PHP错误:在非对象上调用成员函数rowCount() [英] PHP error: Call to a member function rowCount() on a non-object

问题描述

我正在使用需要登录页面的Web应用程序，但一切正常，但我注意到当用户尝试连接并且其密码包含caracter时，他无法操作并且出现一个难看的错误，提示FATAL ERROR:Call to a member function rowCount() on a non-object. 这是我的代码:

I'm working on web app that require a login page, everything work fine but i noticed that when a user try to connect and his password contain caracter he can't and an ugly error appear says FATAL ERROR:Call to a member function rowCount() on a non-object. here is my code:

$password=$_GET["password"];
$req="SELECT * FROM `enseignant` WHERE ens_cin=$login AND ens_pass=$password";
$res=$idconnex->query($req);
if($res->rowCount() > 0)
    {echo 'SUCCESS CONNECT';}
else
    {echo 'FAIL CONNECT';}

当我尝试在if()中添加!empty($result)时，情况变得更糟了..它会将所有那些具有特征的角色视为未登录用户而被淘汰！！但没有错误出现. 感谢您的帮助，对不起我的英语不好.

when i tried to add !empty($result) in if() ,thing goes worst.. it conseder all those how has caracteres in thier pass as not signed in user!! but no error appear.. thanks for help and sorry for my bad English.

推荐答案

我们很有可能在这里处理字符串，因此需要在您的值中引用变量.

We're more than likely dealing with strings here, so the variables in your values need to be quoted.

WHERE ens_cin='$login' AND ens_pass='$password'";

此外，仅使用PDO并不意味着您可以安全地进行SQL注入.

Plus, just using PDO on its own, doesn't mean you're safe against SQL injection.

• 将PDO与准备好的语句一起使用 .

见解:

An insight:

确保您确实通过PDO而不是mysqli_进行连接.我经常看到这类问题.

Make sure that you are indeed connecting through PDO and not mysqli_. I see these types of questions often.

如果是这种情况，那些不同的MySQL API不会相互混合.

If that is the case, those different MySQL APIs do not intermix with each other.

现在，这个:

$password=$_GET["password"];

通过GET传递密码也不安全；您不知道谁可能在监听".您应该使用POST.我也希望您使用哈希而不是纯文本来存储密码.

Passing a password through a GET isn't safe neither; you don't know who may be "listening in". You should be using POST. I hope also that you are using a hash and not plain text for password storage.

旁注:如果这是来自HTML表单，请确保您确实在使用GET且未与POST混淆.

Sidenote: Make sure you're indeed using GET and not mixed up with POST, should this be coming from an HTML form.

但没有出现错误"

您可能没有检查错误.

在打开连接后立即添加$idconnex->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);.

Add $idconnex->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); right after the connection is opened.

将 错误报告 添加到文件顶部，这将有助于发现错误.

Add error reporting to the top of your file(s) which will help find errors.

<?php 
error_reporting(E_ALL);
ini_set('display_errors', 1);

// rest of your code

边注:错误报告仅应在登台进行，而绝不能在生产中进行.

Sidenote: Error reporting should only be done in staging, and never production.

这篇关于PHP错误:在非对象上调用成员函数rowCount()的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！