Php & MYSQL Login Script - Trying to get property of non-object *** on line 11

Question

I´m trying to create a simple login script for my Website (with PHP & Mysql). Created the original script with plain php & mysql commands and everything worked just fine. Now i wanted to exchange the old mysql commands with mysqli commands. Somehow i´m now getting the error "Trying to get property of non-object *** on line 11" when I test my script. Could somebody explain exactly to me what causes that problemn and how to solve it (because I dont really understand the error here)?

Login Script:

<?php
session_start();
?>
<?php
    include_once "db_connect.php";
    $username = $_POST["username"];
    $password = md5($_POST["password"]);
    $abfrage = "SELECT username, password FROM login WHERE username LIKE '$username' LIMIT 1";
    $ergebnis = mysqli_query($verbindung,$abfrage);
    $row = mysqli_fetch_assoc($ergebnis);
    if ($row->password === $password) {         <--- Line 11
    $_SESSION["username"] = $username;
    if ($username != "admin") {
            echo "Login erfolgreich. <br> <a href=\"../secure/geheim.php\">Geschützter Bereich</a>";
    }
    else {
            echo "Login erfolgreich. <br> <a href=\"../secure/admin.php\">Geschützter Bereich</a>";
    }
    }
    else {
    echo "Benutzername und/oder Passwort sind falsch.";

    }
?>

Your query failed and you need to find out why. Consult these following links http://php.net/manual/en/mysqli.error.php and http://php.net/manual/en/function.error-reporting.php and apply that to your code. — Funk Forty Niner, Dec 02 '15 at 12:41
Are any rows returned by your query? use `echo mysqli_num_rows($ergebnis);` before line 11 to find out — simdrouin, Dec 02 '15 at 12:45
Data type of $password and $row->password must be same in case of === — Krishna Gupta, Dec 02 '15 at 12:45
The query _might_ have failed (and the warning message of mysqli_fetch_assoc suppressed) but there also _might_ just be no matching record -> empty result set -> mysqli_fetch_assoc returns false. — VolkerK, Dec 02 '15 at 12:45
@Krishna that wouldn't result in that particular warning/notice — VolkerK, Dec 02 '15 at 12:46
Note that this error means that the $row has no property with the name 'password'. Did you try $row[''password"]? — Franco, Dec 02 '15 at 12:48
http://stackoverflow.com/questions/12769982/reference-what-does-this-error-mean-in-php/26572398#26572398 — Jocelyn, Dec 02 '15 at 16:48

score 1 · Answer 1 · answered Dec 02 '15 at 12:54

<?php
session_start();

include_once "db_connect.php";
// either use require_once + bail-out code in db_connect.php
// or check the connection resource/object here. 
if ( !$verbindung || $verbindung->connect_errno ) {
    die('sorry, db error. try again later');
}
$password = md5($_POST["password"]); // md5, unsalted ...not secure anymore. see http://docs.php.net/password_hash

// see http://php.net/security.database.sql-injection
$abfrage = sprintf( // password is a reserved word in mysql -> backticks around the field id
    "SELECT `username`, `password` FROM login WHERE username LIKE '%s' LIMIT 1",
    mysqli_real_escape_string($verbindung, $_POST["username"]) 
);
$ergebnis = mysqli_query($verbindung,$abfrage);
// mysqli_query may fail at any time -> error handling required
if ( !$ergebnis ) {
    echo 'db query failed'; // $verbindung->error should contain more information
}
else if ( !($row = mysqli_fetch_assoc($ergebnis)) ) {
    echo 'no result'; // you probably shouldn't make a distinction between "no such record" and "wrong password" - just for illustration
}
else if ($row['password'] === $password) { // fetch_assoc returns an array, not an object
    $_SESSION["username"] = $username;
}

Thank you very much for those helpful suggestions. Gonna keep that in mind while reworking my whole script. — RedPanda, Dec 02 '15 at 14:40

score 1 · Accepted Answer · edited Dec 02 '15 at 13:35

1

$row is an associative array, because you have used $row = mysqli_fetch_assoc($ergebnis); but you are treating $row as an object i.e. $row->password

So try:

if ($row['password'] === $password)

edited Dec 02 '15 at 13:35

RiggsFolly

93,638
21
103
149

answered Dec 02 '15 at 12:55

mbrother

26
3

Arun Krish · Answer 3 · 2015-12-02T13:34:25.077

0

use that like this

$row = mysqli_fetch_assoc($ergebnis);
if ($row['password'] === $password) {

edited Dec 02 '15 at 13:34

answered Dec 02 '15 at 12:49

Arun Krish

2,153
1
10
15

score 0 · Answer 4 · edited Dec 02 '15 at 14:42

0

Try with $row["password"]==$password

If it still shows the same thing, then var_dump $row and see if it returns a result.

edited Dec 02 '15 at 14:42

trincot

317,000
35
244
286

answered Dec 02 '15 at 12:50

Amir Saadallah

668
1
8
19

got a typo here `passowrd` – Funk Forty Niner Dec 02 '15 at 12:53
You are too kind Smokey @RiggsFolly this guy either doesn't give a *"you know what"*, or just left to go to *"wherever"*. – Funk Forty Niner Dec 02 '15 at 13:39
We live to serve @Fred-ii- – RiggsFolly Dec 02 '15 at 13:40

Php & MYSQL Login Script - Trying to get property of non-object *** on line 11

4 Answers4