mysqli num rows issues

Question

This is the warning Im getting:

Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in /home/snissa4/public_html/test.php on line 10

<?php
if(isset($_POST['user']))
{
    //variable declaration 
    $user = $_POST['user'];
    $pass = $_POST['pass'];
    //connect to data base 
    $con=mysqli_connect("engr-cpanel-mysql.engr.illinois.edu","socialdrinkers_b","testing123","socialdrinkers_db");

    if (mysqli_num_rows(mysqli_query($con, "Select * from Drinkers where userID = '$user' AND password = '$pass'")))
    { // correct info
        $result = mysqli_query("SELECT * FROM Drinkers where userID = '$user' AND password = '$pass'");
        while($row = mysqli_fetch_array($result));
        {//cookie implementation
            $expire = time() + 60*60*24; //1 day
            setcookie('idNum', $row['idNum'], $expire); 
            echo "Logged in as <b>".$row['userID']."</b>";
        }
    } 
    else 
    { // wrong info 
        echo "<b>wrong id or pass</b>"; 
    }
}


echo "<form method = 'post'> 
Username: <input type = 'text' name = 'user'>
Password: <input type = 'password' name = 'pass'>
<input type = 'submit' value = 'LOG IN'> 
</form>";

 ?>

I am not sure why I am getting this warning, and when i try to login with the username and password i made in my database, it just keeps redirecting me to this page instead of giving the success message. I cannot find out why.

Thank you for your help, struggling with my cs411 (databases) class lol

This code is awful in so many aspects that I can't help but advise you to hire a professional to do the job. Or, if you are learning somewhere - abandon the class. They will teach you no good — Your Common Sense, Nov 21 '13 at 05:53

elixenide · Answer 1 · 2013-11-21T05:44:58.917

mysqli_query() is returning false. Try echo mysqli_error($con); -- that will tell you why mysqli_query() is failing.

As others have pointed out, your code is very vulnerable to SQL injections. You should use prepared statements to fix that.

And as @viakondratiuk pointed out, you should rewrite your code. Right now, you execute your SELECT query twice. This just bogs down your script and will make it much harder to maintain.

score 0 · Answer 2 · edited May 23 '17 at 11:56

0

You should do it this way:

$result = mysqli_query($con, "Select * from Drinkers where userID = '$user' AND password = '$pass'");
$row_cnt = mysqli_num_rows($result);

And of course don't forget about sql injections.

You can read this topic to avoid them.

edited May 23 '17 at 11:56

Community

1
1

answered Nov 21 '13 at 05:39

Viacheslav Kondratiuk

8,493
9
49
81

Krish R · Accepted Answer · 2013-11-21T06:07:16.643

Can you try this,

  $result = mysqli_query("SELECT * FROM Drinkers where userID = '".mysqli_real_escape_string($user)."' AND password = '".mysqli_real_escape_string($pass)."'") or die("Error " . mysqli_error($con));

    if (mysqli_num_rows($result) >0)
    { // correct info
        while($row = mysqli_fetch_array($result));
        {//cookie implementation
            $expire = time() + 60*60*24; //1 day
            setcookie('idNum', $row['idNum'], $expire);
            echo "Logged in as <b>".$row['userID']."</b>";
        }
    }else{ // wrong info
        echo "<b>wrong id or pass</b>";
    }

mysqli num rows issues

3 Answers3