"Notice: Undefined property: stdClass::$id" in php

Question

I am getting Notice: Undefined property: stdClass::$id in the lines $uid = $data->id; and $uname = $data->username; of the following function:

public function userlogin()
{
    $sql = 'select id, username from login_user where email="'.$this->email.'"and password="'.$this->password.'"';
    $result = mysqli_query($this->cn,$sql);
    $numrows = mysqli_num_rows($result);
    if($numrows == 1)
    {
        $data = mysqli_fetch_field($result);
        $uid = $data->id;
        $uname = $data->username;

        $_SESSION['login'] = 1;
        $_SESSION['uid'] = $uid;
        $_SESSION['uname'] = $uname;
        $_SESSION['login_msg'] = 'Login Successfully...';

    }

}

mysqli_fetch_field returns the field definition info and not the data. — steven, Jun 03 '16 at 18:33
You should be using `mysqli_fetch_object`, not `mysqli_fetch_field`. — Barmar, Jun 03 '16 at 18:36
Please learn about [SQL injection](http://stackoverflow.com/questions/601300/what-is-sql-injection) and consider what your code will do if someone sets their password to ";drop database;" — rrauenza, Jun 03 '16 at 18:36
`echo '
'.print_r($data, true).'
';` works miracles for tracking down array/object issues. `var_dump($data);` if formatting does not concern you. — MonkeyZeus, Jun 03 '16 at 18:36
@rrauenza Nothing, since `mysqli_query` will not execute multiple queries. Please stop quoting little Bobby Tables. — Barmar, Jun 03 '16 at 18:36
you may want to use mysqli_fetch_object instead to get your query result as object. please read the manual. — steven, Jun 03 '16 at 18:37
@Barmar Ok, it doesn't do multiple statements -- but one could still malform the SQL to do something the coder didn't intend: http://stackoverflow.com/questions/14323078/mysql-injection-query — rrauenza, Jun 03 '16 at 18:38
@rrauenza Yes, that's true. I'm not saying ignore SQL injection, I just hate that example that everyone quotes. It's makes a nice XKCD cartoon, but we should strive for truth here. — Barmar, Jun 03 '16 at 18:39
**Never store plain text passwords!** Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). Make sure that you [don't escape passwords](http://stackoverflow.com/q/36628418/1011527) or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. — Jay Blanchard, Jun 03 '16 at 18:40
@barmar Agreed. It's the simplest most destructive example I could think of, and wasn't aware mysqli restricted to a single query. I'll refrain from using that as my example. — rrauenza, Jun 03 '16 at 18:41

Jeff Puckett · Accepted Answer · 2016-06-03T18:44:57.610

The reason you are getting

Notice: Undefined property: stdClass::$id

is because mysqli_fetch_field doesn't return an object with an id property. It is used to fetch meta information about the column. You can see the full list of properties on their document page.

You probably want to be using mysqli_fetch_object

public function userlogin()
{
    $sql = 'select id, username from login_user where email="'.$this->email.'"and password="'.$this->password.'"';
    $result = mysqli_query($this->cn,$sql);
    $numrows = mysqli_num_rows($result);
    if($numrows == 1)
    {

        /* fetch object array */
        while ($data = mysqli_fetch_object($result)) {
          $uid = $data->id;
          $uname = $data->username;
        }

        /* free result set */
        mysqli_free_result($result);

        $_SESSION['login'] = 1;
        $_SESSION['uid'] = $uid;
        $_SESSION['uname'] = $uname;
        $_SESSION['login_msg'] = 'Login Successfully...';

    }

}

"Notice: Undefined property: stdClass::$id" in php

1 Answers1