PHP throws fatal error on preparing SQL statement

Question

In my PHP application, I want the user to be able to login with email, username and number recorded in the database. Yet, I

init.php

<?php
$server = 'localhost';
$username = 'default';
$password = 'xxxx';
$database = 'default';

try{
   $conn = new PDO("mysql:host=$server;dbname=$database;", $username, $password);
} catch(PDOException $e){
   die( "Connection failed: " . $e->getMessage());
}

login.php

<?php
session_start();
if(isset($_SESSION['user_name'])!='') {
header('Location: index.php');
}
include_once 'init.php';
//check if form is submitted
if (isset($_POST['login'])) {
$email = $_POST['email'];
$password = $_POST['password'];
$records = $conn->prepare('SELECT username,email,number,password FROM users WHERE username = :login OR email = :login OR number = :login');
$records->bindParam(':login', $email);
$records->execute();
$results = $records->fetch(PDO::FETCH_ASSOC);

$message = '';

if(count($results) > 0 && password_verify($password, $results['password']) ){

$gome = $results['username'];$_SESSION['user_name'] = $gome;
$CookieExpire = 1000;
$time = 100 * 70 * 48 * 86400;
$time = time() + $time;
setcookie('username', '$gome', '$time');
setcookie('password', '$password', '$time');header("Location: /");

} else {
$message = 'Sorry, those credentials do not match';
}

}

?>

In returns i get this error: Fatal error: Call to a member function prepare() on a non-object in /var/www/u0377863/public_html/xx.com/dom/login.php on line 11:

    $records = $conn->prepare('SELECT username,email,number,password FROM users WHERE username = :login OR email = :login OR number = :login');

Side note: you should learn to indent your code. As it is now it is illegible... — dda, Dec 25 '17 at 17:07
It is probably something wrong wiith that SELECT. But only you can know, — halojoy, Dec 25 '17 at 17:10

score -2 · Answer 1 · answered Dec 25 '17 at 17:20

Try this code

<?php

session_start();

if(isset($_SESSION['user_name'])!='') {
 header('Location: index.php');
}

include_once 'init.php';

//check if form is submitted
if (isset($_POST['login'])) {
 $email = $_POST['email'];
 $password = $_POST['password'];
 $records = $conn->prepare("SELECT username,email,number,password FROM users WHERE ( username='$email' OR email = '$email' OR number = '$email')");
 $records->execute();
 $results = $records->fetch(PDO::FETCH_ASSOC);

 $message = '';

 if(count($results) > 0 && password_verify($password, $results['password']) ){

  $gome = $results['username'];$_SESSION['user_name'] = $gome;
  $CookieExpire = 1000;
  $time = 100 * 70 * 48 * 86400;
  $time = time() + $time;
  setcookie('username', '$gome', '$time');
  setcookie('password', '$password', '$time');header("Location: /");

 } else {
  $message = 'Sorry, those credentials do not match';
 }

}

?>

i tried your code but it still unresolve does it mean this error can not be sort out? Or is there any other method for this? — hotway, Dec 25 '17 at 17:35

score -2 · Answer 2 · answered Dec 25 '17 at 17:50

-2

1) try to move your init.php code to login.php to make sure that it loads as expected.

2) Try to declare global variable $conn (global $conn;) before "new PDO.." to check if that is a scope issue.

3) If previous two steps do not shed the light on the problem please check if pdo is loaded (you may use functions listed at https://stackoverflow.com/a/6113469/1277044 to check it)

answered Dec 25 '17 at 17:50

AlexHalkin

1,088
14
33

Suggestion from @m-stange below should work as well since you do not have any functions defined. – AlexHalkin Dec 25 '17 at 17:51
Ok, suppose it was you who upvoted his answer – Your Common Sense Dec 25 '17 at 17:55
so can you help him or are you just mastering your downvoting experience? – AlexHalkin Dec 25 '17 at 18:00

score -3 · Answer 3 · answered Dec 25 '17 at 17:48

-3

It is the scope of your variable.

try{
   $conn = new PDO("mysql:host=$server;dbname=$database;", $username, $password);
} catch(PDOException $e){
   die( "Connection failed: " . $e->getMessage());
}

should be

$conn = null;    
try{
   $conn = new PDO("mysql:host=$server;dbname=$database;", $username, $password);
} catch(PDOException $e){
   die( "Connection failed: " . $e->getMessage());
}

Your $conn is declared inside the try block, so it is not visible outside. By initializing it outside, it will be visible everywhere.

answered Dec 25 '17 at 17:48

M Stange

5
4

Do not answer if you don't know the language. What you said is a complete rubbish. – Your Common Sense Dec 25 '17 at 17:54
I do know the language. Though this is the simplest solution, it is definitely not the best. And it directly answers his question about the Error, not about what else he is doing with the rest of his code. – M Stange Dec 25 '17 at 18:01
2

There is no block scope in PHP. Any variable declaration in try-catch is visible outside of it. – Charlotte Dunois Dec 25 '17 at 18:09
Your right Charlotte, my apologies for this. I'm in the habit of following block scopes even in stuff that isn't, that I do forget many times in languages that aren't. – M Stange Dec 26 '17 at 12:44

PHP throws fatal error on preparing SQL statement

3 Answers3