mysqli_num_rows Function

Question

I'm stucked... hope for some help.

I have problem with this situation. I've been following a tutorial to add in a search feature for my website, but I've been getting the following error:

Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in C:\xampp\htdocs\registracija\index.php on line 48

Here is my code:

if ($password_form==$repassword_form) {

    $user=mysqli_query(
         $con,
         "SELECT * FROM users,
          WHERE username=username_form
          OR email=email_form
      ");
    $counter=mysqli_num_rows($user);
    if ($counter==0) {

      if (move_uploaded_file($temporary_name, $path)) {
            echo "YES!<br />";
          }       
          else   {
            echo "NO!<br />";
    }       
  } 
  else   {
        echo "ERROR!<br />Some Message!<br />";
   }

 }   
 else   { echo "ERROR!<br />Some Message!<br />";
 }
}
else { 
?>

Answer 1

There is an error in your query, change this:

"SELECT * FROM users,
      WHERE username=username_form
      OR email=email_form
  "

to this to remove the comma:

"SELECT * FROM users
      WHERE username=username_form
      OR email=email_form
  "

In addition, username_form and email_form seem to likely be strings, so your final query probably should look like this:

"SELECT * FROM users
      WHERE username = '$username_form'
      OR email = '$email_form'
  "

Your query is failing, and then you're trying to execute an operation mysqli_num_rows(), on this.

You should strongly consider a prepared statement to avoid SQL injection:

$stmt = $db->prepare("SELECT * FROM table WHERE username=:un AND email=:em");
$stmt->execute(array(':un' => $username_form, ':em' => $email_form));
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);

Read more about SQL injection from this excellent article here.