1

here is my code which I pass two variables from android studio to php. xampp has both apache and MySQL running on the default ports. my aim is to compare variables got from android studio with ones in the database table; but i get an error that says:

Uncaught Error: Call to a member function bindParam() on boolean in C:\xampp\htdocs\digikala\index.php:10 Stack trace: #0 {main} thrown in C:\xampp\htdocs\digikala\index.php on line 10.

I should also mention windows 10 pro is running on my system. could any of you guys could help me get over this problem? thanks in advance. here is my connect.php code:

<?php

function OpenCon()
 {
 $dbhost = "localhost";
 $dbuser = "root";
 $dbpass = "";
 $db = "digikala";


 $conn = new mysqli($dbhost, $dbuser, $dbpass,$db) or die("Connect failed: %s\n". $conn -> error);


 return $conn;
 }

function CloseCon($conn)
 {
 $conn -> close();
 }

?>

and this is my main code which error belong to. if I remove bindParam and put $email and $pass directly in sql code the same error happens for line contains $result->execute():

 <?php
    error_reporting(E_ALL);
    ini_set('display_errors', 1);
    include "connect.php";
    $email=$_POST["user"];
    $pass =$_POST["pass"];
    $conn = OpenCon();
    $query = 'SELECT * FROM member WHERE email=:email AND pass=:pass';
    $result= $conn->prepare($query);
    $result->bindParam(':email',$email);
    $result->bindParam(':pass',$pass);
    $result->execute();
    $row = $result->fetch(PDO::FETCH_ASSOC);
    if ($row == false ){
        echo("not existed!");

    }else{
        echo("welcome" . $email);
    }
    CloseCon($conn);
    ?>
Hossein Abarghooei
  • 11
  • 3
  • 1
    You are mixing `mysqli` with `pdo`. Change the `OpenCon()` or change all usages in the code. – chris85 Nov 06 '17 at 20:32
  • A separate issue is your unhashed passwords. Please don't store plain text passwords. – chris85 Nov 06 '17 at 20:34
  • where should I apply change? – Hossein Abarghooei Nov 06 '17 at 20:35
  • Use `mysqli` or `pdo` you can't use `pdo` functions on a `mysqli` connection; and vice versa. – chris85 Nov 06 '17 at 20:35
  • @HosseinAbarghooei Check out [my PDO class](https://github.com/GrumpyCrouton/GrumpyPDO), where all the work is done for you. – GrumpyCrouton Nov 06 '17 at 20:36
  • **Never store plain text passwords!** Please use ***PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html)*** to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). ***It is not necessary to [escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. – Jay Blanchard Nov 06 '17 at 20:36
  • [This may help](http://php.net/manual/en/pdo.connections.php). You are opening a connection using a `mysqli` function, however your `$query` creation logic is using PDO. Change the way you open your connection to use `PDO` and you should be good to go (with the exception of your unhashed passwords... yikes.) – JNevill Nov 06 '17 at 20:39
  • if i omit OpenCon() a new error happens: Undefined variable: conn in C:\xampp\htdocs\digikala\index.php on line 8 – Hossein Abarghooei Nov 06 '17 at 20:41
  • Don't omit openCon(). Change the function OpenCon() to use PDO login, not msqli login. – JNevill Nov 06 '17 at 20:45

0 Answers0