mysqli num_rows expects Parameter 1 to be mysqli_result

Asked

Viewed 42 times

1

Hello, I’m a beginner in PHP and Mysql and I’m in need of help.

I am getting the error that is in the question title in my login function:

    public function login ($login, $senha) {
    $result = $this->conn->prepare ("SELECT * FROM usuario WHERE login='$login' and senha='$senha';");
    if(!$result->execute()){
        echo 'erro: '. $result->error;
    }
    if (mysqli_num_rows($result)<=0){
        echo "<script language='javascript' type='text/javascript'>alert('Login e/ou senha incorretos');window.location.href='Teste.php';</script>";
    }else{
        setcookie("login", $login);
        header("Location:index.php");
    }

}

The $result variable is only getting value 0 and I’m not able to solve it, if someone can help me solve it, I’m grateful from now on.

php mysql mysqli

  • the user you are using exists in the comic? is sure the password is correct?

  • Yes. the user is 'test' and the password too, I tried to enter directly with: SELECT * FROM user WHERE login='test' and password='test';. But still it returns 0.

1 answer

1


You have to execute the store_result and preferably if you’re going to use OOP then use everything like this, there’s no reason why in the mysqli API to mix procedural with OOP (I’m only talking about this API, the rest of PHP is a matter of taste and need, so you can "mix"):

if ($stmt = $mysqli->prepare("SELECT * FROM usuario WHERE login='$login' and senha='$senha';")) {

    /* execute query */
    $stmt->execute();

    /* store result */
    $stmt->store_result();

    if ($stmt->num_rows < 1) {
        echo "<script language='javascript' type='text/javascript'>alert('Login e/ou senha incorretos');window.location.href='Teste.php';</script>";
    } else {
        setcookie("login", $login);
        header("Location:index.php");
    }

    /* close statement */
    $stmt->close();
}

/* close connection */
$mysqli->close();

Another very important thing, why use variables with prepare directly in the string? (no need to answer)

If you want to prevent someone from passing a login or password value that causes syntax error or even a sql-injectcion use directly the bind_param, because that’s the purpose of prepare, thus:

if ($stmt = $mysqli->prepare("SELECT * FROM usuario WHERE login=? and senha=?")) {

    /* passa os valores na ordem dos interrogações */
    $stmt->bind_param('ss', $login, $senha);

    /* execute query */
    $stmt->execute();

    /* store result */
    $stmt->store_result();

    if ($stmt->num_rows < 1) {
        echo "<script language='javascript' type='text/javascript'>alert('Login e/ou senha incorretos');window.location.href='Teste.php';</script>";
    } else {
        setcookie("login", $login);
        header("Location:index.php");
    }

    /* close statement */
    $stmt->close();
}

/* close connection */
$mysqli->close();
  • 1

    Thank you very much, it worked! I’m still a little confused with the database and OOP methods, I’m still learning, but thank you very much for the explanation!

Browser other questions tagged php mysql mysqli

You are not signed in. Login or sign up in order to post.