warning with mysqli_fetch_row expects parameter 1

[Tuscanbot]

Hi guys,

I am struggling why I received the error, my apology, I am fairly new using php and mysql

Warning: mysqli_fetch_row() expects parameter 1 to be mysqli_result, boolean given in line 64

the code is the $countArr = mysqli_fetch_row($countResult2);

 

Warning: Invalid argument supplied for foreach() 

The code is the foreach($fetchArr2 as $value)

 

Anyone understood why it is like this? if so, could you please kindly explain.
thanks, greatly appreciated!

below is the code:

<?php//////////////////////////////////////
session_start();
require_once('sqlconnect.inc.php');
/////////////////////////////////////


$memberHid1 = $_POST['memberHid1'];  
$new_session = $_POST['memberHid']; 
//connecting to the database
$conn = @mysqli_connect($host, 
$user, 
$pswd, 
$dbnm);


if (!$conn) {
echo "<p>Database connection failure</p>"; 
} else {


@mysqli_select_db($conn, $dbnm)
or die ("Database not available");
}


$query = "SELECT member_id 
 FROM team 
 WHERE member_name = '$memberHid1'";


$queryResult = @mysqli_query($conn, $query)
or die ("<p>Unable to execute query.</p>". "<p>Error code:" . mysqli_errno($conn) .":" . mysqli_error($conn));


$fetchArr = mysqli_fetch_row($queryResult);


$memberHid3 = $fetchArr[0]; 
$memberHid = $_SESSION['membername'] = $new_session;


$query2 = "SELECT member_id 
  FROM team 
  WHERE member_name = '$memberHid'";
  
$queryResult2 = @mysqli_query($conn,$query2)
or die ("<p>Unable to execute query.</p>". "<p>Error code" . mysqli_errno($conn) .":" . mysqli_error($conn));


$fetchArr2 = mysqli_fetch_row($queryResult2);
$memberHid4 = $fetchArr2[0];


$query3 = "INSERT INTO myteam 
  VALUES($memberHid4, $memberHid3)";
  
$queryResult3 = @mysqli_query($conn,$query3)
or die ("<p>Unable to execute query.</p>". "<p>Error code" . mysqli_errno($conn) .":" . mysqli_error($conn))."</p>";
echo "<p>$memberHid1"."  "." Successfully added</p>";


$queryCount = "SELECT COUNT(*) 
  FROM team";
$countResult = @mysqli_query($conn,$queryCount);
$fetchCountArr = mysqli_fetch_row($countResult); 
for($n=0;$n<$fetchCountArr[0];$n++)
{
$pst = $n+1;
$query4 = "SELECT member_id2
FROM myteam 
WHERE friend_id1 = '$pst'";


$countResult2 = @mysqli_query($conn,$query4);
$countArr = mysqli_fetch_row($countResult2);
$a=0;
while($countArr)
{
$a++;
$countArr = mysqli_fetch_row($countResult2); //echo "<p>$a</p>";
}


$query4 = "UPDATE team 
  SET num_of_members= '$a' 
  WHERE member_id = '$pst'";
  
$countResult2 = @mysqli_query($conn,$query4);


}


$querySelect = "SELECT member_id2 
FROM myteam 
WHERE member_id1 = '$memberHid4'";


$querySelectResult = @mysqli_query($conn, $querySelect);
$fetchArr = mysqli_fetch_row($querySelectResult);


while($fetchArr)
{
foreach($fetchArr as $value)


{
//echo $value;
$querySelect2 = "SELECT member_name 
FROM friends where friend_id='$value'";
$querySelectResult2 = @mysqli_query($conn, $querySelectResult2);
$fetchArr2 = mysqli_fetch_row($querySelectResult2);
foreach($fetchArr2 as $value)
{
//echo $value;
} 
}
$fetchArr = mysqli_fetch_row($querySelectResult);
}


;


?>

[Ch0cu3r]

You are getting that error because the query before line 64 either did not return any results or returned an error.

 

Can you explain what you are trying to do. Using queries within loops is not very efficient.

[mac_gyver]

Can you explain what you are trying to do.

 

+1 for that.

 

your code is overly complicated for what it is doing and hard to understand. if we cannot understand it, i'm pretty sure you cannot.

 

it should be possible, just by looking at code, now or a year from now, to be able to deduce a majority of what it is trying to do. the biggest problem is your use of generic, sequential, form field and variable names that don't convey the meaning of the values in them. using things like $memberHid1, $memberHid3, $memberHid4 requires you to remember and keep track of what those values actually are. which of those are actually the current user's name, his id, or the id or name of the user he is trying to add?

 

afaik, the code on this page is responsible for adding a selected user to the myteam table. that's all this code should be doing.

 

here's a list of things the code should/should not be doing -

 

1) the current user, who's logged in, should have his member_id stored in a session variable. by passing his member_id or member_name through the form, you are allowing anyone to alter the data for any other user. also, by storing the member_id in a session variable, you don't need to run a query to get it based on the member_name.

 

2) your code needs to test if the current visitor is logged in before doing anything, both on the form and the form processing page.

 

3) your form processing code needs to test if a form has been submitted at all before trying to use any of the form data.

 

4) the form should submit the selected user's member_id, so that you don't need to immediately run a query just to get the id based on the member_name.

 

5) all database query statements need to have the external data being put into them validated and escaped/cast as appropriate to prevent errors and sql injection.

 

6) you should test if the submitted member_id is valid (exists in the team table), isn't the same as the current logged in user (the current user shouldn't be able to accidentally/intentionally add himself), and that it isn't already in the myteam table. your myteam table should enforce unique combinations of the owner member_id and the added member_id by having a unique index for those two columns.

 

7) you need to list out the database table column names in your INSERT query. your myteam table apparently has three or more columns, some with names ending in 1,2,... which again, doesn't convey the meaning of the data in the columns. i'm not sure how or even if your INSERT query is running without an error.

 

having a num_of_members column in your team table is redundant, unnecessary, and problematic. the number of members on any person's team can be found from the myteam table. you can query at any time to get that number. storing it in another place will create problems because the values can get out of sync should there be a query error.

 

9) i'm not sure how any of the 'friends' field/table has anything to do with adding a member to your myteam table. it would seem like that is part of some other action.