';
                header("Location: profile.php");
            }
         else{
             error_reporting(E_ALL);
             echo " Fill in all Slots or you gave the wrong answer to the security question";
            }
         }

?>
ChristLovesme97
  • 31
  • 7

4 Answers4

1

The below code is not returning True at all :

if(isset($_POST['username'])){

that's why it is going in else statement.

You are using isset function for username field, but you should check for Submit button. Try replacing following lines :

<input type="submit" value="Log In" />

to 

<input type="submit" value="Log In" name="submitbtn" />

AND

if(isset($_POST['username'])){

to

if(isset($_POST['submitbtn'])){

It should work then :)

Deepak
  • 93
  • 1
  • 6
0

You have error in you query add space between ANDpassword=', maybe this should work 

$query="SELECT  * FROM  users WHERE username='".$username."' AND password='".$password."' LIMIT 1" ;

to debug you error try 

$res =  mysql_query($query) or die(mysql_error());

Take note this query is vulnerable in SQL Injection, maybe you should try using mysqli or PDO for security purposes.

How can I prevent SQL injection in PHP?

Community
  • 1
  • 1
ryvasquez
  • 158
  • 8
0

Try this :

<form action="login.php" method="post" >
<table>
 <tr>
   <td>Username: </td><td><input type="text" name="username" /></td>
 </tr>
 <tr>
    <td>Password: </td><td><input type="password" name="password" id ="password"/></td>
 </tr>
 </table>
   <input type="submit" value="Log In" /> &nbsp;  &nbsp; &nbsp; &nbsp;
   <input type="button" value="Register" onClick="location.href='register.php'" />
</form>

</body>
</html>
<?php


require('connect.php');
session_start();
 if ($_SESSION['username'])
{
header("Location: home.php");
 }
else{
if(isset($_POST['username'])){
 require('connect.php');


 //According to user's input

  $username=$_POST['username'];
  $password=$_POST['password'];
  $query="SELECT  * FROM  users WHERE username='".$username."'AND password='".$password."'";

 $res =  mysql_query($query);

 //check username and password for match
 if (mysql_num_rows($res) > 0){

 //Sets username to the comment session so no username has to be input


$_SESSION['username']=$username;

// jumps to secure page 

 header ("Location: home.php");

}
Debug Diva
  • 26,058
  • 13
  • 70
  • 123
0

As above mentioned you are getting 0 rows values, there may be space or some thing else in you query so do below.

echo this query 

SELECT  * FROM  users WHERE username='".$username."' AND password='".$password."'

and execute this query manually in database and see what is happening with this query. And correct your query accordingly.

Altmish-E-Azam
  • 1,561
  • 1
  • 13
  • 24