PDO - Call to a member function fetch() on a non-object
Instead of:
$query = $db->query("SELECT articles . title FROM articles");
Try:
$query = $db->query("SELECT title FROM articles");
edit
Try:
while ($row = $query->fetch(PDO::FETCH_ASSOC)) {
echo $row['title'];
}
PDO - Fatal error: Call to a member function fetch() on a non-object
Your code has the variable $username
in the top part of your question, but you then have $user
in the bottom section.
Are you perhaps meaning to use the same variable?
$username = ($_GET ['user']);
$sth = $dbh->query( "SELECT username, user_state, last_activity, alerts_unread, conversations_unread, message_count
FROM xf_user WHERE username='$user'" );
// ^^ Should this ALSO be $username ?
$row = $sth->fetch();
Edit: Okay, now you are just being cute with your PDO::ATTR_EMULATE_PREPARES
. Observe this:
Database and table structure:
Database changed
mysql> show tables
-> ;
+----------------+
| Tables_in_prep |
+----------------+
| users |
+----------------+
1 row in set (0.00 sec)
mysql> select * from users;
+----+---------+--------+
| id | userid | pass |
+----+---------+--------+
| 1 | Fluffeh | mypass |
+----+---------+--------+
1 row in set (0.00 sec)
And some PHP code that is copied from yours, with the added PDO attribute:
<?php
//$username = ($_GET ['user']);
$username="Fluffeh";
$dbh = new PDO('mysql:host=localhost;dbname=prep', 'prepared', 'example');
$dbh->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_OBJ);
$sth = $dbh->query( "SELECT userid, pass FROM users WHERE userid='$username'" );
echo "Trying to use $username.\n";
print_r($sth->fetch());
echo "----------------------------------------\n\n";
?>
<?php
//$username = ($_GET ['user']);
$username="user2693017";
$dbh = new PDO('mysql:host=localhost;dbname=prep', 'prepared', 'example');
$dbh->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_OBJ);
$sth = $dbh->query( "SELECT userid, pass FROM users WHERE userid='$username'" );
echo "Trying to use $username.\n";
print_r($sth->fetch());
echo "----------------------------------------\n\n";
?>
<?php
//$username = ($_GET ['user']);
$username="Oh my' or 1=1 or 'm=m";
$dbh = new PDO('mysql:host=localhost;dbname=prep', 'prepared', 'example');
$dbh->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_OBJ);
$sth = $dbh->query( "SELECT userid, pass FROM users WHERE userid='$username'" );
echo "Trying to use $username.\n";
print_r($sth->fetch());
echo "----------------------------------------\n\n";
?>
<?php
//$username = ($_GET ['user']);
$username="(select id from users limit 1)";
$dbh = new PDO('mysql:host=localhost;dbname=prep', 'prepared', 'example');
$dbh->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_OBJ);
$sth = $dbh->query( "SELECT userid, pass FROM users WHERE id='$username'" );
echo "Trying to use $username.\n";
print_r($sth->fetch());
echo "----------------------------------------\n\n";
?>
<?php
//$username = ($_GET ['user']);
// Changed this one to be a non-string, you might be checking an ID instead.
$username="(select id from users limit 1)";
$dbh = new PDO('mysql:host=localhost;dbname=prep', 'prepared', 'example');
$dbh->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_OBJ);
$sth = $dbh->query( "SELECT userid, pass FROM users WHERE id=$username" );
echo "Trying to use $username.\n";
print_r($sth->fetch());
echo "----------------------------------------\n\n";
?>
<?php
//$username = ($_GET ['user']);
$username="bob'; drop table users; \
";
// This one is tricker to do in PHP code. I could easily enter this into a text field however.
$dbh = new PDO('mysql:host=localhost;dbname=prep', 'prepared', 'example');
$dbh->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_OBJ);
//$sth = $dbh->query( "SELECT userid, pass FROM users WHERE id='$username'" );
echo "Trying to use $username.\n";
print_r($sth->fetch());
echo "----------------------------------------\n\n";
?>
And the output:
Trying to use Fluffeh.
stdClass Object
(
[userid] => Fluffeh
[pass] => mypass
)
----------------------------------------
Trying to use user2693017.
----------------------------------------
Trying to use Oh my' or 1=1 or 'm=m.
stdClass Object
(
[userid] => Fluffeh
[pass] => mypass
)
----------------------------------------
Trying to use (select id from users limit 1).
----------------------------------------
Trying to use (select id from users limit 1).
stdClass Object
(
[userid] => Fluffeh
[pass] => mypass
)
----------------------------------------
Trying to use bob'; drop table users; \
.
----------------------------------------
Oh, the reason I left the last one till LAST is this output now in my database:
mysql> show tables;
Empty set (0.00 sec)
Yes, that's right, I just dropped a table. Let me say that again, I had a select statement, and with a little trickery I entered in a value that ANYONE with half a brain and some malicious intent could do into a text field, and DROPPED YOUR TABLE.
Now, granted, if you are setting things up properly, you might well set up a different user for the select statements, and only grant them select
rights from your database, to stop this sort of thing happening - but lets be honest... you aren't are you?
Clearly setting that emulation is not enough. Seriously, now PLEASE do go read that answer, use prepared statements and use params if you want to be secure in your code.
Call to a member function fetch() on a non-object
When you call
$stmt = $stmt->execute($query_getProjectID_params);
You assign the return-value of execute()
to $stmt
, overwriting the variable, making it a boolean instead of an object. When you continue, $stmt
no longer holds the PDOStatement
object, but is now a boolean.
The solution is simply to remove the overwrite of your object, like this (remove $stmt =
in front).
$stmt->execute($query_getProjectID_params);
- http://php.net/pdostatement.execute
PDO :Call to a member function fetch() on a non-object
You should name variables properly.
stmt->execute()
returns bool
.
So after
$page = $page->execute(['slug'=>$slug]);
$page
is bool
and has no methods.
How to fix Call to a member function fetch() on a non-object?
According to the documentation for PDO::query which says:
PDO::query() returns a PDOStatement object, or FALSE on failure.
Your SQL Query made a mistake, so be sure it's right.
call to a member function fetch() on a non-object in pdo
execute()
Returns TRUE on success or FALSE on failure.
In your case you are try to fetch data form bool value
$result=$stmt->execute();
$message=$result->fetch();
Just need to change
$stmt->execute();
$message=$stmt->fetch();
call to a member function fetch() on a non-object in pdo
execute()
Returns TRUE on success or FALSE on failure.
In your case you are try to fetch data form bool value
$result=$stmt->execute();
$message=$result->fetch();
Just need to change
$stmt->execute();
$message=$stmt->fetch();
Call to a member function fetch() on integer in
The exec()
method only returns the number of rows effected. You probably want to use query()
instead.
$NU=$connection->query("SELECT COUNT(ID) AS Total FROM USERS");
$Result=$NU->fetch(PDO::FETCH_ASSOC)['Total'];
echo "$Result";
The query()
statement will execute a single query and return a PDOStatement
object you can fetch from or false
on failure.
Related Topics
Why Would I Use Dirname(_File_) in an Include or Include_Once Statement
What Is the Use of <<<Eod in PHP
Creating a Folder When I Run File_Put_Contents()
How Does "Do Something or Die()" Work in PHP
Process Very Big CSV File Without Timeout and Memory Error
How to Check If a MySQL Table Exists with PHP
MySQL Order by Rand(), Name Asc
Linux - PHP 7.0 and Mssql (Microsoft SQL)
Is Header('Content-Type:Text/Plain'); Necessary at All
When Should I Use a Bitwise Operator
PHP Regex for Validating a Url
How to Check If an Integer Is Within a Range of Numbers in PHP
How To: Install Memcache on Xampp (Windows 7/8/10)