Mysqli_query SELECT returns false

Question

I'm currently trying to get a certain user based on student number and password...problem is mysqli_query keeps returning false(?) statement. Though I checked the query via testing it in PHPMyAdmin. Here's my query:

$number = $_POST['number'];
$password = $_POST['password'];

$sql = "SELECT studentNumber FROM student where studentNumber = '$number'" ;
$result = mysqli_query($conn, $sql) or die(mysqli_error());;

if(!$result){
    echo "FAIL";
}
else if($result > 0){
    header("register.html");    
}else{
    $sql = "INSERT INTO 'sampleDB'.'student'('userID', 'studentNumber', 'password') VALUES ('', $number, $password)";
    header("login.html");
}

Here's my connection part of the code:

$conn = new mysqli($servername, $username, $password);

// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

It seems the reason it won't connect was because I did not include a dbname in my connection when I created a mysqli object...After including a dbname it now goes through the insertion part. Though my insertion query seems to not be working at all — user3580218, May 03 '15 at 06:56
Does this answer your question? [mysqli\_fetch\_assoc() expects parameter / Call to a member function bind\_param() errors. How to get the actual mysql error and fix it?](https://stackoverflow.com/questions/22662488/mysqli-fetch-assoc-expects-parameter-call-to-a-member-function-bind-param) — Dharman, Jan 04 '20 at 20:45

Kevin · Accepted Answer · 2015-05-03T07:05:02.380

You should check how many rows the query result did yield thru num_rows, then after that make some insertions if its zero.

Take note that column quotes are actually backticks rather than single quotes:

$number = $_POST['number'];
$password = $_POST['password'];

// checking

$sql = 'SELECT studentNumber FROM student WHERE studentNumber = ?';
$select = $conn->prepare($sql);
$select->bind_param('s', $number);
$select->execute();
// if there is no student number, register
if($select->num_rows > 0) {
    // there is student number found
    header('Location: index.html'); exit;

} else {

    // there is NO student number found
    $sql = 'INSERT INTO sampleDB.student(userID, studentNumber, password) VALUES (NULL, ?, ?)';
    $insert = $conn->prepare($sql);
    $insert->bind_param('ss', $number, $password);
    $insert->execute();

    header('Location: login.html');
}

Sidenote: You connection codes seems to be truncated on the question. Don't forget to add your database name into the connection:

$conn = new mysqli($servername, $username, $password, $database_name);

@user3580218 yes, you should use prepared statements, currently what you have right now is vulnerable to SQL injection. glad this helped — Kevin, May 03 '15 at 07:14

score -1 · Answer 2 · answered May 03 '15 at 06:46

-1

$sql = "SELECT studentNumber FROM student where studentNumber = '$number'" ;

Change to

$sql = "SELECT studentNumber FROM student where studentNumber = '".$number."'" ;

answered May 03 '15 at 06:46

Jakir Hossain

2,457
18
23

score -1 · Answer 3 · answered May 03 '15 at 06:54

-1

Fetch the result first and use it in your condition.

$result2 = mysql_fetch_array($result);

answered May 03 '15 at 06:54

Anonymous Duck

2,942
1
12
35

Mysqli_query SELECT returns false

3 Answers3