We Keep Coding

Prepared statement fails in a function - PHP

I don't know why but this function returns false when I try to use prepared statements in it however, when I use non-prepared statements it returns true. Can anyone explain it?
Code:
function evalLoggedUser($conx,$id,$u,$p){
$sql = "SELECT ip FROM users WHERE id=? AND username=? AND password=? AND activated=? LIMIT 1";
$stmt = $conx->prepare($sql);
$var = 1;
$stmt->bind_param("issi",$id,$u,$p,$var);
$stmt->execute();
$numrows = $stmt->num_rows;
if($numrows > 0){
return true;
}
$stmt->close();
}
$user_ok = evalLoggedUser($conn,$log_id,$log_username,$log_password);
This returns false
function evalLoggedUser($conx,$id,$u,$p){
$sql = "SELECT ip FROM users WHERE id='$id' AND username='$u' AND password='$p' AND activated='1' LIMIT 1";
$query = mysqli_query($conx, $sql);
$numrows = mysqli_num_rows($query);
if($numrows > 0){
return true;
}
}
$user_ok = evalLoggedUser($conn,$log_id,$log_username,$log_password);
This returns true

The problem is a simple typographical mistake: you pass 4 parameters as prepared, but expect 5.
See this: $stmt->bind_param(/*"issi",*/$id,$u,$p,$var);

Using a good SQL query instead of PHP code

I have a page that is taking a kind of long time to load, and I'm almost sure that this is caused by too many sql requests (AKA caused by my bad SQL skills). Is there anyway to join these 3 queries into one?
What I want to do with this query is to try to select a specific id from cardapios and, if there is anything there (if $num_rows > 0) the only thing I want to do is select that id. If there is nothing there, then I want to insert something and then select the id of that.
$query = "SELECT id FROM cardapios WHERE nome='$nome'";
$sql = mysqli_query($con,$query);
$num_rows = mysqli_num_rows($sql);
if ($num_rows > 0){
while ($row = mysqli_fetch_array($sql)){
$_SESSION['id_cardapio'] = $row['id'];
$num_rows = 0;
}}else{
$query = "INSERT INTO cardapios (nome, kcal, semana)
VALUES('$nome', '$kcal', '$semana')" or die(mysqli_error($con));
$sql = mysqli_query($con,$query);
$query = "SELECT id FROM cardapios WHERE nome='$nome' ";
$sql = mysqli_query($con, $query);
while ($row = mysqli_fetch_array($sql)){
$_SESSION['id_cardapio'] = $row['id'];
}
}
I am trying to put all of this into one query but getting nowhere. Is there anyway to use just one query for doing all of this?
Thanks in advance!

You can replace the last query by getting the mysqli_insert_id($con); as you already have the insert id available after the insert
$query = "SELECT id FROM cardapios WHERE nome='$nome'";
$sql = mysqli_query($con,$query);
$num_rows = mysqli_num_rows($sql);
if ($num_rows > 0){
while ($row = mysqli_fetch_array($sql)){
$_SESSION['id_cardapio'] = $row['id'];
$num_rows = 0;
}
}else{
$query = "INSERT INTO cardapios (nome, kcal, semana)
VALUES('$nome', '$kcal', '$semana')" or die(mysqli_error($con));
$sql = mysqli_query($con,$query);
if ( $sql !== false) { // did insert work
$_SESSION['id_cardapio'] = mysqli_insert_id($con);
} else {
// insert did nto work??
}
}

mysql_num_rows($query) > 0 dosen't work

I am trying to know if there is an existing data in the database, we I try to use existing username, based on my coding it should be "exists already", but the result is "proceed". Can you point out where I am wrong?
$query = mysql_query("SELECT * FROM `membership` WHERE `username` = '$username'");
if (mysql_num_rows($query) > 0){
echo "exists already";
}
else {
echo "proceed";
}

this should work
$str = "select SQL_CALC_FOUND_ROWS * from table where username=".$your_value;
$con=db_connect();
$result1 = mysql_query($str,$con);
$str1 = "SELECT FOUND_ROWS() as totalRecord";
$result2 = mysql_query($str1,$con);
$totalRecords = mysql_fetch_array($result2);
if ($totalRecords[0]>0){
echo "exists already";
}
else{echo "proceed";}
also try using mysqli or pdo as mysql is depricated...

How to optimize mysql query registration

At the time of registration, I am checking for there field username, email, phonenumber
With three query. snippet is following:
$query = "SELECT *
FROM
users
WHERE username='$userName'";
$result = mysql_query($query, $this->con);
$count_username = mysql_num_rows($result);
if($count_username <= 0){
$query = "";$result = "";
$query = "SELECT *
FROM
users
WHERE email='$email' ";
$result = mysql_query($query, $this->con);
$count_email = mysql_num_rows($result);
}
if($count_username <= 0 && $count_email <= 0){
$query = "";$result = "";
$query = "SELECT *
FROM
users
WHERE phone_number='$phone'";
$result = mysql_query($query, $this->con);
$count_phone = mysql_num_rows($result);
}
Is there is way to do this with single query, or is there is other way to optimize this code???
Sorry for using mysql extension.
If i use single query:
$query = "SELECT * FROM users WHERE username='$userName' && email='$email' && phone_number='$phone'";
I am unable to show different error:
username exists
email exists
phone exists
I don't want to show error like:
username/phone/exists exists

You can have something like this:
SELECT CASE WHEN username = '$userName' THEN 'username exists'
WHEN email = '$email' THEN 'email exists'
ELSE 'phone exists'
END Result
FROM users
WHERE username = '$userName'
OR email = '$email'
OR phone_number = '$phone'

Its possible to see the sql query that we are doing in browser?

i have a basic doubt.
i have this example:
$sql = mysql_query("SELECT * FROM admin where id = username='$username' and password = '$password' LIMIT 1");
Its possible to see what this sql command is doing in the browser? To see if it is correct..
Thanks.

$a = "SELECT * FROM admin where id = username='$username' and password = '$password' LIMIT 1";
echo $a;
$sql = mysql_query($a); // use mysqli instead

if you will print the $sql it will print #resurce #4
you need to do:
$q = "SELECT * FROM admin where id = username='$username' and password = '$password' LIMIT 1";
print_r($q);
and you see it in the network tab on the console or in the browser if you print your request