Found a vulnerability

[bacskaicsaba91]

patient/schedule.php

include("../connection.php");
$sqlmain= "select * from patient where pemail=?";
$stmt = $database->prepare($sqlmain);
$stmt->bind_param("s",$useremail);
$stmt->execute();
$result = $stmt->get_result();
$userfetch=$userrow->fetch_assoc();
$userid= $userfetch["pid"];
$username=$userfetch["pname"];`

Error: Warning: Undefined variable $userrow in /Applications/MAMP/htdocs/edoc/patient/schedule.php on line 47

Fatal error: Uncaught Error: Call to a member function fetch_assoc() on null in patient/schedule.php:47 Stack trace: #0 {main} patient/schedule.php on line 47

[xkiptoo]

Code in that "patient/schedule.php" has been commented out, have you managed to get it to run?