-1

I'm trying to create my first web site using html, css, js and php. I have a problem with a php function:

public function doLogin($login,$pass,$conn)
{

    $req="SELECT login,password FROM client WHERE login='"+$login+"'";
    $liste=$conn->query($req);
    if($liste->rowCount()==1)
    {
       return true;
    }

}

It's supposed to be used in the login but I get this message:

Fatal error: Call to a member function rowCount() on a non-object in C:\wamp\www\test\methode.php on line 56

Hannes Johansson
  • 1,794
  • 2
  • 15
  • 28
ahmed
  • 1
  • 2
    Well the query didn't work so it returned `false` which you put in `$liste`. That's why it says **Call to a member function rowCount() on a non-object** because it's a boolean and not an object. – Daan Mar 30 '16 at 14:07
  • From the documentation: "*For most databases, PDOStatement::rowCount() does not return the number of rows affected by a SELECT statement. Instead, use PDO::query() to issue a SELECT COUNT(*) statement*" -- also mixing JavaScript and PHP here (which is why the query fails, and you just assume it's working): `'"+$login+"'"` those `+` are not for PHP (it's for JavaScript), use `.` to combine strings instead. You should also look into prepared statements, since you're using an API that supports it. http://stackoverflow.com/q/60174/4535200 – Qirel Mar 30 '16 at 14:09

1 Answers1

0

regardless of any consideration about injection, take note that in php you must use . and not + concatenate strings. I.e.: 

$req="SELECT login,password FROM client WHERE login='"+$login+"'";

should be 

$req="SELECT login,password FROM client WHERE login='".$login."'";
luca3003
  • 109
  • 8