I'm creating a few lines to check if a user exist within the database. To do this, I was going to just find the username in the DB and if there IS a user with that name in the database use num_rows to make it show that their is a user with that name.
The error is:
Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result,
boolean given in /home/bluef/public_html/SMNS/register.php on line 36
Code:
$usernamef = mysqli_query($link, "SELECT * FROM Users
WHERE Username =".$Username."");
$usernamefound = mysqli_num_rows($usernamef);
if($usernamefound != 0){
echo "Username in use, try another username?";
}
Always have this line before mysqli_connect
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
Always format your queries correctly.
Always use prepared statements when you need to insert a variable into query.
Always check out the "Related questions" section on the page (Or suggested questions while writing your own).
Try this with your query
$usernamef = mysqli_query($link, "SELECT * FROM Users
WHERE Username =".$Username."") or die(mysqli_error());
to see the error. Also you can try this
$usernamef = mysqli_query($link, "SELECT COUNT(*) AS myCount FROM Users
WHERE Username =".$Username."") or die(mysqli_error());
$row = mysqli_fetch_array($usernamef)
if( $row['myCount '] > 0 )
{
echo "Username in use, try another username?";
}
Check this link http://www.w3schools.com/php/func_mysqli_error.asp
Also you can try with mysql_query and mysql_num_rows() and not with mysqli_query()
Related
i had the problem when i want to check my valid key on my database and showing this error
Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in C:\xampp\htdocs\ravaaa\indexx.php on line 20
the db is login, tables is users (5) id,name,key,login
this the code
$error='';
$key="123";
$con = mysqli_connect("localhost","root","","login");
if (mysqli_connect_error())
{
echo "Failed to connect to MySQL: " . mysql_connect_error();
}
echo "sukses\n\n";
$query = mysqli_query($con, "SELECT * FROM users WHERE key='$key'");
$rows = mysqli_num_rows($query);
if($rows == 1){
echo "key is valid";
}
else
{
$error = "key is Invalid";
echo $error;
}
mysqli_close($con);
Are you sure your table have an column named "key"? Key is a reserved MySQL Keyword, and when i tried to create a table with this column to test i got an error, and after change the name "key" to another name (on the table and on the .php) i got no errors, just the message "key is Invalid".
Try to change the column name "key" and change on the php too, and check if you still get errors.
The column name key is a reserved word and therefore must be escaped using backticks:
select * from users WHERE `key` = '$key'
Without the escape, the query will fail and return FALSE per the mysqli_query docs:
Returns FALSE on failure. For successful SELECT, SHOW, DESCRIBE or
EXPLAIN queries mysqli_query() will return a mysqli_result object. For
other successful queries mysqli_query() will return TRUE.
You can exit early with an error using the or die pattern:
mysqli_query($con, "SELECT * FROM users WHERE `key` = '$key'")
or die(mysqli_error($con));
I have the following code in my file.
It reurns nothing but blank.. when I check error log file I see this:
PHP Warning: mysqli_fetch_assoc() expects parameter 1 to be mysqli_result, boolean given in
.
<?php
include "dbfilepath";
$con = mysqli_connect($server, $db_user, $db_pwd, $db_name);
$username = $_SESSION['username'];
$sql = "SELECT FROM users WHERE username='$username'";
$data = mysqli_query($con, $sql);
$row = mysqli_fetch_assoc($data);
?>
why is that?
for me it looks all fine..
and how to secure this simple code from sql injections?
$sql = "SELECT * FROM users WHERE username='$username'";
you forgot to set something to select
to secure it you need to use prepared statements for the variable $username
Posting it as an answer due to less reputation.
Firstly , you have incorrect syntax for query in select because you don't identify which col name you want to select like users_name or etc . if you get all records your just write with '*'
"SELECT * FROM users...";
or other answer by the using of prepared statements IN 'PDO' you save from SQL injection because through prepared statements you query will be with secure param .
I'm just a newbie in PHP and I need to create a php Login form but It have a syntax error saying Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in C:\xampp\htdocs\login.php on line 18
maybe you can help me on this tnx!
<?php
$con=mysqli_connect("localhost","root","","reservation");
if (mysqli_connect_errno())
{
echo "Failed to connect to Database: " . mysqli_connect_error();
}
else
{
}
if ($_POST["SUBMIT"]="SUBMIT")
{
$username = $_POST['username'];
$password =$_POST['password'];
$sql ="SELECT * FROM usersaccount where='$username' and password ='$password'";
$result=mysqli_query($con,$sql);
$count=mysqli_num_rows($result);
if($count==1)
{
echo "success";
}
//mysqli_close($con);
}
?>
Your SELECT statement is wrong ... should be
SELECT * FROM `usersaccount` WHERE `username` ='$username' and `password` ='$password'";
---------- // Here.. Added the column name
You are not providing the column name for username field. That was your issue. Since you are matching results with condition you need a WHERE clause too !
Disclaimer : Stop using mysql_* functions as they are deprecated. Switch to MySQLi or PDO instead.
It means your query (i.e., $sql) is broken. You are comparing a table to a string, when you should be using a WHERE clause. Also, password is a reserved word; escape it, like this:
$sql ="SELECT * FROM usersaccount WHERE `username` ='$username' and `password` ='$password'";
Also, you are wide open to SQL injection; you need prepared statements.
According to documentation you have to do this:
$con=mysqli_connect("localhost","root","","reservation");
//...
$query = "SELECT * FROM usersaccount ='$username' and password ='$password'";
if ($stmt = mysqli_prepare($con, $query)) {
mysqli_stmt_execute($stmt);/* execute query */
mysqli_stmt_store_result($stmt);/* store result */
printf("Number of rows: %d.\n", mysqli_stmt_num_rows($stmt));
mysqli_stmt_close($stmt);/* close statement */
}
Since the error message is reporting that its first parameter is a boolean, you should take a closer look at that first parameter.
$result=mysqli_query($con,$sql);
Read the documentation : If it works, mysqli_query() returns a mysqli_result() or FALSE (a boolean) if it doesn't work. So, your query didn't work and it returned a boolean.
You should probably check the outcome of executing your query and, if it fails, you should show the error message generated:
if ( $result = mysqli_query($con, $sql) === FALSE ) {
printf("Invalid query: %s\nWhole query: %s\n", mysqli_error, $sql);
exit();
}
I have created a registration program which insert username password into mysql database. I am now trying to check the username exixts or not. I wrote the following program. its not working. it showing "mysql_num_rows() expects parameter 1 to be resource."
I really need your expert suggestion
registration.php
<?php
require 'jcon.php';
if(isset($_POST["username"], $_POST["firstname"],$_POST["password"])){
$username=$_POST["username"];
$firstname=$_POST["firstname"];
$password=$_POST["password"];
}
$query = mysql_query("SELECT * FROM member WHERE username='$username'");
if(mysql_num_rows($query) != 0)
{
echo "Username already exists";
}
else{
$sql="INSERT INTO member (username, firstname, password)
VALUES ('$username', '$firstname','$password')";}
if(!mysqli_query($con,$sql)){
die('Error: ' . mysqli_error($con));
}
echo "Dear {$firstname} ! you have been successfully registered. "
?>
it showing "mysql_num_rows() expects parameter 1 to be resource
This is the typical case where mysql_query returns false upon failure therefore triggering the infamous:
mysql_num_rows() expects parameter 1 to be resource
This can be caused by multiple factors. Try running the query in phpMyAdmin or directly to the database and see the error or fetch the last mysql error via mysql_error.
It's good practice to always check if the returned value of mysql_query is false or if the mysql_error string is not empty:
if ($result and empty(mysql_error()))
// everything ok
Note: Never ever mix mysql_ and mysqli_ functions. If you have to choose I'd go with mysqli since mysql_* functions are considered deprecated.
You can use this query:
SELECT COUNT(*) as cnt FROM member WHERE username = '$username'`.
If he's not registered, cnt column will return 0.
Therefore, you can avoid the needed parameter as it is possible for mysql_query to return FALSE if the query doesn't reproduce result and it's not possible for mysql_fetch and friends to make it as parameter.
This question already has answers here:
Can I mix MySQL APIs in PHP?
(4 answers)
Closed 1 year ago.
I am currently experiencing issues with the following script. Upon execution of the script, I do recieve the message "Connection was OK!" however, then I also receive the following messages:
Warning: mysql_query() expects parameter 2 to be resource, object
given in /opt/lampp/htdocs/worldofclucky.net/scripts/auth.php on line
11
Warning: mysql_fetch_array() expects parameter 1 to be resource, null
given in /opt/lampp/htdocs/worldofclucky.net/scripts/auth.php on line
12
Any idea what I am doing wrong? I am far from a PHP/MySQL expert, I wouldn't really even consider my self a novice... I did do some testing and the $username variable is sending from the previous page correctly and when typing SELECT * FROM forum.mybb_users WHERE username = 'x_clucky' LIMIT 1 into the MySQL client, it gives all of the information you would expect to get. The PHP code is as follows:
<?php
$username=$_POST["username"];
$hashed_password = md5($_POST['password']); /* For MyBB its $mybb->input['password'] */
$con=mysqli_connect("worldofclucky.net","clucky","CENSORED","forum");
// Check connection
if (mysqli_connect_errno($con))
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
} else { echo "Connection was OK!\n";}
$query = mysql_query("SELECT * FROM mybb_users WHERE `username` = '$username' LIMIT 1",$con);
$row = mysql_fetch_array($query);
$encrypted_password = md5(md5($row['salt']).$hashed_password);
if($encrypted_password == $row['password']) {
echo "<script>alert('test');</script>";
}
mysqli_close($con);
?>
Thank you in advanced for your help
change mysql to mysqli and use below kind of query. You can't use mysql and mysqli altogether.
$query = mysqli_query($con, "SELECT * FROM mybb_users WHERE `username` = '$username' LIMIT 1");
$row = mysqli_fetch_array($query);
From a quick look it seems like you are using mysqli functions to connect and then mysql functions to make the actual query. mysql_* functions are now deprecated.