-2

its my first time creating a php OOP website. i have encountered this error and have tried to understand it from other people who had similar errors but i cant find a perfect solution. This is what is being outputed.

Fatal error: Uncaught Error: Call to a member function fetch_assoc() on bool in D:\Xampp\htdocs\online_exam\classes\Exam.php:88 Stack trace: #0 D:\Xampp\htdocs\online_exam\test.php(12): Exam->getQuesByNumber(5) #1 {main} thrown in D:\Xampp\htdocs\online_exam\classes\Exam.php on line 88

And these are codes it directs to.

(test.php)

<?php
Session::checkSession();

if(isset($_GET['q'])){
  $number = (int)$_GET['q'];   /*here now $number = quesNo*/
}else{
    header("Location:exam.php");
}
$total=$exm->getTotalRows();
$question=$exm->getQuesByNumber($number);
?>

<?php
if($_SERVER['REQUEST_METHOD'] == 'POST'){
    $process = $pro->processData($_POST);
}
?>

Exam.php for functions

public function getQuesByNumber($number){
    $query    = "SELECT * FROM tbl_ques WHERE quesNo = '$number'";
    $getDataRow   = $this->db->select($query);
    $result    = $getDataRow->fetch_assoc();
    return $result;
}

from my research i've seen most people say that mysql string may be wrong but it seems not the case as i have crosschecked thoroughly for hours yet still the same outcome no matter what i do.

Any help, suggestions or opinions will be very helpful.

waga
  • 1
  • 1
  • Assuming you're using mysqli here, add `mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);` before your `mysqli_connect()` (or `new mysqli()`) command, and this will ensure that errors with your SQL queries are reported correctly to PHP automatically. That way you'll see the underlying SQL error, not just the later consequences of it (which is what is happening now - mysqli_query returns `false` (a bool) when it fails). Whatever you googled in relation to this error, did you not find this advice already? It's pretty common and is the only way to be sure exactly what went wrong. – ADyson Jun 01 '22 at 11:32
  • 1
    **Warning:** Your code is vulnerable to SQL Injection attacks. You should use parameterised queries and prepared statements to help prevent attackers from compromising your database by using malicious input values. http://bobby-tables.com gives an explanation of the risks, as well as some examples of how to write your queries safely using PHP / mysqli. **Never** insert unsanitised data directly into your SQL. The way your code is written now, someone could easily steal, incorrectly change, or even delete your data. – ADyson Jun 01 '22 at 11:33
  • https://phpdelusions.net/mysqli also contains good examples of writing safe SQL using mysqli. See also the [mysqli documentation](https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php) and this: [How can I prevent SQL injection in PHP?](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) . Parameterising your queries will also greatly reduce the risk of accidental syntax errors as a result of un-escaped or incorrectly quoted input values. If you learnt your current technique from a tutorial or book, please don't use it again. – ADyson Jun 01 '22 at 11:33

0 Answers0