0

i want to create a login system but unfortunately this error appear:

Call to a member function fetchColumn() on a non-object in error

please anyone can help me because this is the first a post in this forum...

<form action="login_controller.php" method="POST">
        <span class="user_label">Username: </span>
        <input class="username" type="text" name="username"><p>
        <span class="pass_label">Password: </span>
        <input class="password" type="password" name="password"><p>
        <input class="submit" type="submit" name="submit" value="Login">
</form>

<?php
    require_once 'config/config.php';

if (isset($_POST['submit']) && $_POST['submit'] == 'Login') {

    $username = $_POST['username'];
    $password = $_POST['password'];

    if (!empty($username) && !empty($password)) {


        $users_count = $pdo->query("SELECT COUNT(username) 
                                    FROM users
                                    WHERE username = {$username}");
        $count_all = $users_count->fetchColumn();

        print_r($count_all);

    }

    else {
        header('Location: login.php');
    }

}
mohdadawe
  • 25
  • 1
  • 4

6 Answers6

1

You need to add quotes in your SQL, around {$username}:

SELECT COUNT(username)
FROM users
WHERE username = '{$username}'

Because you had an error in your SQL, you got a FALSE return.

You should always check for SQL errors. You can do this as follows:

$users_count = $pdo->query("SELECT COUNT(username) 
                            FROM users
                            WHERE username = '{$username}'");
if ($users_count == false) {
    print_r($pdo->errorInfo());
    exit();
}

This will give you the error information when something goes wrong.

Finally, please note that injecting strings in SQL makes you vulnerable for SQL injection. Instead you should prepare your statements and user parameters:

$stmt = $pdo->prepare("SELECT COUNT(username)
                       FROM users
                       WHERE username = ?");
if (!$stmt->execute($username)) {
    print_r($pdo->errorInfo());
    exit();
}
$count_all = $stmt->fetchColumn();
trincot
  • 317,000
  • 35
  • 244
  • 286
1

You're missing quotes around {$username} in the SQL. But it would be better to use a prepared query.

$stmt = $pdo->prepare("SELECT COUNT(username) FROM users
                       WHERE username = :username");
$stmt->bindParam(':username', $username);
if ($stmt->execute()) {
    $count_all = $stmt->fetchColumn();
} else {
    $count_all = null;
}
Barmar
  • 741,623
  • 53
  • 500
  • 612
0

Check what your $users_count contains. It's not object (NULL or false may be, because username is not found in db).

Your error means NULL->fetchColumn()

Justinas
  • 41,402
  • 5
  • 66
  • 96
0

Your $users_count is probably null, that is why you are receiving this error.

shafeen
  • 2,431
  • 18
  • 23
0

use : 

   $users_count = $pdo->query("SELECT COUNT(username) 
                                            FROM users
                                            WHERE username = {$username}");
        if($users_count){
            $count_all = $users_count->fetchColumn();
        }
    else{
        $count_all = null)
    }

to avoid this kind of error

CodeIsLife
  • 1,205
  • 8
  • 14
0

As other users suggested, your $users_count variable is probably set to Null, which means you have an error in your SQL query. To enable error logging, you can add this line of code to your PDO connection :

$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

This way you will be able to see exactly which error you get and then debug accordingly.

Hope this helps!

RaphBlanchet
  • 575
  • 6
  • 23