PHP error: Call to a member function rowCount() on a non-object

后端 未结 3 1688
栀梦
栀梦 2021-01-16 20:20

I\'m working on web app that require a login page, everything work fine but i noticed that when a user try to connect and his password contain caracter he can\'t and an ugly

相关标签:
3条回答
  • 2021-01-16 20:39

    The query() function returned something that is not an object.

    You should always check for errors.

    $res = $idconnex->query($req);
    if ( ! $res) {
        echo 'This is not an object:<br>';
        var_dump($res);
        die;
    }
    

    You should also always read the manual when you run into problems:

    Return Values

    PDO::query() returns a PDOStatement object, or FALSE on failure.

    0 讨论(0)
  • 2021-01-16 20:51

    It's not safe to pass parameters to a query like the way you did. The problem you encountered might be caused by some unsafe characters. You might need to escape it.

    Your implementation is wide open to SQL Injection. Use prepared statement instead. It's safer and will save you from problems such as this.

    And one more thing, I notice that you are trying to search $_GET['password'] inside your database directly. Where I can conclude that you store the password inside your database without any hashing or encryption. You might want to reconsider that.

    0 讨论(0)
  • 2021-01-16 20:58

    We're more than likely dealing with strings here, so the variables in your values need to be quoted.

    WHERE ens_cin='$login' AND ens_pass='$password'";
    

    Plus, just using PDO on its own, doesn't mean you're safe against SQL injection.

    • Use PDO with prepared statements.

    An insight:

    Make sure that you are indeed connecting through PDO and not mysqli_. I see these types of questions often.

    If that is the case, those different MySQL APIs do not intermix with each other.

    Now this:

    $password=$_GET["password"];
    

    Passing a password through a GET isn't safe neither; you don't know who may be "listening in". You should be using POST. I hope also that you are using a hash and not plain text for password storage.

    Sidenote: Make sure you're indeed using GET and not mixed up with POST, should this be coming from an HTML form.


    "but no error appear"

    You are probably not checking for errors.

    Add $idconnex->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); right after the connection is opened.

    Add error reporting to the top of your file(s) which will help find errors.

    <?php 
    error_reporting(E_ALL);
    ini_set('display_errors', 1);
    
    // rest of your code
    

    Sidenote: Error reporting should only be done in staging, and never production.

    0 讨论(0)
提交回复
热议问题