MYSQLI_NUM_ROWS THROWS SERVER ERROR

Question

Can someone please explain to me why I keep getting the following error when I use the mysqli_num_rows() function?

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator to inform of the time the error occurred and of anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

Here is my php script:

   <?php

    //stores user input as variable
    $username = $_POST['username'];
    $password = $_POST['password'];

    //selects from users table
    $sql = "SELECT * FROM Members WHERE username='$username' and password='$password'";
    $results = mysqli_query($con,$sql);

    $count = mysqli_num_rows($results);
    /*//starts session and sets cookie if count is true
    if($count>=1)
    {
        session_start();
        $_SESSION['username'] = ' ';
        $_SESSION['password'] = ' ';

        header("location: index.html"); 
    }
    //returns message if user input does not match database
    else
    {
        echo "Invalid username or password";
    }*/
    ?>

I get this error at the mysqli_num_rows() function everything before it works fine. I am using Plesk on a Godaddy server by the way.

Answer 1

1. You need to learn how to read php and mysqli errors
2. You need to learn how to use mysqli properly
3. You don't heed this function at all

How to get mysqli error in different environments? for the first
and How can I prevent SQL injection in PHP? for the second
just fetch your data and use it as a flag for the last

Answer 2

As far as I can see there is no function as mysqli_num_rows().

Answer 3

Is the $con variable declared elsewhere? I don't see it being declared. Also, you are subject to injection attacks with this current code. Make sure you escape your parameters before using this publicly.