-2

Please help me to solve this,

Warning: Undefined variable $mysqli in C:\xampp\htdocs\syslaporan\auth\auth.php on line 10

Fatal error: Uncaught TypeError: mysqli_query(): Argument #1 ($mysql) must be of type mysqli, null given in C:\xampp\htdocs\syslaporan\auth\auth.php:10 Stack trace: #0 C:\xampp\htdocs\syslaporan\auth\auth.php(10): mysqli_query(NULL, 'SELECT * FROM t...') #1 {main} thrown in C:\xampp\htdocs\syslaporan\auth\auth.php on line 10

I just update my XAMPP to the new one, and use PHP 8 right now. I just started to learning php and start with configure my login page.

Koneksi.php

Auth.php

Give me advice, Give me some codes to solve my problem

ADyson
  • 57,178
  • 14
  • 51
  • 63
Aziz maulana Rosyid
  • 1
  • 1
    Welcome to SO! Please do not use pictures of code, and add the relevant parts in the question itself as text (using the "Edit" link). I suggest you take the [tour] and look at the [help] – Kaddath Aug 22 '23 at 09:41
  • Well it's not complicated...where do you think `$mysqli` is defined? Tell me, in your code, where you created that variable? Obviously you didn't create it anywhere. That's what the error message is explaining. You can't use a variable which doesn't exist. If you look at your Koneksi.php you clearly named the connection variable as `$conn`. Two seconds glance and actually doing some _thinking_ would tell you this. Is there something about the phrase "Undefined variable" you didn't understand? Did you try to research it?? You can find plenty of explanations online. – ADyson Aug 22 '23 at 09:42
  • (And the second error is just a consequence of the first, so if you fix the first one the second one will go away too). `$query = mysqli_query($conn,` ... etc. Even as a beginner, it should be clear to you that in order to use a variable for some purpose, you must first create and assign a variable with that name. And if you don't understand error messages, google is your best friend. As a beginner, you will almost never encounter an error that someone hasn't posted about before. – ADyson Aug 22 '23 at 09:43
  • 1
    P.S. **Warning:** Your code is vulnerable to SQL Injection attacks. You should use parameterised queries and prepared statements to help prevent attackers from compromising your database by using malicious input values. http://bobby-tables.com gives an explanation of the risks, as well as some examples of how to write your queries safely using PHP / mysqli. **Never** insert unparameterised data directly into your SQL. The way your code is written now, someone could easily steal, incorrectly change, or even delete your data. – ADyson Aug 22 '23 at 09:43
  • https://phpdelusions.net/mysqli also contains good examples of writing safe SQL using mysqli. See also the [mysqli documentation](https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php) and this: [How can I prevent SQL injection in PHP?](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) . Parameterising your queries will also greatly reduce the risk of accidental syntax errors as a result of un-escaped or incorrectly quoted input values. If you learnt your current technique from a tutorial or book, please don't use that resource again. – ADyson Aug 22 '23 at 09:43
  • 1
    Also, please don't store passwords in plain text - that is another security risk. Learn about [password hashing](https://www.php.net/manual/en/faq.passwords.php) instead. See also [How to use PHP's password_hash to hash and verify passwords](https://stackoverflow.com/questions/30279321/how-to-use-phps-password-hash-to-hash-and-verify-passwords) – ADyson Aug 22 '23 at 09:44
  • Please bring your error handling into the 21st century. Add `mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);` before your `mysqli_connect()` (or `new mysqli()`) command, and this will ensure that errors with your SQL queries are reported correctly to PHP automatically. That way you don't need to clutter your script with repetitive code to keep checking errors after every mysqli command. And you should never be echoing error data deliberately - it can easily reveal sensitive info to attackers by accident. – ADyson Aug 22 '23 at 09:44
  • Summary: I have no idea why anyone thinks writing a login system is a suitable topic for an inexperienced or beginner programmer. There are so many ways to get it badly wrong (many of which are demonstrated in this code), and given what the functionality is, it's very important not to get _any_ of it wrong. If you need such a feature in your application, use an existing well-known framework or plugin. Then, focus your energies on learning PHP properly and adding some genuine value to your application with a novel feature, not something you can easily re-use a (reliable, well-made) product for. – ADyson Aug 22 '23 at 09:44
  • (Even if you never plan to use this code in a real application, it's still a bad idea to learn wrong techniques and insecure code structures. Throw this all in the bin and find something more productive to learn from.) – ADyson Aug 22 '23 at 09:46
  • After I change $mysqli to $conn (same as my koneksi.php) now has a new Fatal Error. Fatal error: Uncaught Error: mysqli object is already closed in C:\xampp\htdocs\syslaporan\auth\auth.php:10 Stack trace: #0 C:\xampp\htdocs\syslaporan\auth\auth.php(10): mysqli_query(Object(mysqli), 'SELECT * FROM t...') #1 {main} thrown in C:\xampp\htdocs\syslaporan\auth\auth.php on line 10 – Aziz maulana Rosyid Aug 22 '23 at 09:47
  • Ok so...the connection is already closed. What do you think that means? Obviously you cannot query the database when there is not an open connection to the database. So look for places in your code where you have closed the connection. Then ask yourself, why did you close it there? – ADyson Aug 22 '23 at 10:09
  • You have closed the connection and expecting to execute the query using the same connection - which won't work. – Mohammed Jhosawa Aug 22 '23 at 10:26
  • 1
    It looks like you are using some really bad tutorial. I highly encourage you to find something better. If you are only starting to learn PHP then you should learn PDO instead of mysqli. PDO is much easier and more suitable for beginners. Start here https://phpdelusions.net/pdo & https://websitebeaver.com/php-pdo-prepared-statements-to-prevent-sql-injection. Here are some good video tutorials https://youtu.be/2eebptXfEvw & https://www.youtube.com/watch?v=sVbEyFZKgqk&list=PLr3d3QYzkw2xabQRUpcZ_IBk9W50M9pe- – Dharman Aug 22 '23 at 10:33

0 Answers0