I got this login code from Youtube and trying to convert it from Procedural ( I think ) to OOP and running into a problem fetching information. There may be other errors, but I seem to have cleared up everything up to line 27, which I have highlighted. It gives me this, Fatal error: Call to undefined method mysqli_stmt::fetch_assoc() in C:\Apache24\htdocs\WS\includes\login.inc.php on line 27. Any help will be appreciated. Thank you.
<?php
session_start();
if (isset($_POST['submit'])) {
include 'dbh.inc.php';
$uid = $_POST['uid'];
$pwd = $_POST['pwd'];
if (empty($uid) || empty($pwd)) {
header("Location: ../index.php?login=empty");
exit();
} else {
$sql = "SELECT * FROM users WHERE user_uid=? OR user_email=?";
$stmt = $conn->prepare($sql);
$stmt->bind_param("ss", $uid, $uid);
$stmt->execute();
$resultCheck = $stmt->get_result();
// Not sure if this is correct way to see if there were no results. It was a IF <1 snippet
if (!$resultCheck) {
header("Location: ../index.php?login=error");
$stmt->close();
$conn->close();
exit();
} else {
// Line 27 Below
if ($row = $stmt->fetch_assoc()) {
// if ($row = mysqli_fetch_assoc($result)) {
// De-hashing the password
$hashedPwdCheck = password_verify($pwd, $row['user_pwd']);
if ($hashedPwdCheck == false) {
header("Location: ../index.php?login=error");
exit();
} elseif ($hashedPwdCheck == true) {
// Log in the user here
$_SESSION['u_id'] = $row['user_id'];
$_SESSION['u_first'] = $row['user_first'];
$_SESSION['u_last'] = $row['user_last'];
$_SESSION['u_email'] = $row['user_email'];
$_SESSION['u_uid'] = $row['user_uid'];
header("Location: ../index.php?login=success");
exit();
}
}
$stmt->close();
$conn->close();
}
}
} else {
header("Location: ../index.php?login=error");
exit();
}
Thanks everyone for all the feedback. Yes, it WAS Procedural but what you see is me trying to change it to OOP. I had stopped coding back in 2012 and just now decided to take it back up as a hobby. I guess my issue is I have been bouncing all over Youtube watching different videos and everyone codes differently. You mention PDO. Well, I have seen examples of it, but even that seems like one person codes it a little differently from another, so how do I know which person is doing it the RIGHT way?
I have lots of time to learn, as I mentioned this just being a hobby, so if PDO is the way I should go, could someone point me to some decent materials to learn from, so that I don’t take up someone elses bad habits?
A good question.
But not always easy to answer,as a lot of it is opinion and personal preference.
But on the other hand a lot of stuff is either good/best practice or plain wrong.
It can sometimes be hard to make those distinctions.
PDO is the same. It has multiple different ways to bind parameters which leads to confusion and inconsistency. Some people will use both bindValue and bindParam in the same prepared call. But you should only use one of them. mysqli_ on the other hand only has one way of binding parameters.
The first thing I would do is, stop closing the database connection. Let PHP do it by itself. It’s bad practice to open and close the connection every time you want to make a database call. You should open the connection and leave it open so other calls can also use the same connection. PHP will close the connection by default after it gets done executing the file.
The only time I can think of that I might want to explicitly close a connection is when I was connecting to different databases and I was concerned about resource use. eg.
connect to Postgres, get what I need, done
connect to MySQL, get want I need, done
etc.
In practice, I can count on one finger the number of times I’ve done that.
Hello again. I’ve tried the same code above but as PDO, but on line 29, I get the following:
Fatal error: Call to a member function execute() on boolean on:
I am really trying to understand PDO . Any help or advice would be appreciated. I even took some of the advice from above posters and incorporated them into it.
If the database server successfully prepares the statement, PDO::prepare() returns a PDOStatement object. If the database server cannot successfully prepare the statement, PDO::prepare() returns FALSE or emits PDOException (depending on error handling).
In other words, most likely the query fails (can’t be prepared into a valid query) or the connection fails (no resource handle to attach the query to ).
Is your dbh.inc.php correct? Does the query work if you temporarily hard code in known values that should work?
That’s because there’s one variable being passed from form accepting either the username or useremail… making the value $uid. I even removed the email one and just tried username only and got the same error. I am so confused.
Yes, failed connections are one of the more common reasons for getting a boolean false. Knowing that is not the cause of the problem narrows things down and you can change that bit of code back.
My guess is that prepare is putting variables into memory and because they are named the same are causing a problem. Though I think it is a good idea to have the named placeholders have names that help in recognition of what value they’ll get, they don’t have to.
Try changing to this
} else {
$sql = 'SELECT * FROM users WHERE user_uid = :u_uid OR user_email = :e_uid';
$stmt = $pdo->prepare($sql);
$stmt->execute(array(':u_uid' => $uid, ':e_uid' => $uid));
Wow! That was amazing! Changing those two made it work. I appreciate you both for helping.
The final code in that area looks like this now. You can see the changes I made as remarks. I had to change one other thing… the $row = $stmt->fetch() from $row = $stmt->fetchAll(). It works, but I may have taken on a tough hobby. -laughs-