angelina angelina - 4 years ago 198
PHP Question

Why does mysqli_num_rows() needs to expect parameter 1 to be mysqli_result,boolean given in...?

I'm getting problem in one of my php files in wampserver. I have 3 php files named as initial, registration and confirmation.
Initial and registration php files are working accordingly.
However my 3rd file confirmation is not.My table name is "user_information".

Here is the code:

initial.php

<?php
$db_name="myappdb";
$mysql_user="root";
$mysql_pass="";
$server_name="localhost";

$con=mysqli_connect($server_name,$mysql_user,$mysql_pass,$db_name);
if(!$con)
{
echo"Error in connection try again...".mysqli_connect_error();
}
else
{
echo"<h3>Database is successfully connected!...</h3>";


?>


registration.php

<?php

require'initial.php';
$name="angelina";
$user_name="tom";
$user_pass="cruise123";

$sql_query="insert into user_information values('$name','$user_name','$user_pass');";

if(mysqli_query($con,$sql_query))
{
echo"<h3> Data is successfully inserted...</h3>";
}
else
{
echo"Data Insertion is wrong...".mysqli_error($con);
}


?>


confirmation.php

<?php
require'initial.php';
$user_name="tom";
$user_pass="cruise123";


$sql_query="select name from user_informtion where user_name = '".mysqli_real_escape_string($con, $user_name)."' and user_pass = '".mysqli_real_escape_string($con, $user_pass)."' ";
$result=mysqli_query($con,$sql_query);

if(mysqli_num_rows($result)>0)
{
$row=mysqli_fetch_assoc($result);
$name=$row["name"];
echo"<h3>Hello welcome".$name."</h3>";
}
else
{
echo"No information is available...";
}

?>


And I dont know why am getting this error:

Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in..

Please help me on this
Thanks in Advance

Answer Source

Use "=" instead of LIKE and used mysqli_real_escape_string() for preventing sql injection.

Replace:

$sql_query="select name from user_informtion where user_name like'$user_name' and user_pass like'$user_pass';";

With this:

$sql_query="select name from user_informtion where user_name = '".mysqli_real_escape_string($con, $user_name)."' and user_pass = '".mysqli_real_escape_string($con, $user_pass)."' ";
Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download