0

I'm having problems with PDO.

Currently, I'm working on a simple login page, without considering about SQL injection yet, but I cannot find a way to get rid of Notice: Trying to get property of non-object in C:\xampp\htdocs\Penston\process.php on line 60

I have a database which there is an email abc@m.com and password 5555. When I do

SELECT * FROM `users` WHERE `email` = 'abc@m.com' AND `password` = '5555'

it works perfectly fine. But when I change to

SELECT * FROM `users` WHERE `email` = 'abc@m.com' AND `password` = 'wrong'

in order to check how it works when the incorrect password is entered, it gives me

Notice: Trying to get property of non-object in C:\xampp\htdocs\Penston\process.php on line 60

where line 60 is print $result->Password;. I understand that because it has no row in the database that contains the entered user and password, so that it has no object to return. But, how to catch the exception of that? I don't want users to see this unhandled message. I don't understand why catch statement doesn't work.

Thus, if I want to handle this and show the message that incorrect username/password when the entered username and password is not found, what should I do?

Here is the code,

try {
    $conn = new PDO("mysql:host=$SQL_servername;dbname=penston;", $SQL_username, $SQL_password);
    $conn -> setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    $stmt = $conn->prepare("SELECT * FROM `users` WHERE `email` = 'abc@m.com' AND `password` = '5555'");
    $temp = $stmt->execute();
    $result = $stmt->fetch(PDO::FETCH_OBJ);
    print $result->Password;
} catch (PDOException $e) {
    echo "Error: " . $e->getMessage();
}

This might be an easy question but I am really new to PDO, so please help me.

Thanks.

Edit 1: I forgot to tell that the clear password is just for testing, I have the encrypted password but I just want to test so I use explicit password like this.

Thammarith
  • 662
  • 5
  • 19
  • do not do it like this. It implies pwd saved in the clear. Check out password_verify and [this answer](http://stackoverflow.com/a/32556010) – Drew Nov 19 '15 at 08:17
  • unique key on email. So only 1 row allowed per email addr. You do not say does this password equal the one that is stored in clear text. You verify against a hash – Drew Nov 19 '15 at 08:18
  • I forgot to tell that the clear password is just for testing, I have the encrypted password but I just want to test so I use explicit password like this. – Thammarith Nov 19 '15 at 08:21
  • for mysqli, check it out [over here](http://stackoverflow.com/a/33665819) – Drew Nov 19 '15 at 08:21
  • cuz your result set is null, and you vector into it – Drew Nov 19 '15 at 08:22
  • check if the `$result` is an single object or an array of objects or is your `$result` null i.e empty. Just do `var_dump($result)` you will know it. – Sourabh Kumar Sharma Nov 19 '15 at 08:23
  • http://stackoverflow.com/a/13478250/1816093 – Drew Nov 19 '15 at 08:23
  • When the password is "wrong" there is no row to return, the call to fetch will return `false` and obviously $result won't be an object with the "Password" field set. So what is happening is pretty normal, your test isn't. – mishu Nov 19 '15 at 08:24
  • and it is faulty programming regardless of it just being a test. Money down on the schema is wrong. Don't put yourself thru this :) – Drew Nov 19 '15 at 08:27

0 Answers0