-2

I've got problem with checing if a record exists in database. I guess its problem with incorrect using of mysqli_num_rows

<?php

$mysqli = new mysqli("xxxxxx", "xxxxx", "xxxxxx", "xxxxx");

/* check connection */
if ($mysqli->connect_errno) {
    die("Connect failed: %s\n" . $mysqli->connect_error);
}

$stmt = $mysqli->prepare("INSERT INTO TEST_CHARS (CHAR_NAME) VALUES(?)");
$stmt->bind_param('s', $nick);
$nick  = $_POST['nick'];
$query = mysqli_query("SELECT CHAR_NAME FROM TEST_CHARS WHERE CHAR_NAME ='$nick';");
$count = mysqli_num_rows($query);

if ($count > 0)
{
    die('Error, character exist in database');
}
else
{
    $stmt->execute();
    echo "Character $nick was added successfully";
}
$mysqli->close();

?>
Latheesan
  • 23,247
  • 32
  • 107
  • 201
Mioduch
  • 45
  • 1
  • 5
  • 1
    Why first you bind `$nick` and after that you define this variable? Shouldn't it be vice versa? – Jakub Matczak Apr 28 '14 at 11:59
  • My misstake, still doesn't work after changing order. Any idea ? – Mioduch Apr 28 '14 at 12:04
  • What is the actual SQL that is executed with mysql_query() ? (SELECT CHAR_NAME FROM TEST_CHARS WHERE CHAR_NAME ='$nick';) (What's the value of $nick) – bestprogrammerintheworld Apr 28 '14 at 12:04
  • You are vulnerable to SQL injections. – Frederik Spang Apr 28 '14 at 12:08
  • 1
    @Mioduch what exactly is not working now? Any error? Unwanted behaviour? Any details? – Jakub Matczak Apr 28 '14 at 12:10
  • http://stackoverflow.com/questions/22662488/bind-param-between-environment – Your Common Sense Apr 28 '14 at 12:13
  • @dragoste: for the bind_param it is not necessary to define `$nick` before the call, the variable is passed by reference - it only matters that `$nick` is set before the execute call. OP: your use of mysqli_num_rows seems solid - have you checked if `$_POST['nick] is set and if you get a result when you use the SELECT query in a db admin tool (phpmyadmin, heidiSQL...)? – cypherabe Apr 28 '14 at 12:14
  • @bestprogrammerintheworld The value of $nick is String – Mioduch Apr 28 '14 at 12:16
  • If you run that query, with the value you give, in the DB, what do you get then? Doesn't mysqli_query requires 2 parameters??? (the connection and the query??) – Naruto Apr 28 '14 at 12:18
  • @dragoste It should print error when I try to add record which already exist but it just adds next same record – Mioduch Apr 28 '14 at 12:21
  • 1
    You've got a strange mix of procedural style and OO style commands... You define mysqli using OO style, and then call mysqli_num_rows in the procedural way. It probably doesn't matter from a technical point of view, but in terms of legibility it's probably better to use one or the other. Otherwise you end up with confusion... – GarethL Apr 28 '14 at 12:23

1 Answers1

-1

Try with:

$query = mysqli_query($mysqli, "SELECT CHAR_NAME FROM TEST_CHARS WHERE CHAR_NAME ='$nick';");
Naruto
  • 1,210
  • 3
  • 25
  • 28
  • Whoever downvoted this, it's his solution.. So don't downvote his actual solution? – Naruto Apr 28 '14 at 12:42
  • I don't know who downvoted this, but the reason I guess is that $mysql is set inside of the mysql_query function where it shouldn't be. Take a look at the documenation: http://se1.php.net/mysqli_query – bestprogrammerintheworld Apr 28 '14 at 12:44
  • In the link you gave me, they use the same way as I just described here? The $mysqli here is the $link in the examples on your link.. I don't see the difference? Or do I understand you wrong? – Naruto Apr 28 '14 at 12:48
  • @Dieter the solution you gave me is fine. It works now. – Mioduch Apr 28 '14 at 12:50
  • Haha. Sorry my mistake. Checked the docs to quickly. You're correct. I just looked at one of the options :-) – bestprogrammerintheworld Apr 28 '14 at 12:51