CODEWITHSUNDEEP
phpsession
Andrew
Andrew

Reputation: 149

Get data from multiple table at $_SESSION PHP

currently I want to get two different data from two tables when users login to the system. The entitle table is "user","user_staff" and "user_group". But when the user enter its username and password and submit it prompt "Fatal error: Call to a member function fetch_array() on a non-object in C:\xampp\htdocs\auditsystem\index.php on line 26"

Below are the code:

if($username!= "" && $password != "")
{
//INNER JOIN user_group_module_role ON user.user_group_module_role_id = user_group_module_role.id
    $result =  $db->query("SELECT * FROM user 
                            INNER JOIN user_staff ON user.user_staff_id = user_staff.id
                            WHERE username = '$username' AND password = '$password'"); 



    if($result->num_rows == 1)
    {
        $validate = $result->fetch_assoc();

        $query1 = "SELECT * FROM usergroup WHERE id = $validate[user_group_id]";
        $result1 = $db->query($query1);
        $row1 = $result1->fetch_array();
        //change here for the authority 
        $_SESSION['user_staff'] = $validate['displayname'];
        $_SESSION['usergroup'] = $row1['user_group_type'];
        echo "<script language='javascript'>window.location='panel.php'</script>"; 
    }
    else
    {
        echo "<script>alert('Sorry, wrong username and password please check.')</script>";
    }
}

Upvotes: 0

Views: 1624

Answers (1)

Twisty
Twisty

Reputation: 30893

Your query is malformed and is failing. This makes $result1 null/false. Your queries are also vulnerable to SQL Injection!

if($username!= "" && $password != ""){
//INNER JOIN user_group_module_role ON user.user_group_module_role_id = user_group_module_role.id
    $result =  $db->query("SELECT * FROM user INNER JOIN user_staff ON user.user_staff_id = user_staff.id WHERE username = '$username' AND password = '$password'"); 
    if($result->num_rows == 1){
        $validate = $result->fetch_assoc();
        $query1 = "SELECT * FROM usergroup WHERE id = {$validate['user_group_id']}";
        if($result1 = $db->query($query1)){
            $row1 = $result1->fetch_array();
            //change here for the authority 
            $_SESSION['user_staff'] = $validate['displayname'];
            $_SESSION['usergroup'] = $row1['user_group_type'];
            echo "<script language='javascript'>window.location='panel.php'</script>"; 
        } else {
            echo "<script language='javascript'>alert('SQL Error.');</script>";
        }
    } else {
        echo "<script>alert('Sorry, wrong username and password please check.')</script>";
    }
}

Upvotes: 5

Related Questions