php null values on bind_result

Question

I have this PHP file stored i a server. It creates a new user for the DB. The registration is success but the response message is always NULL.

Here is my register.php file where i post the values

 <?php

require_once 'DB_Functions.php';
$db = new DB_Functions();

// json response array
$response = array("error" => FALSE);

if (($_POST['name']) && ($_POST['surname']) && ($_POST['email']) && ($_POST['password']) && ($_POST['telephone'] && ($_POST['country']) ) ) 
{ 
    // receiving the post params
    $name = $_POST['name'];
    $surname = $_POST['surname'];
    $email = $_POST['email'];
    $password = $_POST['password'];
    $telephone = $_POST['telephone'];
    $country = $_POST['country'];

    // check if user is already existed with the same email
    if ($db->isOwnerExisted($email)) {
        // user already existed
        $response["error"] = TRUE;
        $response["error_msg"] = "User already exists with " . $email;
        echo json_encode($response);
    } else {
        // create a new user
        $user = $db->storeOwner($name, $surname, $email, $password, $telephone, $country);        
        if ($user) {
            // user stored successfully           
            $response["error"] = FALSE;
            $response["oid"] = $user["oid"];
            $response["user"]["name"] = $user["name"];
            $response["user"]["surname"] = $user["surname"];
            $response["user"]["country"] = $user["country"];
            $response["user"]["email"] = $user["email"];
            $response["user"]["password"] = $user["password"];
            $response["user"]["telephone"] = $user["telephone"];

            echo json_encode($response);
        } else {
            // user failed to store
            $response["error"] = TRUE;
            $response["error_msg"] = "Unknown error occurred in registration!";
            echo json_encode($response);
        }
    }
} else {
    $response["error"] = TRUE;
    $response["error_msg"] = "Required parameters are missing!";
    echo json_encode($response);
}
?>

And the storeOwner function

public function storeOwner($name, $surname, $email, $password, $telephone, $country) {
    $hash = $this->hashSSHA($password);
    $encrypted_password = $hash["encrypted"]; // encrypted password
    $salt = $hash["salt"]; // salt
    $stmt = $this->conn->prepare("INSERT INTO owner (oid, name, surname, country, email, password, salt, telephone) VALUES(?, ?, ?, ?, ?, ?, ?, ?)");
    $stmt->bind_param("isssssss", $oid, $name, $surname, $country, $email, $encrypted_password, $salt, $telephone);
    $result = $stmt->execute();
    $stmt->close();

    // check for successful store
    if ($result) {
        $stmt = $this->conn->prepare("SELECT * FROM owner WHERE email = ?");
        $stmt->bind_param("s", $email);
        $stmt->execute();
        $user = $stmt->bind_result($user['oid'], $user['name'], $user['surname'], $user['country'], $user['email'], $user['password'], $user['salt'], $user['telephone']);
        while ($stmt->fetch()) {
                //printf("%s %s\n", $email, $password);
        }
        $stmt->close();

        return $user;
    } else {
        return false;
    }
}

The output is something like

{"error":false,"uid":null,"user":{"name":null,"surname":null,"country":null,"email":null,"password":null,"telephone":null}}

Why is every field null?

Where does `$oid` get defined? `$user = $stmt->bind_result(...)` will set `$user` to `true` or `false` (since that method returns a boolean). — M. Eriksson, May 17 '17 at 23:45
the $oid is an auto increment value in the DB, i am not defining it — Kzaf, May 17 '17 at 23:47
Then remove it from the query all together. The database will take care of it all by itself. Is it is right now, you're actually trying to set `oid` to an undefined variable. — M. Eriksson, May 17 '17 at 23:48
ok, i did. But i dont think that this is the problem, right? — Kzaf, May 17 '17 at 23:51
You should also check your log file for errors. Have you checked that the record actually gets created? A suggestion would also be to catch any potential errors when you're making your queries so you can handle them correctly. You should also look into `password_hash()` and `password_verify()` when you're hashing passwords, since thats's the recommended way to do it. — M. Eriksson, May 17 '17 at 23:51
I am developing the php in a webserver, i cannot use debugger or logcat there. I need this for an android app where i get the result (response) and there i saw that the values are null — Kzaf, May 17 '17 at 23:54
I dont even know how to use debug or log files in php, i just copy paste this piece of code to use it in my app, and then i face this problem — Kzaf, May 17 '17 at 23:56
Yes, the record is created, everything works ok but the response values are always null — Kzaf, May 17 '17 at 23:59
I would start with removing the `$user = ` from `$user = $stmt->bind_result(...)`. And before that row, add `$user = []`. [Here's how to display all errors and warnings](http://stackoverflow.com/questions/5438060/showing-all-errors-and-warnings) and where the error logs are depends on your setup. Apache on Ubuntu stores them in `/var/log/apache2/error.log`. — M. Eriksson, May 18 '17 at 00:00
Thanks a lot Magnus, this is what i am missing. It is working now. You can post it as an answer so i can accept it — Kzaf, May 18 '17 at 00:04
**WARNING**: Writing your own access control layer is not easy and there are many opportunities to get it severely wrong. Please, do not write your own authentication system when any modern [development framework](http://codegeekz.com/best-php-frameworks-for-developers/) like [Laravel](http://laravel.com/) comes with a robust [authentication system](https://laravel.com/docs/5.4/authentication) built-in. At the absolute least follow [recommended security best practices](http://www.phptherightway.com/#security) and **never store passwords with a uselessly weak hash like SHA1 or MD5**. — tadman, May 18 '17 at 00:09

M. Eriksson · Accepted Answer · 2017-05-18T06:38:56.027

When you're fetching the user, you're currently overwriting the bound results with the response from that method:

$user = $stmt->bind_result($user['oid'], ...);

The method $stmt->bind_result() returns a boolean (true on success and false on error). So your code first sets the values and when that's done, it overwrites them with the result from the method (the boolean).

It should be:

$user = []; // You should create the array before using it.
$stmt->bind_result($user['oid'], ...);

php null values on bind_result

1 Answers1