简体中文(ZH-CN) English(EN) 繁体中文(ZH-TW) 日本語(JA) 한국어(KO) Melayu(MS) Français(FR) Deutsch(DE)
PDO attempts to access the array offset of a value of type bool
P粉512729862
P粉512729862 2024-03-26 10:35:09
0
1
456

So this is driving me crazy! If the username is correct then it compares the password perfectly fine, but if the username is wrong then the comparison doesn't happen and it throws me this error. I want to compare the database value with the value entered by the user. 

<?php
$nm = $_POST['nm'];
$pw = $_POST['pw'];

try{
    $pdo = new PDO('mysql:host=localhost;dbname=gold-market_main', 'root', '');
    $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}catch(PDOException $e) {
    echo "Connection failed: ".$e->getMessage();
    die();
}

if($nm == null){
    die("Feld darf nicht leer sein!");
} elseif(ctype_alpha($nm[0]) or ctype_digit($nm[0])){



$sql = "SELECT k_nutzername, k_passwort FROM kunden WHERE k_nutzername IN('$nm');";
$result = $pdo->query($sql);
$row = $result->fetch(PDO::FETCH_ASSOC);

if("{$row['k_nutzername']}" != $nm) {
    //header("Location: login_wrongUN.html");     
    print("nm wrong");  
} elseif("{$row['k_passwort']}" != $pw) {
    //header("Location: login_wrongPW.html");  
    print("pw wrong"); 
} else {
    header("Location: konto.html");
}   

}else{
    die("Nutzername muss mit einem buchstaben oder einer Zahl beginnen!");
}
    $pdo = null;
?>

P粉512729862
P粉512729862

reply all(1)
P粉184747536
P粉1847475362024-03-27 00:04:57 1 floor

You can do something similar. However, it does not protect against insecure passwords a> nor is it a timed attack. 

setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}catch(PDOException $e) {
    echo "Connection failed: ".$e->getMessage();
    die();
}

if($nm == null){
    die("Feld darf nicht leer sein!")
} //ctype does not protect



$sql = $pdo->prepare("SELECT k_nutzername, k_passwort FROM kunden WHERE k_nutzername = ?;");
$sql->bindValue(1,$nm,PDO::PARAM_STR); //bind a value to a query, called parametrized queries, most secure way against SQL injection.
$sql->execute();
$row = $sql->fetch(PDO::FETCH_ASSOC);

if(!$row) { // if the username not exists
    //header("Location: login_wrongUN.html");     
    print("nm wrong");  
} elseif($row['k_passwort'] != $pw) {
    //header("Location: login_wrongPW.html");  
    print("pw wrong"); 
} else {
    header("Location: konto.html");
}
    $pdo = null;
?>
Like +0
Add Reply
Popular Topics
More>
Popular Articles
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
About us Disclaimer Sitemap
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!