-2

I want to get some data from database for the welcome page, but i got this error, instead of the name:

Notice: Trying to access array offset on value of type null in C:\xampp\htdocs\session.php on line 10

The code for session.php is:

<?php
   include('config.php');
   session_start();
   
   $user_check = $_SESSION['login_user'];
   
   $ses_sql = mysqli_query($db,"select nume from users where nume = '$user_check' ");
   
   $row = mysqli_fetch_array($ses_sql,MYSQLI_ASSOC);
   $login_session = $row['nume'];
   
   if(!isset($_SESSION['login_user'])){
      header("location:login.php");
      die();
   }
   
?>

I searched the solution for this error already on the site, but nothing helped me.

tadman
  • 208,517
  • 23
  • 234
  • 262
Andrei Mirescu
  • 1
  • 3
  • The error means `$row` is `null`. As per [the manual](https://www.php.net/manual/en/mysqli-result.fetch-array.php), mysqli_fetch_array will return `null` if there are no more rows to fetch. You can't assume your query will definitely return any results - you need to check this before attempting to read data from the row. – ADyson Oct 19 '20 at 12:46
  • P.S. Your query appears to be a bit pointless - `select nume from users where nume...`. If `nume` will equal $user_check, then you don't need to select `nume` from the database again do you? Because you already know it. I'm guessing this is probably a mistake and actually you intended to specify some other column name in the WHERE clause - perhaps an ID or username field? (And that would also help to explain why the query doesn't return anything.) – ADyson Oct 19 '20 at 12:47
  • And also your validation logic is backwards - you're doing a check for `!isset($_SESSION['login_user'])`...but only **after** you've already tried to use it a few lines earlier! So clearly this will lead to problems in cases where the value isn't set. You need to move that `if` block earlier, to before the `$user_check = ...` line. (This could also be another reason why your query isn't working correctly.) – ADyson Oct 19 '20 at 12:50
  • Your query might be fetching an empty result set . You can do a "print mysqli_num_rows($ses_sql);" after your query to check how many rows you are getting from it. You are getting the error because if $row is empty , you can't read data from it with $row['nume'] – Arturo Oct 19 '20 at 12:51
  • **WARNING**: Writing an access control layer is not easy and there are many opportunities to get it severely wrong. Any modern [development framework](https://www.cloudways.com/blog/best-php-frameworks/) like [Laravel](http://laravel.com/) comes with an [authentication system](https://laravel.com/docs/master/authentication) built-in, and there are [authentication libraries](http://phprbac.net/) you can use. At the absolute least follow [recommended security best practices](http://www.phptherightway.com/#security) and **never store passwords as plain-text** or a weak hash like **SHA1 or MD5**. – tadman Oct 19 '20 at 14:38

1 Answers1

0

Just check if your array key values are set. You do so with isset($_SESSION['login_user']) already at the end of the script. You should do that all the time, when you 're dealing with array keys.

if (isset($_SESSION['login_user'])) {
    // do your sql stuff here
    // beware of sql injection!
    // better use prepared statements
} else {
    header('Location: login.php');
    exit();
}

If the result of your sql request is null or false, you should check $row['nume'] also with isset or at least with $user !== null.;

Marcel
  • 4,854
  • 1
  • 14
  • 24