Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, boolean

Question

Attempting to create a 'Change Password' page for my website, I keep being confronted with these two errors and I can't seem to understand why they are appearing;

Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, boolean given in /home/ll12rth/public_html/COMM2735/database/password.php on line 51 Warning: mysqli_free_result() expects parameter 1 to be mysqli_result, boolean given in /home/ll12rth/public_html/COMM2735/database/password.php on line 139

<?php
session_start();
$db_hostname = 'localhost';

    $db_database = "****"; //replace with your db name
    $db_username = "****"; //replace with the db username that you created
    $db_password = "****"; //replace with the db password that you created
    $db_status   = 'not initialised';   
    $db_server   = mysqli_connect($db_hostname, $db_username, $db_password);
    $db_status   = "connected";

    if (!$db_server) {
        die("Unable to connect to MySQL: " . mysqli_connect_error());
        $db_status = "not connected";
    } else 

require_once('checklog.php');
require_once("functions.php");



// Grab the form data

$username = trim($_POST['username']);
$password = trim($_POST['password']);
$newpassword = trim($_POST['newpassword']);
$repeatpassword = trim($_POST['repeatpassword']);

if (isset($_POST['submit'])) {
    if ($username && $password) {
        $username = clean_string($db_server, $username);
        $password = clean_string($db_server, $password);
        $query = "SELECT * FROM users WHERE username='$username'";

        $result = mysqli_query($db_server, $query);

        if ($row = mysqli_fetch_array($result)) {
            $db_username = $row['username'];
            $db_password = $row['password'];

            if ($username == $db_username && salt($password) == $db_password) {
                $_SESSION['username'] = $username;
                $_SESSION['logged'] = "logged";

                // header('Location: home.php');
                // PASSWORD CHANGING IS DONE HERE
                if ($newpassword == $repeatpassword) {
                    //From register
                    if (strlen($newpassword) > 25 || strlen($newpassword) < 6) {
                        $message = "Password must be 6-25 characters long";
                    } else {
                        //part 8
                        // Process details here

                        //include file to do db connect

                        if ($db_server) {
                            //clean the input now that we have a db connection

                            $newpassword    = clean_string($db_server, $newpassword);
                            $repeatpassword = clean_string($db_server, $repeatpassword);
                            mysqli_select_db($db_server, $db_database);

                            // check whether username exists

                            $query = "SELECT password FROM users WHERE password='$newpassword'";

                           $result=mysqli_query($db_server, $query);

                            if ($row = mysqli_fetch_array($result)){
                                $message = "This is your current password. Please try again.";
                            } else {
                                //part 9
                                // Process further here
                                $newpassword = salt($newpassword);

                                $query = "INSERT INTO users (password) VALUES 

                                        ('$password')";

                                mysqli_query($db_server, $query) or die("Insert failed. " . mysqli_error($db_server));
                                $message = "<h1>Your password has been changed!</h1>";
                            }

                            mysqli_free_result($result);

                        } else {

                            $message = "Error: could not connect to the database.";

                        }

                        require_once("php/db_close.php"); //include file to do db close
                    }
                }
                //This code appears if passwords dont match 
                else {
                    $message = "<h1>Your new passwords do not match! Try again.</h1>";
                }

            } else {
                $message = "<h1>Incorrect password!</h1>";
            }
        } else {
            $message = "<h1>That user does not exist!</h1>" . "Please <a href='password.php'>try again</a>";
        }
        mysqli_free_result($result);

      //Close connection!
mysqli_close($db_server);

    } else {

        $message = "<h1>Please enter a valid username/password</h1>";

    }
}
?>
<!doctype html>
<html>
<head>
<meta charset="UTF-8">
<title>Techothing password</title>

<div class="aboutcontainer">    
<h1>What do you want to change your password to <?php
echo $_SESSION['username'];
?>?</h1>

<form action='password.php' method='POST'>

Current Username: <input type='text' name='username'><br />

Current Password: <input type='password' name='password'><br />

New Password: <input type='password' name='newpassword'><br />

Repeat New Password: <input type='password' name='repeatpassword'><br />

<input type='submit' name='submit' value='Confirm'>

<input name='reset' type='reset' value='Reset'> 

</form>

<?php
echo $message
?>
<br  />

</div>
</div>

</div>

</div>    

</body>
</html>
</body>
</html>

Answer 1

This line

        $result = mysqli_query($db_server, $query);

returns either a result object, or, if the query fails for some reason, returns false.

Most people developing this kind of code, especially when we're new to it, check these errors. You could do that roughly like this.

       if ( false === $result ) {
               printf("Errormessage: %s\n", msqli_error($db_server));
       }