Profile page - PHP/Mysql

Question

Profile page - PHP/Mysql

Asked 4 years, 11 months ago

Viewed 68 times

-2

Hello !

I’m trying to create a page for each user who registers on the site, but I’m not getting it, basically the profile works as follows: each profile is linked by userid, which can be accessed by changing the url, for example: "profile.php? userid=1", if the user places a userid that does not exist in the database an error message will appear.
Without the use of prepared statements has worked correctly, but when I tried to use prepared statements to increase security I only get the following error message:

Warning: mysqli_num_rows() expects Parameter 1 to be mysqli_result, Object Given in C: wamp64 www Minhalista includes profile.inc.php on line 17

Connection to the database:

<?php
$db_host = "localhost";
$db_username = "root";
$db_password = "";
$db_name = "users_registered";

$conn = mysqli_connect($db_host, $db_username, $db_password, $db_name);

if(!$conn) {
    die("A conexão com o banco de dados falhou: ".mysqli_connect_error());
}
?>

Profile code with prepared declarations (error):

<?php
    include "db.inc.php";

    if (!isset($_GET['userid'])) {
        echo "Erro ao encontrar o userid";
    }
    else {
        $userid = $_GET['userid'];
        $sql = "SELECT * FROM users WHERE userID=?";
        $stmt = mysqli_stmt_init($conn);
        if(!mysqli_stmt_prepare($stmt, $sql)) {
            echo "Erro ao preparar as declarações";
        }
        else {
            mysqli_stmt_bind_param($stmt, "s", $userid);
            mysqli_stmt_execute($stmt);
            $result = mysqli_num_rows($stmt);
            if ($result < 0) {
                echo "Esse usuário não existe";
            }
            else if ($result > 0) {
                while ($row = mysqli_fetch_assoc($result)) {
                    $username = $row['userName'];
                    $userimage = $row['userImage'];
                }
            }
            else {
                echo "Esse usuário não existe.";
            }
        }
    }
?>

Without the prepared statements (it works)

<?php
 include "db.inc.php";

    if (!isset($_GET['userid'])) {
        echo "Erro ao encontrar o userid";
    }
    else {
        $userid = $_GET['userid'];
        $sql = "SELECT * FROM users WHERE userID=$userid";
        $result = mysqli_query ($conn, $sql);
        $queryresults = mysqli_num_rows($result);
            if ($queryresults < 0) {
                echo "Usúario não encontrado";
            }
            else if ($queryresults > 0) {
                while ($row = mysqli_fetch_assoc($result)) {
                    $username = $row['userName'];
                    $userimage = $row['userImage'];
                }
            }
            else {
                echo "Usúario não encontrado";
            }
}
?>

I appreciate if anyone can help, I have no idea where I’m going wrong. Thank you!

1 answer

Browser other questions tagged php mysql

You are not signed in. Login or sign up in order to post.

by Augusto Vasques • **15,321** points · Answer 1 · 2019-12-18T05:21:10+00:00

In the statement:

$result = mysqli_num_rows($stmt);

The parameter $stmt is the type MySQLi_STMT representing a prepared command and mysqli_num_rows() is waiting for a type parameter MySQLi_Result which represents the result set of the query made to the database returned by mysqli_stmt_get_result(). That’s why the mistake.

Fixing and simplifying your code:

<?php
    include "db.inc.php";

    if (isset($_GET['userid'])) {
        $userid = $_GET['userid'];
        $sql = "SELECT * FROM users WHERE userID=?";
        $stmt = mysqli_stmt_init($conn);
        if(mysqli_stmt_prepare($stmt, $sql)) {
            mysqli_stmt_bind_param($stmt, "s", $userid);
            mysqli_stmt_execute($stmt);
            // Obtenha o conjunto de resultados da consulta
            $result = mysqli_stmt_get_result($stmt);
            // Passe o conjunto de resultados para mysqli_num_rows()
            $num_rows = mysqli_num_rows($result);
            // A comparação é feita com o número de linhas obtidos
            if ($num_rows > 0) { 
                // Obtem uma linha do conjunto de resultados
                while ($row = mysqli_fetch_assoc($result)) {
                    $username = $row['userName'];
                    $userimage = $row['userImage'];
            } else {
                echo "Esse usuário não existe.";
            }     
        } else {
            echo "Erro ao preparar as declarações";
        }    
    } else {
        echo "Erro ao encontrar o userid";
    }
?>