Receiving PHP errors when attempting to connect to database

Question

I am very confused, Not so long ago I was told that i need to hash my passwords which I think I have done, I looked at a separate overflow question found here How to use PHP's password_hash to hash and verify passwords

But sadly I tried adding it to my code and nothing seems to work, Another thing I was told was to add http://php.net/manual/en/mysqli.construct.php Which confused me even more. I feel like none of my code is done correctly, I feel like a complete idiot for not knowing any of this, I am truly sorry. I asked my teacher who did PHP 4 years ago but sadly she had no idea either. I really want to get better at coding but I feel like i dont know any of this. I have really tried my hardest to do it without asking on overflow because I feel like im doing everything wrong :/.

I have tried to do a lot of research on the php website and I've looked everywhere for possible answers on how i am meant to add mysqli_construct. Also apparently I have a chance of getting my code injected. I know this is probably really simple to fix but I am utterly confused by everything,

-Code-

index.php

<?php
   include("database.php");
   session_start();
 
   if($_SERVER["REQUEST_METHOD"] == "POST") {
       
      // Create querystring
       
      $sql = "SELECT id, password FROM admin WHERE username = ?";
 
      // Prepare, bind, execute
       
      $stmt = mysqli_prepare($db,$sql);
      mysqli_stmt_bind_param($stmt, 's', $_POST['username']);
      mysqli_stmt_execute($stmt);
      mysqli_stmt_bind_result($stmt, $user_id, $user_password);
      if (mysqli_stmt_fetch($stmt)) {
          
         // Validate password
          
         if (password_verify($_POST['password'], $user_password)) {
             session_register("username");
             $_SESSION['login_user'] = $username;
 
             header("location: myaccount.php");
            exit;
         } else {
             $error = "Your Login Name or Password is invalid";
         }
      mysqli_stmt_close($stmt);
      } else {
         $error = "Your Login Name or Password is invalid";
      }
   }
?>

database.php

<?php

$host = 'localhost';
$user = '-';
$pass = '-';
$db = 'database';
$mysqli = new mysqli($host,$user,$pass,$db) or die($mysqli->error);

?>

My error log

[15-Jul-2017 05:29:20 America/New_York] PHP Warning:  mysqli_prepare() expects parameter 1 to be mysqli, string given in /home/beaskxxb/public_html/index.php on line 10
[15-Jul-2017 05:29:20 America/New_York] PHP Warning:  mysqli_stmt_bind_param() expects parameter 1 to be mysqli_stmt, null given in /home/beaskxxb/public_html/index.php on line 11
[15-Jul-2017 05:29:20 America/New_York] PHP Warning:  mysqli_stmt_execute() expects parameter 1 to be mysqli_stmt, null given in /home/beaskxxb/public_html/index.php on line 12
[15-Jul-2017 05:29:20 America/New_York] PHP Warning:  mysqli_stmt_bind_result() expects parameter 1 to be mysqli_stmt, null given in /home/beaskxxb/public_html/index.php on line 13
[15-Jul-2017 05:29:20 America/New_York] PHP Warning:  mysqli_stmt_fetch() expects parameter 1 to be mysqli_stmt, null given in /home/beaskxxb/public_html/index.php on line 14

Someone said I need to make a function.php? I looked in depth into this, because apparently i dont have everything defined, I just really want this to work. Because it seems to be going backward, Im sorry I know it isnt that great. But I just want it to work,

Edit: Table structure of admin:

1   username    longtext    latin1_swedish_ci   Yes NULL    Change Change   Drop Drop 
2   password    longtext    latin1_swedish_ci   No  None    Change Change Drop Drop

Thanks

Your `mysqli_prepare($db,$sql);` should be `mysqli_prepare($mysqli,$sql);` as your passing the database name in and not the connection. — Nigel Ren, Jul 15 '17 at 09:35
If you want to use the procedural style of MySQLi, use `mysqli_connect(...)` instead of `new mysqli(...)`. Don't mix the two styles. — PeterMader, Jul 15 '17 at 09:38
Alright! Thanks both of you for helping out, I've changed the style. And I have attempted to connect with `mysqli_prepare($mysqli,$sql);` But I seem to be getting this error_log now? https://pastebin.com/qQpi5Tpq — , Jul 15 '17 at 09:43
`mysqli_prepare` will return false if the SQL is invalid, have you tried this SQL in something like phpmyadmin, or alternatively - post the structure of your admin table. — Nigel Ren, Jul 15 '17 at 09:49
`SELECT * FROM table1 WHERE 1` Is that what you mean? If you wanted to see the code and what exactly happens you can go to beastfox.com/index.php By the way. The SQL shouldn't be invalid for all I know? It should be correct. My Columns are also as listed, `username` and `password` @NigelRen — , Jul 15 '17 at 09:52
I have no idea what your table structure is, it's sometimes easy to make a simple mistake and not know it till someone else looks at it. Can you show the structure of the admin table? (Something like `SHOW CREATE TABLE admin;` should work. — Nigel Ren, Jul 15 '17 at 10:01
Am I meant to find that in phpmyadmin? Is a screenshot of the structure tab what you are requiring to look at? Sorry if im being confusing! — , Jul 15 '17 at 10:04
Try not to use screen shots, cut and past the data into your original question. — Nigel Ren, Jul 15 '17 at 10:06
Alright, Is this what you mean? `1 username longtext latin1_swedish_ci Yes NULL Change Change Drop Drop 2 password longtext latin1_swedish_ci No None Change Change Drop Drop ` — , Jul 15 '17 at 10:09
You don't seem to have a column called ID, your SQL is trying to return it. — Nigel Ren, Jul 15 '17 at 10:11

Nigel Ren · Answer 1 · 2017-07-15T11:10:09.083

1

Firstly - change

$stmt = mysqli_prepare($db,$sql);

to

$stmt = mysqli_prepare($mysqli,$sql);

You were passing the database name and not the connection to the database.

If you do not have a column called id in the table, then you can simply use

$sql = "SELECT password FROM admin WHERE username = ?";

As your just checking the password, that's all you need.

To check that your prepare works OK, change the following lines...

if (!$stmt = mysqli_prepare($mysqli,$sql)) {
    echo "Failed to prepare:".mysqli_error($mysqli);
    return;
}

Edit: After removing the id from the select, you need to change the bind to...

mysqli_stmt_bind_result($stmt, $user_password);

edited Jul 15 '17 at 11:10

answered Jul 15 '17 at 10:16

Nigel Ren

56,122
11
43
55

I think we might be getting some progress, you are correct. I do not have a column called id in the table so i changed that, but I seem to be getting this error now? https://pastebin.com/s6ptug0z – Jul 15 '17 at 10:19
Add the error checking (just added to answer) and see if that gives you any hints as to the problem. – Nigel Ren Jul 15 '17 at 10:25
Is this the code that I am subsequently meant to change? `mysqli_stmt_close($stmt); } else { $error = "Your Login Name or Password is invalid"; }` – Jul 15 '17 at 10:30
No - change the line that has the `mysqli_prepare` on it to the above (the prepare is still in there, but it just puts an error out if there is a problem with the SQL) – Nigel Ren Jul 15 '17 at 10:32
I think we are getting further now! If you even want to try, head over to beastfox.com/index.php and for the username try BeastFox and password as test it returns this error, `Failed to prepare:Table 'beaskxxb_database.admin' doesn't exist` Why does it have.admin at the end of it? – Jul 15 '17 at 10:34
The table name is displayed with databaseName.tableName, so this is using database name `beaskxxb_database`. Check in phpmyadmin what it should be. This then should the value of $db in your database.php script. – Nigel Ren Jul 15 '17 at 10:38
https://imgs.beastfox.com/a9AmNyLVQy.png If you look at my Image, you can see here that it should connect. My $db is this `$db = 'beaskxxb_database';` – Jul 15 '17 at 10:40
Ignore the fact that its not secure, I need to renew my SSL – Jul 15 '17 at 10:40
Your admin table is not in that database, try changing it to `$db='beaskxxb_admin';` – Nigel Ren Jul 15 '17 at 10:42
Hmm @NigelRen now it seems to be saying `Failed to prepare:Table 'beaskxxb_admin.admin' doesn't exist` – Jul 15 '17 at 10:43
Where is your admin table defined on the server? – Nigel Ren Jul 15 '17 at 10:44
It should be defined in beaskxxb_database? – Jul 15 '17 at 10:45
The table you showed was called table1, not admin. Check this table exists and is called admin. – Nigel Ren Jul 15 '17 at 10:56
I do not have a table that exists called admin, Is there a way to rename table1 to admin? Or should I just create a new table with the same features and call **that one** admin. – Jul 15 '17 at 10:58
`RENAME TABLE table1 TO admin;` – Nigel Ren Jul 15 '17 at 10:59
Where exactly do I put that? Sorry Im so stupid, I am just slightly confused on what I am meant to do? – Jul 15 '17 at 11:02
Type it in phpmyadmin, once you've selected `beaskxxb_database`. – Nigel Ren Jul 15 '17 at 11:03
Alright! Thank you so utterly much, I seem to still be getting this error though, `Failed to prepare:Table 'beaskxxb_admin.admin' doesn't exist` – Jul 15 '17 at 11:05
Change your value of $db back to it's original value (`$db = 'beaskxxb_database';`) – Nigel Ren Jul 15 '17 at 11:06
I really hope i'm not annoying you because I dont understand a lot, But my error_log is now displaying this sadly. https://pastebin.com/NRtCeSEt – Jul 15 '17 at 11:08
Change the line `mysqli_stmt_bind_result($stmt, $user_id, $user_password);` to `mysqli_stmt_bind_result($stmt, $user_password);` as the id has been removed. – Nigel Ren Jul 15 '17 at 11:10
I think I was going to change that before! Thank you so much, but I am getting one last error and it looks pretty scary. `[15-Jul-2017 07:12:04 America/New_York] PHP Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 4294967296 bytes) in /home/beaskxxb/public_html/index.php on line 17` – Jul 15 '17 at 11:13
Is your login working OK? This could be a different problem. – Nigel Ren Jul 15 '17 at 11:15
Both username and password dont seem to be returning any errors, You can even try yourself to see what happens if you head over to my webpage and try Username:BeastFox and Password:test (beastfox.com/index.php) – Jul 15 '17 at 11:17
I'm sorry if you seem slightly unsure what to do! Honestly you've managed to help me so much, thanks a billion for all of your effort :)! – Jul 15 '17 at 11:47

Receiving PHP errors when attempting to connect to database

1 Answers1