[RESOLVED] mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean

cash09

Hi,

I'm new to PHP and even after looking at other similar threads on this forum, I am unable to correct my code.

Can anyone help?

<?php
// This is the login page for the site.

// Set the page title and include the PHP header.
$page_title = 'Login';
include ('./includes/header.html');

if (isset($_POST['submitted'])) { // Check if the form has been submitted.

require_once ('mysql_connect.php'); // Connect to the database.

// Validate the email address.	
if (!empty($_POST['email'])) {
	$email = escape_data($_POST['email']);
} else {
	echo '<p><font color="red" size="+1">You need to enter your email address</font></p>';
	$email = FALSE;
}

// Validate the password.
if (!empty($_POST['pass'])) {
	$pass = escape_data($_POST['pass']);
} else {
	$pass = FALSE;
	echo '<p><font color="red" size="+1">You need to enter your password</font></p>';
}

if ($email && $pass) { // If everything's OK.

	// Query the database.
	$query = "SELECT customer_id, first_name FROM customers WHERE (email_address='$email' AND password='$pass')";		
	$result = mysqli_query ($dbc, $query);

	if (mysqli_num_rows($result) == 1) { // A match was made.

		// Register the values & redirect.
		while ($row = mysqli_fetch_array ($result, MYSQLI_NUM)); 
		mysqli_free_result($result);
		mysqli_close($dbc); // Close the database connection.
		$_SESSION['first_name'] = $row[1];
		$_SESSION['customer_id'] = $row[0];

		// Start defining the URL.
		$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
		// Check for a trailing slash.
		if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {
			$url = substr ($url, 0, -1); // Chop off the slash.
		}
		// Add the page.
		$url .= '/index.php';

		ob_end_clean(); // Delete the buffer.
		header("Location: $url");
		exit(); // Quit the script.

	} else { // No match was made.
		echo '<p><font color="red" size="+1">The email address and password entered do not match those which you registered with.</font></p>'; 
	}

} else { // If everything wasn't OK.
	echo '<p><font color="red" size="+1">Please try again.</font></p>';		
}

mysqli_close($dbc); // Close the database connection.

} // End of SUBMIT conditional.
?>

<h1>Login</h1>
<p>Your Browser Must Allow Cookies In Order To Log In.</p>
<form action="login.php" method="post">
	<fieldset>
	<p><b>Email Address:</b> <input type="text" name="email" size="20" maxlength="40" value="
	<?php if (isset($_POST['email'])) echo $_POST['email']; ?>" /></p>
	<p><b>Password:</b> <input type="password" name="pass" size="20" maxlength="20" /></p>
	<div align="center"><input type="submit" name="submit" value="Login" /></div>
	<input type="hidden" name="submitted" value="TRUE" />
	</fieldset>
</form>

<?php // Include the PHP footer.
include ('./includes/footer.php');
?>

Any help would be greatly appreciated. Thanks in advance.

cash09

Forgot to say where the error occurs. This is the error message i get.

Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in C:\xampplite\htdocs\website\login.php on line 34

Pikachu2000

That error means the query failed. It is returning a result of FALSE to the mysqli_num_rows. I suspect at least part of the problem is in the query itself. You're using single quotes around a variable, causing it to be interpreted literally.

$query = "SELECT customer_id, first_name FROM customers WHERE (email_address='$email' AND password='$pass')";

Note the difference in the syntax highlighting . . .

$query = "SELECT customer_id, first_name FROM customers WHERE (email_address='" . $email . "' AND password= '" . $pass . "')";

cash09

I don't understand? Even when i use double quotation marks around the $email and $pass variables, it still returns the same error?

Pikachu2000

Did you paste in the query in the second block from my response above, or write it out? You should also echo the query out to the screen to see if it holds the values you expect it to hold.

cash09

I pasted in your response from the second block but i'm still getting the same error:

Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in C:\xampplite\htdocs\website\login.php on line 34.

I echo'd the query and it outputs this:

SELECT customer_id, first_name FROM customers WHERE (email_address='practice@hotmail.com' AND password= 'practice')

The email and password are as they are in the database so I have no idea why it isn't working?

Pikachu2000

OK. Time to do some more debugging. If you can use phpMyAdmin to connect to the database, paste the query into the SQL tab and see if it executes or fails. If it executes, put in an 'or die()' to see if the query is executing within the script or not. You'll want to remove the die()s if you put this on a live, production site.

Also, as a side note, since you're going to utilize $_SESSIONs you'll need to put a session_start(); at the top of the script.

 $result = mysqli_query ($dbc, $query) or die(mysqli_error($dbc));

Pikachu2000

And this may seem like a silly question, but the database field names exactly match their spellings in the query string, right?

cash09

I have it working now. Thank you very much for your help pikachu2000

bradgrafelman

Pikachu2000;10948083 wrote:
That error means the query failed. It is returning a result of FALSE to the mysqli_num_rows. I suspect at least part of the problem is in the query itself. You're using single quotes around a variable, causing it to be interpreted literally.
$query = "SELECT customer_id, first_name FROM customers WHERE (email_address='$email' AND password='$pass')";
Note the difference in the syntax highlighting . . .
$query = "SELECT customer_id, first_name FROM customers WHERE (email_address='" . $email . "' AND password= '" . $pass . "')";

There is no difference in either of those strings. The variable was placed in a double quote delimited string in the OP's code, so it will be parsed correctly.

EDIT: Also, cash09 - don't forget to mark this thread resolved (if it is) using the link on the Thread Tools menu.