-4

The below code does not echo anything, but there should be a match with usernames.

$connect= mysqli_connect('localhost','root','');
$user = "SELECT COUNT (*) FROM user_details WHERE user_name=$username";
$res = $connect->query($user);
echo $res;

How can I fix this?

Chris Forrence
  • 10,042
  • 11
  • 48
  • 64
Siddhardha Kancharla
  • 13
  • 5

3 Answers3

1
$mysqli = new mysqli('localhost', 'root', 'password', 'database');

if (mysqli_connect_errno()) {
    printf("Connect failed: %s\n", mysqli_connect_error());
    exit();
}

$query = "SELECT COUNT * user_details WHERE user_name=?";

$stmt = $mysqli->stmt_init();

if(!$stmt->prepare($query)){
    print "Failed to prepare statement\n";
}else{

    $stmt->bind_param("s", $username);

    $stmt->execute();
    $result = $stmt->get_result();
    var_dump($result);
}

$stmt->close();

$mysqli->close();

Don't forget to select database. Code hasn't been tested yet. Data binding was used you can find more about it here: Mysql injection

Community
  • 1
  • 1
VeeeneX
  • 1,556
  • 18
  • 26
  • 4
    Ohhh lordie.... wait for it. Why don't you point out the REAL errors? Rather than suggesting to guard against injection. This doesn't address the problem at all. – Funk Forty Niner Feb 06 '15 at 19:35
  • @Fred-ii- Fixed. What else should I add? – VeeeneX Feb 06 '15 at 19:42
  • Look at the comments under OP's question. There are quite a few things wrong with it. I for one, didn't want to touch the Q. – Funk Forty Niner Feb 06 '15 at 19:43
  • It appears that the main difference between your answer, @VeeeneX, and the asker's is the "or die' at the end. While it's definitely a good idea to have that, it wouldn't necessarily solve the problem – Chris Forrence Feb 06 '15 at 19:46
1

Your $res ends up as boolean(you have some errors in query), that means you have to use var_dump($res); instead of echo.

Keo
  • 1,143
  • 8
  • 19
  • According to [the PHP doc](http://php.net/manual/en/mysqli.query.php): For successful SELECT, SHOW, DESCRIBE or EXPLAIN queries mysqli\_query() will return a mysqli\_result object – Chris Forrence Feb 06 '15 at 19:40
  • @TheBlueDog And here I was looking for "ducks". "Foalies" ;-) – Funk Forty Niner Feb 06 '15 at 19:42
  • It will return false on failure, thats why he dont see anything.@TheBlueDog It looks like i am the only not drunk here. – Keo Feb 06 '15 at 19:44
  • @Keo That is entirely correct (and useful for debugging), but if the query were successful, the return object wouldn't be true in this case; it'd be an object. – Chris Forrence Feb 06 '15 at 19:51
  • @ChrisForrence Yes, my answer answers only the first half of his question(The below code does not echo anything). The second part is answered in answers around or in comments. – Keo Feb 06 '15 at 19:56
  • 1
    @Keo I'd of put an answer in myself, but I fear that it would probably and most likely open up a big can of worms, seeing the OP is not responding to anything at all. The OP has obviously not put any research or effort in this, nor do we know if they're on localhost or not; if PHP/SQL/Apache is installed, running and properly configured. Nope, I'm not going there; seen too many questions like this. *Call it experience* ;-) – Funk Forty Niner Feb 06 '15 at 19:59
1

Missing quotes for user_name :

$user = "SELECT COUNT (*) FROM user_details WHERE user_name='$username'";
JC Sama
  • 2,214
  • 1
  • 13
  • 13