0

I get this error above, My code is as below. Anything wrong with my code? tq. I'm not sure if it has something to do with changing to a different version of PHP.

<?php
    
    if (!isset($_SESSION['id']))
    {
        header("Location: error104.php");
        die();
    }
    $reclimit=3;
    if(isset($_GET['page'])){
    $page=$_GET['page'];}
    else
    {
    $page=1;
    }
    $start=(($page-1)*$reclimit);
    $advert = "SELECT * FROM useriklan AS ua INNER JOIN users AS u ON  ua.id=u.id
    WHERE u.id='".$id."'";
    $result=$conn->query($advert);
    $total=$result->num_rows;
    $tpages=ceil($total/$reclimit);
    //pagination script ends here
    $advert = "SELECT * FROM useriklan AS ua INNER JOIN users AS u ON  ua.id=u.id
    WHERE u.id='".$id."' ORDER BY dateua DESC LIMIT $start,$reclimit";
    //$statement = $conn->query($advert);
    $statement = $conn->prepare($advert);
    $statement->execute();
    $result = $statement->get_result(); 
    ?>
Linda May
  • 87
  • 1
  • 2
  • 15
  • In one of your sql strings, the table is named `useriklan` and the other is `useraiklan`. Is one of them wrong? – yaakov Jul 06 '21 at 04:30
  • oh, ok. I already changed it but I still get the same error. thank you by the way for noticing it. Both are now useriklan. – Linda May Jul 06 '21 at 04:32
  • Try `var_dump`ing the value of `$statement`. If preparing the statement doesn't work, then the value will be set to false (hence the boolean) https://www.php.net/manual/en/mysqli.prepare.php – yaakov Jul 06 '21 at 04:34
  • Does this answer your question? [Call to a member function execute() on boolean in](https://stackoverflow.com/questions/35132451/call-to-a-member-function-execute-on-boolean-in) – Tangentially Perpendicular Jul 06 '21 at 07:21

1 Answers1

1

There's a lot to unpack in your code, especially when it comes to security, parameters etc.

Debugging

First of all when you're using mysqli and you're debugging, you should add the error flags as follows at the top of your file.

mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);

This will give you useful info to understand what's wrong with your statements.

Prepared statements

The beauty of prepared statements (the prepare method you use your in query) is that they take care of adding your parameters in a safe way, protecting you from sql injection among other things.

So you should use bind_param to add your variables (e.g. $id). For example in your first query

$advert = "SELECT * FROM useriklan AS ua INNER JOIN users AS u ON  ua.id=u.id
    WHERE u.id= ?";
$statement = $conn->prepare($advert);
$statement->bind_param('s', $id);

In case $id is a number (integer), you can be more strict and use the i' type instead of s as follows.

$statement->bind_param('i', $id);

You can do the same on the second query

$advert = "SELECT * FROM useriklan AS ua INNER JOIN users AS u ON  ua.id=u.id WHERE u.id= ? ORDER BY dateua DESC LIMIT ?,?";
$statement = $conn->prepare($advert);
$statement->bind_param('iii', $id, $start, $reclimit);

Missing $id definition

The variable $id is nowhere to be found in your code. I assume you meant $_SESSION['id'] so you can do something like

$id = $_SESSION['id']
Andrea Olivato
  • 2,450
  • 1
  • 18
  • 30