0

I have users who add rows into db. Right above their picture I show the count of the rows they added. Pretty simple and it works fine. The problem is that I also get error which doesn't make sense:

mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in... 

while($row = mysqli_fetch_array($query, MYSQLI_ASSOC)){ 
    $result = mysqli_query($con,"SELECT * FROM my_table WHERE user_ids = ".
        $row['user_id']."");
    $reput = mysqli_num_rows($result);
}

$query works fine too, any idea how to satisfy the error?

alexander.polomodov
  • 5,396
  • 14
  • 39
  • 46
JoshuaNa
  • 23
  • 6
  • Try a single quote? `WHERE user_ids = '".$row['user_id']."'"` – Zak Mar 10 '16 at 21:24
  • perfect, thanks. That worked. I thought since user id is integer it should be ok – JoshuaNa Mar 10 '16 at 21:25
  • Technically not a duplicate since the question was about a specific error .. Not about "when" to use ticks etc .. Although the question would be informative to the user no doubt .. It's not a duplicate of his question ... – Zak Mar 10 '16 at 21:32
  • ok, got it. Not sure why I missed this one since I have coded similar things before and always used single quotes. It's prolly I'm getting old... – JoshuaNa Mar 10 '16 at 21:39

1 Answers1

1

You should use single quotes when calling something that isn't a boolean

WHERE user_ids = '".$row['user_id']."'"

Zak
  • 6,976
  • 2
  • 26
  • 48
  • I thought since user_id is number/integer, it wouldn't need quotes but I guess it needs it. – JoshuaNa Mar 10 '16 at 21:28
  • 2
    @JoshuaNa: Ideally you should always quote variables in a SQL string. Technically if its an integer, you don't need to, but you clearly haven't validated it perfectly as an integer. Quoting and escaping your variables even when you think they're safe will give you extra peace of mind of knowing that it's that much harder to hack you. Even better would be to use Parameterised Statements instead of building the string manually. – Spudley Mar 10 '16 at 22:04