rocky48 Posted November 23, 2017 Share Posted November 23, 2017 I know this question has been asked many times before, and I have looked at many of the answers, but i just can't see whats wrong.I have got it to print $r and that equals 1, so should print the message "Your renewal form has been received and added to the database", but it prints the other message?Never the less the INSERT is updating the database, so why is it not printing the correct echo.I've tried FALSE instead of <1. I also had it the other way around (correct message first), but I still get the same result.Please help!Here is the code: <?php require_once ('config.inc.php'); if (isset($_POST['submitted'])) { // Handle the form. // print_r($_POST); require_once('connect_renew.php'); // Trim all the incoming data: $trimmed = array_map('trim', $_POST); $Fname = $_POST['firstname']; $Sname = $_POST['surname']; $Road = $_POST['road']; $Town = $_POST['town']; $County = $_POST['county']; $Pcode = $_POST['pcode']; $Phone = $_POST['phone']; $Mobile = $_POST['mobile']; $Email = $_POST['email']; $DOB = $_POST['dob']; $BMFA = $_POST['bmfa_no']; $C_mem = $_POST['country_mem']; $Amount = $_POST['subs_amount']; $meth = $_POST['pay_meth']; $q= "INSERT INTO `Rform`(`firstname`, `surname`, `road`, `town`, `county`, `pcode`, `phone`, `mobile`, `email`, `dob`, `bmfa_no`, `country_mem`, `subs_amount`, `pay_meth`, date_sub) VALUES ('$Fname', '$Sname', '$Road', '$Town', '$County', '$Pcode', '$Phone', '$Mobile', '$Email', '$DOB', '$BMFA', '$C_mem', '$Amount', '$meth', now())"; $r = mysqli_query ($dbc, $q) or die(mysqli_error($dbc)); if (mysqli_num_rows($r) < 1){ // Available. echo $r; echo '<p>Somethings wrong, You need to re-enter your details</p>'; }else{ echo '<p> Your renewal form has been received and added to the database</p>'; } mysqli_close($dbc); } ?> Quote Link to comment https://forums.phpfreaks.com/topic/305745-renewalphp-on-line-29-mysqli_num_rows-expects-parameter-1-to-be-mysqli_result-boolean-given/ Share on other sites More sharing options...
Barand Posted November 23, 2017 Share Posted November 23, 2017 Your error aside, why are you attempting to use mysqli_num_rows() on a query that will not return any rows? You need mysqli_affected_rows(). You should also be using a prepared query and not putting user data directly into your query statement. 1 Quote Link to comment https://forums.phpfreaks.com/topic/305745-renewalphp-on-line-29-mysqli_num_rows-expects-parameter-1-to-be-mysqli_result-boolean-given/#findComment-1554058 Share on other sites More sharing options...
rocky48 Posted November 23, 2017 Author Share Posted November 23, 2017 What do you mean by a prepared query? I am not putting user input directly into the query, otherwise I would have put the ($_POST['Value']) into the query! Am I not understanding why that no rows are produced with msqli_num_rows()? I am still somewhat 'green', probably due to my age! Quote Link to comment https://forums.phpfreaks.com/topic/305745-renewalphp-on-line-29-mysqli_num_rows-expects-parameter-1-to-be-mysqli_result-boolean-given/#findComment-1554063 Share on other sites More sharing options...
SteamingAlong Posted November 26, 2017 Share Posted November 26, 2017 First of all, you are using an INSERT query. You can't get the number of rows from an INSERT query. You need to use a SELECT query after the INSERT one and then get the number of rows available in the database. As the other user said regarding the user data. You actually are inputting the data directly into it. This is a security flaw and would cause sql injections. The correct way for mysqli perpared statements is as follows: <?php $stment = $dbConnection->prepare('SELECT * FROM users WHERE name = ?'); $stment->bind_param('s', $name); $stment->execute(); $result = $stment->get_result(); while ($row = $result->fetch_assoc()) { // do something with $row } ?> Quote Link to comment https://forums.phpfreaks.com/topic/305745-renewalphp-on-line-29-mysqli_num_rows-expects-parameter-1-to-be-mysqli_result-boolean-given/#findComment-1554120 Share on other sites More sharing options...
benanamen Posted November 26, 2017 Share Posted November 26, 2017 (edited) You can't get the number of rows from an INSERT query. You need to use a SELECT query after the INSERT one and then get the number of rows available in the database. Who told you that? Perhaps you should read the manual for mysqli_affected_rows. http://php.net/manual/en/mysqli.affected-rows.php Per the manual: mysqli::$affected_rows -- mysqli_affected_rows — Gets the number of affected rows in a previous MySQL operation Returns the number of rows affected by the last INSERT, UPDATE, REPLACE or DELETE query. Edited November 26, 2017 by benanamen Quote Link to comment https://forums.phpfreaks.com/topic/305745-renewalphp-on-line-29-mysqli_num_rows-expects-parameter-1-to-be-mysqli_result-boolean-given/#findComment-1554122 Share on other sites More sharing options...
SteamingAlong Posted November 26, 2017 Share Posted November 26, 2017 Assumptions is the mother of all fck ups. You are right! Never had the need to even get the number of rows after anything other than a SELECT which in turn has always made me stick to _num_rows. Anyways, you can see clearly where the error is as he has used the wrong code to get the number of rows. Since mysqli_num_rows requires a mysqli_result argument which you only get for SELECT queries. He should in turn be using mysqli_affected_rows in that case. Quote Link to comment https://forums.phpfreaks.com/topic/305745-renewalphp-on-line-29-mysqli_num_rows-expects-parameter-1-to-be-mysqli_result-boolean-given/#findComment-1554133 Share on other sites More sharing options...
gizmola Posted November 26, 2017 Share Posted November 26, 2017 What do you mean by a prepared query? I am not putting user input directly into the query, otherwise I would have put the ($_POST['Value']) into the query! Am I not understanding why that no rows are produced with msqli_num_rows()? I am still somewhat 'green', probably due to my age! The entire insert query is user input coming from $_POST! Just because you assign a redundant variable: $Fname = $_POST['firstname']; ... that does not do anything to escape quotes. None of those variables are necessary if you used a prepared statement, and bind the $_POST variables. With that said, if any of those variables are missing from the $_POST, you're going to have an error. Usually people will have some sort of validation or parameter checking routine. You might want to look at the Symfony validation and options resolver components to see the types of design patterns that work well in robustly solving this problem. The form component might be worth looking at as well. Quote Link to comment https://forums.phpfreaks.com/topic/305745-renewalphp-on-line-29-mysqli_num_rows-expects-parameter-1-to-be-mysqli_result-boolean-given/#findComment-1554144 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.