I can't Login to my index.php

Jacob1 · July 9, 2023, 6:04pm

Website URL

(https://dogecoinminningapp.great-site.net/EarnMoney/index.php)

Error Message

Fatal error : Uncaught Error: Call to a member function fetch_assoc() on bool in /home/vol1000_8/infinityfree.com/if0_34532282/htdocs/EarnMoney/index.php:10 Stack trace: #0 {main} thrown in /home/vol1000_8/infinityfree.com/if0_34532282/htdocs/EarnMoney/index.php on line 10

Other Information

<?php
include("include/connection.php");
if(isset($_SESSION['islogged']) == "1")
{
	echo "<script language='javascript'>window.location='users.php';</script>";
}		
if(isset($_POST['submit']))
{
	$selectdata123 = $conn->query("select * from `usermaster` where username='".$_POST['username']."' and password='".$_POST['password']."'");
	if($check_row = $selectdata123->fetch_assoc()) {
		$_SESSION['islogged']="1";
		$_SESSION['userid']=$check_row['userid'];
		$_SESSION['email']=$check_row['email'];
		$_SESSION['paging']="10";
		echo "<script language='javascript'>window.location='users.php';</script>";
		exit;
	}
	if($_SESSION['islogged'] !="1")
	{
	?>
		<script language="JavaScript" type="text/javascript">	
			alert("Password you entered is wrong, Please try again.");
			window.location='index.php';
		</script>
	<?php
		die;
	}
}
?>

Greenreader9 · July 9, 2023, 6:12pm

Your code may be vulnerable the SQL injection. I would fix that before anything else, you may fix this issue while correcting your vulnerable code.

Admin · July 10, 2023, 9:27am

This error tells you that the object on which you’re trying to call the fetch_assoc() function is actually a bool value. Looking at the code, that’s $selectdata123.

Looking at the documentation of the MySQLi query function tells us:

Returns false on failure. For successful queries which produce a result set, such as SELECT, SHOW, DESCRIBE or EXPLAIN , mysqli_query() will return a mysqli_result object. For other successful queries, mysqli_query() will return true .

Given that it’s a SELECT query, it’s likely that the query failed and the result is false. You could be able to get the error message through the $conn->error variable if this happens.

Reading the rest of the documentation of the query function is also a good idea. It has a big red warning banner about SQL injection, which your code is wide open to.

system · July 17, 2023, 9:28am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.