i had the problem when i want to check my valid key on my database and showing this error
Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in C:\xampp\htdocs\ravaaa\indexx.php on line 20
the db is login, tables is users (5) id,name,key,login
this the code
$error='';
$key="123";
$con = mysqli_connect("localhost","root","","login");
if (mysqli_connect_error())
{
echo "Failed to connect to MySQL: " . mysql_connect_error();
}
echo "sukses\n\n";
$query = mysqli_query($con, "SELECT * FROM users WHERE key='$key'");
$rows = mysqli_num_rows($query);
if($rows == 1){
echo "key is valid";
}
else
{
$error = "key is Invalid";
echo $error;
}
mysqli_close($con);
Are you sure your table have an column named "key"? Key is a reserved MySQL Keyword, and when i tried to create a table with this column to test i got an error, and after change the name "key" to another name (on the table and on the .php) i got no errors, just the message "key is Invalid".
Try to change the column name "key" and change on the php too, and check if you still get errors.
The column name key is a reserved word and therefore must be escaped using backticks:
select * from users WHERE `key` = '$key'
Without the escape, the query will fail and return FALSE per the mysqli_query docs:
Returns FALSE on failure. For successful SELECT, SHOW, DESCRIBE or
EXPLAIN queries mysqli_query() will return a mysqli_result object. For
other successful queries mysqli_query() will return TRUE.
You can exit early with an error using the or die pattern:
mysqli_query($con, "SELECT * FROM users WHERE `key` = '$key'")
or die(mysqli_error($con));
Related
I'm just a newbie in PHP and I need to create a php Login form but It have a syntax error saying Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in C:\xampp\htdocs\login.php on line 18
maybe you can help me on this tnx!
<?php
$con=mysqli_connect("localhost","root","","reservation");
if (mysqli_connect_errno())
{
echo "Failed to connect to Database: " . mysqli_connect_error();
}
else
{
}
if ($_POST["SUBMIT"]="SUBMIT")
{
$username = $_POST['username'];
$password =$_POST['password'];
$sql ="SELECT * FROM usersaccount where='$username' and password ='$password'";
$result=mysqli_query($con,$sql);
$count=mysqli_num_rows($result);
if($count==1)
{
echo "success";
}
//mysqli_close($con);
}
?>
Your SELECT statement is wrong ... should be
SELECT * FROM `usersaccount` WHERE `username` ='$username' and `password` ='$password'";
---------- // Here.. Added the column name
You are not providing the column name for username field. That was your issue. Since you are matching results with condition you need a WHERE clause too !
Disclaimer : Stop using mysql_* functions as they are deprecated. Switch to MySQLi or PDO instead.
It means your query (i.e., $sql) is broken. You are comparing a table to a string, when you should be using a WHERE clause. Also, password is a reserved word; escape it, like this:
$sql ="SELECT * FROM usersaccount WHERE `username` ='$username' and `password` ='$password'";
Also, you are wide open to SQL injection; you need prepared statements.
According to documentation you have to do this:
$con=mysqli_connect("localhost","root","","reservation");
//...
$query = "SELECT * FROM usersaccount ='$username' and password ='$password'";
if ($stmt = mysqli_prepare($con, $query)) {
mysqli_stmt_execute($stmt);/* execute query */
mysqli_stmt_store_result($stmt);/* store result */
printf("Number of rows: %d.\n", mysqli_stmt_num_rows($stmt));
mysqli_stmt_close($stmt);/* close statement */
}
Since the error message is reporting that its first parameter is a boolean, you should take a closer look at that first parameter.
$result=mysqli_query($con,$sql);
Read the documentation : If it works, mysqli_query() returns a mysqli_result() or FALSE (a boolean) if it doesn't work. So, your query didn't work and it returned a boolean.
You should probably check the outcome of executing your query and, if it fails, you should show the error message generated:
if ( $result = mysqli_query($con, $sql) === FALSE ) {
printf("Invalid query: %s\nWhole query: %s\n", mysqli_error, $sql);
exit();
}
I'm creating a few lines to check if a user exist within the database. To do this, I was going to just find the username in the DB and if there IS a user with that name in the database use num_rows to make it show that their is a user with that name.
The error is:
Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result,
boolean given in /home/bluef/public_html/SMNS/register.php on line 36
Code:
$usernamef = mysqli_query($link, "SELECT * FROM Users
WHERE Username =".$Username."");
$usernamefound = mysqli_num_rows($usernamef);
if($usernamefound != 0){
echo "Username in use, try another username?";
}
Always have this line before mysqli_connect
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
Always format your queries correctly.
Always use prepared statements when you need to insert a variable into query.
Always check out the "Related questions" section on the page (Or suggested questions while writing your own).
Try this with your query
$usernamef = mysqli_query($link, "SELECT * FROM Users
WHERE Username =".$Username."") or die(mysqli_error());
to see the error. Also you can try this
$usernamef = mysqli_query($link, "SELECT COUNT(*) AS myCount FROM Users
WHERE Username =".$Username."") or die(mysqli_error());
$row = mysqli_fetch_array($usernamef)
if( $row['myCount '] > 0 )
{
echo "Username in use, try another username?";
}
Check this link http://www.w3schools.com/php/func_mysqli_error.asp
Also you can try with mysql_query and mysql_num_rows() and not with mysqli_query()
I have created a registration program which insert username password into mysql database. I am now trying to check the username exixts or not. I wrote the following program. its not working. it showing "mysql_num_rows() expects parameter 1 to be resource."
I really need your expert suggestion
registration.php
<?php
require 'jcon.php';
if(isset($_POST["username"], $_POST["firstname"],$_POST["password"])){
$username=$_POST["username"];
$firstname=$_POST["firstname"];
$password=$_POST["password"];
}
$query = mysql_query("SELECT * FROM member WHERE username='$username'");
if(mysql_num_rows($query) != 0)
{
echo "Username already exists";
}
else{
$sql="INSERT INTO member (username, firstname, password)
VALUES ('$username', '$firstname','$password')";}
if(!mysqli_query($con,$sql)){
die('Error: ' . mysqli_error($con));
}
echo "Dear {$firstname} ! you have been successfully registered. "
?>
it showing "mysql_num_rows() expects parameter 1 to be resource
This is the typical case where mysql_query returns false upon failure therefore triggering the infamous:
mysql_num_rows() expects parameter 1 to be resource
This can be caused by multiple factors. Try running the query in phpMyAdmin or directly to the database and see the error or fetch the last mysql error via mysql_error.
It's good practice to always check if the returned value of mysql_query is false or if the mysql_error string is not empty:
if ($result and empty(mysql_error()))
// everything ok
Note: Never ever mix mysql_ and mysqli_ functions. If you have to choose I'd go with mysqli since mysql_* functions are considered deprecated.
You can use this query:
SELECT COUNT(*) as cnt FROM member WHERE username = '$username'`.
If he's not registered, cnt column will return 0.
Therefore, you can avoid the needed parameter as it is possible for mysql_query to return FALSE if the query doesn't reproduce result and it's not possible for mysql_fetch and friends to make it as parameter.
I want to check my database to see if any user has a confirmcode identical to one a registering user enters on their registration form. However I keep getting the error:
"Warning: mysql_result() expects parameter 1 to be resource, boolean given in /home/elight5/public_html/test/student_register.php on line 15"
From what I can make out, that means there is an undefined variable but I know the values in the db are named appropriately.....Is there something wrong with my syntax? I have been using the same syntax across the site with no issues....
Any suggestions or errors about/in my code?
function confirmcode_exists($confirmcode){
$confirmcode = sanitize($confirmcode);
return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `confirmcode` = '$confirmcode'"), 0) == 1) ? true : false;
}
The error for mysql_result() is stating that your MySQL query is failing.
Your actual SQL query does not look syntatically incorrect, which most likely means that either the table, or a column, is mispelled, or your connection doesn't have access to that table, or possibly that the connection is invalid altogether.
Try updating your code to the following; this should show you what your actual error is:
$result = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `confirmcode` = '$confirmcode'");
if (!$result) {
// query error
die('Error: ' . mysql_error());
}
return (mysql_result($result, 0) == 1);
I have a PHP login script. This is the part where the person can create a new user. My issue is I want to check if the user exists, and if the username does not exist the the table, than create the new user. However, if the user does exist, I want it to return an error in a session variable. Here is the code I have right now. This doesn't include my DB connections, but I know they do work. Its num_rows() that is being written as an error in the error_log file. Here is the code:
$username = mysql_real_escape_string($username);
$query = "SELECT * FROM users WHERE username = '$username';";
$result = mysql_query($query,$conn);
if(mysql_num_rows($result)>0) //user exists
{
header('Location: index.php');
$_SESSION['reg_error']='User already exists';
die();
}
else
{
$query = "INSERT INTO users ( username, password, salt )
VALUES ( '$username' , '$hash' , '$salt' );";
mysql_query($query);
mysql_close();
header('Location: index.php');
The error it is giving me is
mysql_num_rows(): supplied argument is not a valid MySQL result resource in [dirctory name]
mysql_num_rows()
Retrieves the number of rows from a result set. This command is only valid for statements like SELECT or SHOW that return an actual result set. To retrieve the number of rows affected by a INSERT, UPDATE, REPLACE or DELETE query, use mysql_affected_rows().
Instead of doing SELECT * and then mysql_num_rows(), you can do a SELECT COUNT(*) and then retrieve the number of rows, by fetching the field (that should be 0 or 1). SELECT COUNT will always return a result (provided that the query syntax is correct of course).
Also, change the query:
$query = "SELECT * FROM users WHERE username = '$username';";
into
$query = "SELECT * FROM users WHERE username = '"
. mysql_real_escape_string($username) . "';";
Just out of curiosity, have you ever heard of upserts? I.E., "insert on duplicate key". They'd be useful to you in this situation, at least if your username column is a unique key.
http://dev.mysql.com/doc/refman/5.0/en/insert-on-duplicate.html
$username = mysql_real_escape_string($username);
i think you have to replace the above to
$username = mysql_real_escape_string($_POST[$username]);