-2

I have the following piece of code:

$query = "SELECT * FROM delegations where EMail='". $_REQUEST["user"] ."' AND Password = '". Encrypt($_REQUEST["pass"]) ."' ";
$results = mysqli_query($con, $query);

if(mysqli_num_rows($results) > 0) {

    while($row = mysqli_fetch_array($results)) {

        $_SESSION["login"] = $row["ID"];
        echo "Welcome <b>" . $row["FirstName"] . "</b>! You have logged in succesfully! <a href=\"index.php\">Click here</a> to continue!";

    }

Which runs fine when I run it on my localhost xampp. However, when I upload it to my web-server I get the following error code:

Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result,
boolean given in *path*/login.php on line 28

Any suggestions?

Athanasios Emmanouilidis
  • 2,084
  • 3
  • 18
  • 30
MrD
  • 4,986
  • 11
  • 48
  • 90
  • Using `mysqli` itself does not prevent sql injection. Start using prepared statements. – Leri Jul 25 '13 at 12:48
  • Also I have high hopes function `Encrypt` is intended to hash passwords not to encrypt them. – Leri Jul 25 '13 at 12:52
  • Suggestion for now and forever - if you have a boolean function, do check what result you get back. You didn't check whether query succeeds. I really don't know why people don't check functions for their return values, it'd probably reduce 50% of questions on SO and save me downvotes (in case you're wondering why you got a downvote here - it's because you didn't google nor read php documentation). – N.B. Jul 25 '13 at 14:46

2 Answers2

0
$results = mysqli_query($con, $query) or die(mysqli_error( $con ));

I think $results should be false; Using mysqli_error you can track this.

otherwise check

var_dump($results);
som
  • 4,650
  • 2
  • 21
  • 36
-1

Your mysqli_query is failing, please add a error handler to display the error.

$results = mysqli_query($con, $query) or die(mysqli_error($con));
DevZer0
  • 13,433
  • 7
  • 27
  • 51
  • Ok, turns out the privileges of the MySQL user hadn't been setup properly. Thanks! – MrD Jul 25 '13 at 12:52