Notice: Trying to get property 'num_rows' of non-object

Question

I'm reworking a login form to PDO based with OOP in mind. And I am running into the error given above. So I have two files one is an login.php and one is an included file called functions.inc.php

The code for the login.php is as follows.

<?php 

include_once("includes/functions.inc.php");

// get username and password from $_POST
if(!empty($_POST)){
    $username = $_POST['email'];
    $password = $_POST['password'];

    // check if a user can login (function)

    if(canilogin($username, $password)){
        session_start();
    $_SESSION['username'] = $username;
        $_SESSION['loggedin'] = true;



        header('Location: index.php');
    }
    else{
        $error = true;
    // if no -> $error tonen
    }

}



?><!DOCTYPE html>
<html lang="en">



<body class="login">
    <div class="grid container_login">
        <div class="login_grid">

            <form class="form_login" action="" method="post">


                <?php if( isset($error) ): ?>
                <div class="form__error">
                    <p>
                        Sorry, we can't log you in with that email address and password. Can you try again?
                    </p>
                </div>
                <?php endif;?>

                <div>
                    <label for="email">EMAIL</label><br/>
                    <input type="text" id="email" name="email" placeholder="Lucasdebelder@snapshot.be" required>
                </div>
                <div>
                    <label for="password">PASSWORD</label><br/>
                    <input type="password" id="password" name="password" placeholder="Atleast 8 characters" required>
                </div>


                <div>
                    <input type="submit" value="LOG IN" class="btn_login">

                </div>

                <p class="center_align">Or</p>
                <br/>
                <a class="center_align" href="register.php">Register here.</a>

            </form>
    </div>
</body>
</html>

 

And the functions.inc.php where the error is happening, to be precise it happens at if($result->num_rows != 1){.

Also the first few lines were the once that worked before but that is done with real escape string to secure against SQL inject but it's kinda a wacky way to do and I decided to try to rework it to PDO.

<?php
function canilogin( $username, $password){

    /* THIS IS THE OLD WAY THAT WORKED/WORKS
    $conn = new mysqli("localhost", "root", "root", "snapshot"); 
    $query = "select * FROM users WHERE email='".$conn->real_escape_string($username). "'";
    $result = $conn->query($query);
    */







    $conn = new PDO('mysql:host=localhost; dbname=snapshot', 'root', 'root');

    //$query = "select * FROM users WHERE email='".$conn->real_escape_string($username). "'";
    $statement = $conn->prepare("select * from users where email = :username");
    $statement->bindValue(':username', $username);
    $statement->execute();
    $result = $statement->execute();

    if($result->num_rows != 1){
        return false;
    }
        $user = $result->fetch_assoc();
        if(password_verify($password, $user['password'])){
            return true;
        }
    else{
        return false;
    } 
}
?>

Answer 1

The reason you are having the issue is that $result is not correct. Once $statement->execute(); is executed it becomes a PDOStatement object.

First of all remove $result = $statement->execute(); and try

 if($statement->rowCount() != 1){
   return false;
  }
 $user = $statement->fetch();
        if(password_verify($password, $user['password'])){
            return true;
        }
    else{
        return false;
    }