Liran Atli Liran Atli - 20 days ago 5
MySQL Question

mysqli_query return bool(false) all the time

public function verify_login($email, $password) {
$this->Connect();

`email`=`$email` AND `password`=`$password` ";

$sql = "SELECT email,password FROM `users_details` WHERE

`email`='$email' AND `password`='$password' ";

if ($this->res=mysqli_query($this->ind_connect, $qry)) {


$num_row = mysqli_num_rows($this->res);

$row = mysqli_fetch_assoc($this->res);

if ($num_row == 1) {
echo 'true';

$_SESSION['email'] = $row['email'];
$_SESSION['password'] = $row['password'];
}

} else {

echo 'errr';
}

$this->Disconnect();

}


hello i am trying to do simple query and the function "mysqli_query($this->ind_connect, $qry)" return to me false all the time
1. the connection is return "true"
2. i am trying to change the query to simplest query like "SELECT * from
users_details
and the mysqli_query return to me false again.

Answer

You have a lot of issues within this, but here is what I would try:

 public function verify_login($email, $password) {
    $conn = $this->Connect(); //Make sure $this->Connect(); returns the connection. (Where mysqli_connect(host,user,pass,dbname); is called)
    //Never inject variables into SQL without escaping the information first for SQL security reasons.
    $email = mysqli_real_escape_string($conn, $email);
    $password = mysqli_real_escape_string($conn, $password);

    $query = "`email`='$email' AND `password`='$password';";

    $sql = "SELECT `email`, `password` FROM `users_details` WHERE $query";
    if ($this->res=mysqli_query($this->ind_connect, $qry)) {
        $num_row = mysqli_num_rows($this->res);
        $row = mysqli_fetch_assoc($this->res);

        if ($num_row == 1) {
            echo 'true';

            $_SESSION['email'] = $row['email'];
            $_SESSION['password']  = $row['password'];
        }

    } else {

        echo 'errr';
    }

    $this->Disconnect();

}

I noticedin one of your SQL lines you were using `` instead of the proper '' single quotes when checking with the email and password value. The name should be within ``, and the value should always be within '', unless dealing with another data type.

I highly suggest fixing the security issue as well, as SQL injection is possible.

I would recommend you switching over to something a little more modern and secure, such as PDO for the database connection.