LosKartoflos LosKartoflos - 12 days ago 7
MySQL Question

False value in sql query in php function only works in quotationmarks

I have to develop an appStore plugin and one query isn't working right.

the function

function addItem($installed){...


adds shop items(some html stuff) trough an echo into a div

<div class="flexRow order2 topLine">
<?php
addItem("false");
?>
</div>


and

<div class="flexRow order2 topLine">
<?php
addItem(true);
?>
</div>


the query for the data selection is the following:

$sql = "SELECT * FROM shopitems Where installed = ". $installed ;


My question:
As you see the false boolean value is in quotationmarks. Otherwise it won't work. The truestatement could be in quotationmarks or not. Is something wrong my query?

The column "installed" is from boolean value.

The warning php shows on Site is the following:


mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean
given in C:\xampp\htdocs\setupItems.php on line 31

0 results


Line 31 till 33:

if (mysqli_num_rows($result) > 0) {
// output data of each row
while($row = mysqli_fetch_assoc($result)) {

<?php


the whole function

function addItem($installed )
{
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "appmarket";

// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}



/*if($installed == true){
$sql = "SELECT * FROM shopitems Where installed = true ";
} else if ($installed == false){
$sql = "SELECT * FROM shopitems Where installed = false ";
}else{
error_log("forgot to enter installed bool");
}*/

$sql = "SELECT * FROM shopitems Where installed = ". $installed ;

$result = mysqli_query($conn, $sql);

if (mysqli_num_rows($result) > 0) {
// output data of each row
while($row = mysqli_fetch_assoc($result)) {
echo'<div id="1" class="blockItem order2"> <!-- this div contains an Table for the Content of the downloadabel app-->
<div>
<table id=itemTable style="table-layout:fixed"><!--this table contains the header and the version number-->
<tr>
<th id="itemHeader" class="itemheader"><h2>' . $row["Header"] . '</h2></th>
<td id="itemAppVersion" class="version">' . $row["Version"] . '</td>
</tr>

</table>
<table id=itemTable style="table-layout:fixed"><!--this table contains the image and the description-->

<tr class="tableformat">
<td id="itemAppThumbnail" width="120px">
<img class="itemThumbnail" src="Images/' . $row["Imageurl"] . '">
</td>
<td id="itemAppDescription" style="width: 200px;">
<a class="whiteAnchor" href="Downloadable/' . $row["Downloadurl"] . '" download="logo">
' . $row["Content"] . '
</a>
</td>
</tr>
</table>
</div>
</div>'
;
}
} else {
echo "0 results";
}

mysqli_close($conn);
}



?>

Answer

The problem originates from not using parameterized statements and not checking your data types.

just for reference, you should look at the outputs of

echo true;

which prints "1"

echo false;

which prints nothing.

now, in your case, you try to concatenate a boolean to a string. which is impossible, so PHP implicitely tries to cast your boolean to a string itself, as it does with echo. false, in this case, is not cast to "false" or "0", but to "", which results in your query being:

"SELECT * FROM shopitems Where installed = "

which is not valid SQL.

as a quick fix, you can use

"SELECT * FROM shopitems Where installed = ". ($installed?"1":"0")

which explicitely 'casts' your boolean to "0" and results in a valid query. In the long run, you should instead look into parameterized statements
for further information, you should also take a look at type juggling