-4

I am getting a fatal error, I tried to find a solution in stackoverflow and other forum but I can't seem to find it.

Error looks like:

Fatal error: Call to a member function query() on string in /home/......./check.php on line 19

class M_login extends CI_Model{
    public function num_of_students($name,$adress){     
        $sql="select * from tbl_admin where name='$name' and address='$address'";       
        $query=$this->db->query($sql);      
        return $query->num_rows();
    }
Santosh Shah
  • 13
  • 5
  • What is the content of `$this->db` ? – Thomas Rollet Nov 21 '17 at 13:48
  • 1
    [Little Bobby](http://bobby-tables.com/) says **[you may be at risk for SQL Injection Attacks](https://stackoverflow.com/q/60174/)**. Learn about [Prepared Statements](https://en.wikipedia.org/wiki/Prepared_statement) with [parameterized queries](https://stackoverflow.com/a/4712113/5827005). I recommend `PDO`, which I [wrote a class for](https://github.com/GrumpyCrouton/GrumpyPDO) to make it extremely easy, clean, and more secure than using non-parameterized queries. Also, [This article](https://phpdelusions.net/pdo/mysqli_comparison) may help you choose between `MySQLi` and `PDO` – GrumpyCrouton Nov 21 '17 at 13:48
  • 2
    **Never store plain text passwords!** Please use **PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html)** (`password_hash()` and `password_verify()`) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). **It is not necessary** to [escape passwords](http://stackoverflow.com/q/36628418/1011527) or use any other cleansing mechanism on them before hashing. Doing so _changes_ the password and causes unnecessary additional coding. – GrumpyCrouton Nov 21 '17 at 13:48
  • @GrumpyCrouton Maybe he hash password before to call function... – Thomas Rollet Nov 21 '17 at 13:49
  • Guys, thanks for comment. But password field was dummy field. I know what should I do in case of password. My question is not about security. – Santosh Shah Nov 21 '17 at 14:44
  • @GrumpyCrouton I wish I could use pdo or mysqli. My website was created 7 years ago and I use mysql database. Now if i change it, I have to change all of my coding specially in model. So I want to keep as it is. – Santosh Shah Nov 21 '17 at 14:48
  • post your entire model pls - i think you overwrite `$this->db` because its a string; What is your CI Version? – Atural Nov 21 '17 at 15:11
  • @SantoshShah I recommend refactoring your code. It will be worth it. – GrumpyCrouton Nov 21 '17 at 16:29

1 Answers1

0
 public function num_of_students($name,$adress){     
    $sql="select * from tbl_admin where name='$name' and address='$address'";       
    $query=$this->db->query($sql)->get();      
    return $query->num_rows();
}

I hope this may help you...Thanks!

Pragna
  • 470
  • 1
  • 3
  • 18