This question already has an answer here:
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
Closed 6 years ago.
I'm stucked... hope for some help.
I have problem with this situation. I've been following a tutorial to add in a search feature for my website, but I've been getting the following error:
Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in C:\xampp\htdocs\registracija\index.php on line 48
Here is my code:
if ($password_form==$repassword_form) {
$user=mysqli_query(
$con,
"SELECT * FROM users,
WHERE username=username_form
OR email=email_form
");
$counter=mysqli_num_rows($user);
if ($counter==0) {
if (move_uploaded_file($temporary_name, $path)) {
echo "YES!<br />";
}
else {
echo "NO!<br />";
}
}
else {
echo "ERROR!<br />Some Message!<br />";
}
}
else { echo "ERROR!<br />Some Message!<br />";
}
}
else {
?>
There is an error in your query, change this:
"SELECT * FROM users,
WHERE username=username_form
OR email=email_form
"
to this to remove the comma:
"SELECT * FROM users
WHERE username=username_form
OR email=email_form
"
In addition, username_form and email_form seem to likely be strings, so your final query probably should look like this:
"SELECT * FROM users
WHERE username = '$username_form'
OR email = '$email_form'
"
Your query is failing, and then you're trying to execute an operation mysqli_num_rows(), on this.
You should strongly consider a prepared statement to avoid SQL injection:
$stmt = $db->prepare("SELECT * FROM table WHERE username=:un AND email=:em");
$stmt->execute(array(':un' => $username_form, ':em' => $email_form));
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
Read more about SQL injection from this excellent article here.
Related
This question already has an answer here:
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
Closed 5 years ago.
I am working on the below code. Why am I not able to run the query properly? I already check the database connection and it is fine
<?php
$sql = "SELECT dt, events, eventtype FROM events";
$stmt = $mysqli->prepare($sql);
$stmt->execute();
$stmt->bind_result($dt,$events,$eventtype);
$stmt->store_result();
if($stmt->num_rows >0) {
$stmt->fetch();
}
else {
echo "Cant Find The data!";
}
$stmt->close();
$mysqli->close();
echo $dt;
echo $events;
echo $eventtype;
?>
getting this error
Fatal error : Call to a member function execute() on boolean in
/srv/disk1/2555378/www/domain.net/index.php on line 113
This means that the variable $mysqli contains a boolean value, probably false.
According to the php docs, http://php.net/manual/en/mysqli.prepare.php, the function mysqli::prepare will return false in case of an error.
You should use the error variable to get more information, like here: http://php.net/manual/en/mysqli.error.php
This question already has an answer here:
Correct way to use LIKE '%{$var}%' with prepared statements?
(1 answer)
Closed last month.
Im am trying to build a dynamic prepared statement so that I can reuse the code. I am running into a problem when using %?% in my prepared state as it used LIKE. My code is as follows:
$where = " First_Name LIKE '%?%' ";
$vals = array('Mike');
$type = 's';
$dbd = mysqli_stmt_init($dbconnection);
if (mysqli_stmt_prepare($dbd, "SELECT * FROM Contacts WHERE $where" )) {
mysqli_stmt_bind_param($dbd, $type, ...$vals);
if (!mysqli_stmt_execute($dbd)) {
echo "Execute Error: " . mysqli_error($dbconnection);
} else {
//do nothing
}
} else {
echo "Prep Error: " . mysqli_error($dbconnection);
}
mysqli_stmt_get_result($dbd);
So when I use "First_Name = ?" it works fine so I think my issue is with the '%?%'. I have searched resolutions but couldn't find anything related to my dynamic prepared statement. Thank you for any help.
You need to bind the complete value, not just a portion of it. This means doing:
$where = "First_Name LIKE ?"
And then binding:
$vals = array('%Mike%');
This question already has an answer here:
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
Closed 5 years ago.
I have a mysqli query that wont execute and I would like to display information about why that's happening. Im just fooling around with this example but I imagine something like this:
$myQuery= $mysqli->query("UPDATE table SET id = 1 WHERE id = 3");
if(!$myQuery) //If query couldnt be executed
{
echo $mysqli->error; //Display information about why wasnt executed (eg. Error: couldnt find table)
}
try using
// Perform a query, check for error
if (!mysqli_query($con,"UPDATE table SET id = 1 WHERE id = 3"))
{
echo("Error description: " . mysqli_error($con));
}
mysqli_close($con);
This question already has answers here:
Warning: mysqli_query() expects parameter 1 to be mysqli, null given in
(3 answers)
Closed 6 years ago.
There have been lots of posts about this and crawled them all but can't figure out why im getting this message. I am not good with SQl and this coding so really hope someone can help.
A customer can checkout and order fine but after Sagepay always presented with the above error message. (line 70 in bold below)
$query="SELECT surname, town, county, country, currencyID, goodsTotal, shippingTotal, taxTotal, discountTotal FROM $tableOrdersHeaders WHERE orderID = '$myOrderID' AND randID = '$myRandID' LIMIT 1";
**$result = mysqli_query($query) or die( "Unable to retrieve order details");**
$num_results = mysqli_num_rows($result);
if ($num_results > 0){
// build the array from the results
$ga_order = mysqli_fetch_array($result, MYSQL_ASSOC);
} else {
die( "No matching order found");
Now the DB access file for SQLI code I believe it uses is
function connect($sql_host_name,$sql_username,$sql_password,$sql_database_name) {
$this->currentDatabase = $sql_database_name;
$this->resID = #mysqli_connect($sql_host_name,$sql_username,$sql_password);
if ($this->resID == FALSE) {
$this->lastError = "Could not connect to mySQL server";
return FALSE;
} else {
if (#mysqli_select_db($this->resID, $sql_database_name)) {
return TRUE;
} else {
return #mysqli_query($this->resID,"create database $sql_database_name");
return FALSE;
Really hope someone can help.
If you are using the procedural style of mysqli functions, you mysqli_query needs the connection variable as the first argument, followed by the query string.
It looks like you are just giving it the query string on here: $result = mysqli_query($query) or die( "Unable to retrieve order details");.
You'll want something like: $result = mysqli_query($connection, $query).
Reference: http://php.net/manual/en/mysqli.query.php
This question already has answers here:
mysql_fetch_array()/mysql_fetch_assoc()/mysql_fetch_row()/mysql_num_rows etc... expects parameter 1 to be resource
(31 answers)
Closed 8 years ago.
I am trying to fetch a field value(SecurityQues) on basis of user input(username).
Following is the code:
$substr=substr($usrnm,0,2);
if($substr=="AC")
{
$res="SELECT SecurityQues FROM reg_ac WHERE UserName=$usrnm";
}
else
{
$res="SELECT SecurityQues FROM reg_indi WHERE UserName=$usrnm";
}
$result = mysql_query($res,$db_handle);
$result = mysql_query($res);
while($row = mysql_fetch_assoc($result))
{
echo $row['SecurityQues'];
}
But i am getting the following warning:
Warning: mysql_fetch_assoc() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\my on line 120
That error message is caused by the fact that your query has an error and fails to execute and you have no error checking in place to catch that.
Since username is a string, it needs to be inside quotation marks or else your query will keep on failing like it currently does.
$res="SELECT SecurityQues FROM reg_ac WHERE UserName='$usrnm'";
^ ^
And don't execute your query two times. Although that is not causing your current error but that is just waste of resources and unnecessary .
Even after that fix, your query is so prone to injections it could bring down your mysql server before you can blink your eye.
How can I prevent SQL injection in PHP?
Remove this one
$result = mysql_query($res);
And change this one
if($substr=="AC")
{
$res="SELECT SecurityQues FROM reg_ac WHERE UserName=$usrnm";
}
else
{
$res="SELECT SecurityQues FROM reg_indi WHERE UserName=$usrnm";
}
To this one
if ( $substr == "AC") $res = "SELECT SecurityQues FROM reg_ac WHERE UserName = '{$usrnm}'";
else $res = "SELECT SecurityQues FROM reg_indi WHERE UserName = '{$usrnm}'";
Ignoring the fact that you are prone to SQL injection and that the original Mysql API is deprecated there is an error in your query as pointed out by Hanky Panky. At the line :
$result = mysql_query($res,$db_handle);
The result of the variable $result is initialized to the boolean false which is not a valid argument for mysql_fetch_assoc.
You can get more information on what is happening with something like this :
$result = mysql_query($res,$db_handle) or die ("Error in query: $query. ".mysql_error());
You should really consider using Mysqli and prepared statement to avoid SQL injection and something like this comic strip from happening.
this is not the best way to achieve this, but
If i stick to your code, he is the correction (removing second mysql_query, prone to your error) :
$substr=substr($usrnm,0,2);
if($substr=="AC")
{
$res="SELECT SecurityQues FROM reg_ac WHERE UserName='$usrnm'";
}
else
{
$res="SELECT SecurityQues FROM reg_indi WHERE UserName='$usrnm'";
}
$result = mysql_query($res,$db_handle);
while($row = mysql_fetch_assoc($result))
{
echo $row['SecurityQues'];
}