Call to a member function fetchAll() on a non-object

hi,

i have the following function which i call upon logging in and it keep giving me the call on non-object what am i missing here. if i replace the prepare and just use ->query it seems to be fine but i read that if i do it that way i would run the risk of injection. any help is greatly appreciated

$conn= is my database connection

function get_session_data($userid){
	
	global $conn;
	//SELECT THE ITEMS FROM THE DATABASE YOU WANT
	$items="*";
	$senstive=array("password", "uuk","secret_q1","secret_q2","secret_ans1","secret_ans2");
	
	//GET THE INFORMATION FROM THE DATABASE
	$sql="SELECT ".$items." FROM bb_users WHERE uid=(:uid) LIMIT 1";	
	$res=$conn->prepare($sql);
	$data=$res->execute(array(":uid"=>$userid));
	$row = $data->fetchAll(PDO::FETCH_ASSOC);
	if($row){	
		foreach($row as $col =>$info){
			//DO NOT STORE THE PASSWORD OR OTHER SENSITIVE DATA
			if(!in_array($col,$senstive)){
			//SET EACH DATA VARIABLE AS A SESSION VARAIBLE
		
				$_SESSION[$col] =$info;	
			}
		}
	}else{
		//QUERY FAILED
		$warning="SESSION ERROR WITH SESSION".$conn->errorCode();
		print_r($warning);
		die;	
		
	}
	
}

Open in new window

LVL 6
J NUnicorn wranglerAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
GaryConnect With a Mentor Commented:
Scrap the above.

...
	$res=$conn->prepare($sql);
	$res->execute(array(":uid"=>$userid));
	$row = $res->fetchAll(PDO::FETCH_ASSOC);
...

Open in new window


Notice you just execute the statement, no assignment.
0
 
Ray PaseurCommented:
The most frequent cause of this message is a failing query.  The script did not test for query success and tried to use the result resource as if it were valid.
0
 
Ray PaseurCommented:
Try removing the colon from this statement.  It's used for the placeholder signal in the query string, but the array needs to use the field name without the colon.  I don't know why they designed it this way -- it's confusing and it would be easy enough to ignore leading colon.  But alas...

$data=$res->execute(array(":uid"=>$userid));

Change to:

$data=$res->execute(array("uid"=>$userid));

Some working examples are available in this article:
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/PHP_Databases/A_11177-PHP-MySQL-Deprecated-as-of-PHP-5-5-0.html

If you look carefully at the way errors and exceptions are handled you will find ways to get PHP to tell you what went wrong.

HTH, ~Ray
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

 
J NUnicorn wranglerAuthor Commented:
so i

var_dump($data) = bool(true)

$data=$res->execute(array(":uid"=>$userid));
0
 
J NUnicorn wranglerAuthor Commented:
Oh i have been bouncing back and forth between that page, php.net and my project

 i changed

$data=$res->execute(array("uid"=>$userid));

same thing

i also tried
$row = $data->fetch(PDO::FETCH_ASSOC);
0
 
GaryCommented:
Try this amendment

...
	$data=$res->execute(array(":uid"=>$userid));
	$row_count=$data->rowCount()
	$row = $data->fetchAll(PDO::FETCH_ASSOC);
	if($row_count>0){
...

Open in new window

0
 
Ray PaseurCommented:
Just edited my earlier comment - refer back :-)
0
 
J NUnicorn wranglerAuthor Commented:
i tried both ways no luck and when i do the row count

 Call to a member function rowCount()
0
 
GaryCommented:
The colons is a preferential thing, you don't need them as pdo understands what you mean but it is the documented method.
0
 
Ray PaseurCommented:
This might work better.  It's not a complete solution but at least it will give you some hope of getting an error message that means something.  Obviously it's untested code because we do not have your data set, but it may be worth a try.

function get_session_data($userid)
{
    // A PDO OBJECT
    global $conn;
    var_dump($conn);
    
    // SELECT THE ITEMS FROM THE DATABASE YOU WANT
    $items = "*";
    
    // LIST THE COLUMN NAMES YOU DO NOT WANT
    $senstive = array("password", "uuk","secret_q1","secret_q2","secret_ans1","secret_ans2");
    
    // QUERY TO GET THE INFORMATION FROM THE DATABASE
    $sql  = "SELECT $items FROM bb_users WHERE uid=:uid LIMIT 1";
    
    // PREPARE THE QUERY
    try 
    {     
        $pdos = $conn->prepare($sql); 
    } 
    catch(PDOException $exc) 
    { 
        var_dump($exc);
        trigger_error($exc->getMessage(), E_USER_ERROR);
    }

    // BIND THE VARIABLE AND TRY THE QUERY
    $pdos->bindParam(':uid', $userid, PDO::PARAM_STR);

    try
    {
        $pdos->execute();
    }
    catch(PDOException $exc)
    {
        var_dump($exc);
        trigger_error($exc->getMessage(), E_USER_ERROR);
    }

    // ONLY ONE ROW WILL BE RETURNED
    $row = $pdos->fetchAll(PDO::FETCH_OBJ);
    
    // SHOW THE DATA
    var_dump($row);
}

Open in new window

If that gives you sensible results, you can add the rest of the logic back in and remove the calls to var_dump().
0
 
J NUnicorn wranglerAuthor Commented:
how is your method different than mine

original
$sql="SELECT * FROM bb_users WHERE uid=(:uid) LIMIT 1";	
	$res=$conn->prepare($sql);
	$data=$res->execute(array(":uid"=>$userid));
	$row = $data->fetchAll(PDO::FETCH_ASSOC);

Open in new window


than yours - i thought mine just broke it out into more variables
$sql="SELECT ".$items." FROM bb_users WHERE uid=(:uid) LIMIT 1";	
	$res=$conn->prepare($sql);
	$res->execute(array(":uid"=>$userid));
	$row = $res->fetchAll(PDO::FETCH_ASSOC);

Open in new window

0
 
Ray PaseurCommented:
Parentheses do not belong in the WHERE clause of this query.  I'll bet if there is error visualization that will be one of the things that SQL objects to.

To anyone coming across this question and answer in the future, please stop what you're doing and instead read the article linked below, carefully, for understanding.  The basics have all been covered in detail, with well-commented code examples that teach safe and predictable ways of getting the results you need.  If you want to be a programmer you have to understand this stuff!  Code fragments without any test data are a sure way to get confused and stay confused.  Don't waste your time guessing.   The article maps familiar SQL operations onto various data base extensions, including MySQL, MySQLi, and PDO (MySQL).

http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/PHP_Databases/A_11177-PHP-MySQL-Deprecated-as-of-PHP-5-5-0.html
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.