2

I want to run a select statement in database, and if the result is 0, than outputs something. The problem is that when I try to run the following code it closes the connection to the page with "the page isn't working". I use the following part of code inside a php file. Where I am wrong, or what can I do to fix this?

//if input != with $password in database, output wrong password
$sql="SELECT `key` FROM `invitation_keys` WHERE id = '$password'";
$res=mysqli_query($db,$sql);
if (mysqli_num_rows($res) = 0) {

echo "Wrong password";

} else { 
echo "alright";
}
nerek
  • 33
  • 2
  • **WARNING**: When using `mysqli` you should be using [parameterized queries](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add any data to your query. **DO NOT** use string interpolation or concatenation to accomplish this because you have created a severe [SQL injection bug](http://bobby-tables.com/). **NEVER** put `$_POST`, `$_GET` or data *of any kind* directly into a query, it can be very harmful if someone seeks to exploit your mistake. – tadman Mar 20 '19 at 20:43
  • Note: The object-oriented interface to `mysqli` is significantly less verbose, making code easier to read and audit, and is not easily confused with the obsolete `mysql_query` interface. Before you get too invested in the procedural style it’s worth switching over. Example: `$db = new mysqli(…)` and `$db->prepare("…")` The procedural interface is an artifact from the PHP 4 era when `mysqli` API was introduced and ideally should not be used in new code. – tadman Mar 20 '19 at 20:43

1 Answers1

0
if (mysqli_num_rows($res) = 0)

One equal sign sets it to = 0, you need == to compare.

likwidfire2k
  • 195
  • 1
  • 11