renewal.php on line 29: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given

[rocky48]

I know this question has been asked many times before, and I have looked at many of the answers, but i just can't see whats wrong.
I have got it to print $r and that equals 1, so should print the message "Your renewal form has been received and added to the database", but it prints the other message?
Never the less the INSERT is updating the database, so why is it not printing the correct echo.
I've tried FALSE instead of <1.  I also had it the other way around (correct message first), but I still get the same result.
Please help!
Here is the code:

   <?php
    require_once ('config.inc.php');
    if (isset($_POST['submitted'])) { // Handle the form.
    //        print_r($_POST);
        require_once('connect_renew.php');
        
        // Trim all the incoming data:
        $trimmed = array_map('trim', $_POST);
            
            $Fname = $_POST['firstname'];
            $Sname = $_POST['surname'];
            $Road = $_POST['road'];
            $Town = $_POST['town'];
            $County = $_POST['county'];
            $Pcode = $_POST['pcode'];
            $Phone = $_POST['phone'];
            $Mobile = $_POST['mobile'];
            $Email = $_POST['email'];
            $DOB = $_POST['dob'];
            $BMFA = $_POST['bmfa_no'];
            $C_mem = $_POST['country_mem'];
            $Amount = $_POST['subs_amount'];
            $meth = $_POST['pay_meth'];
    
     
            $q= "INSERT INTO `Rform`(`firstname`, `surname`, `road`, `town`, `county`, `pcode`, `phone`, `mobile`, `email`, `dob`, `bmfa_no`, `country_mem`, `subs_amount`, `pay_meth`, date_sub) VALUES  ('$Fname', '$Sname', '$Road', '$Town', '$County', '$Pcode', '$Phone', '$Mobile', '$Email', '$DOB', '$BMFA', '$C_mem', '$Amount', '$meth', now())";
            
            $r = mysqli_query ($dbc, $q) or die(mysqli_error($dbc));
           if (mysqli_num_rows($r) < 1){ // Available.
            echo $r;
                    echo '<p>Somethings wrong, You need to re-enter your details</p>';
                }else{
                    echo '<p> Your renewal form has been received and added to the database</p>';
    
            }
            mysqli_close($dbc);
    }
    ?>

[Barand]

Your error aside, why are you attempting to use mysqli_num_rows() on a query that will not return any rows? You need mysqli_affected_rows().

 

You should also be using a prepared query and not putting user data directly into your query statement.

[rocky48]

What do you mean by a prepared query?

I am not putting user input directly into the query, otherwise I would have put the ($_POST['Value']) into the query!

Am I not understanding why that no rows are produced with msqli_num_rows()?

I am still somewhat 'green', probably due to my age!

[SteamingAlong]

First of all, you are using an INSERT query. You can't get the number of rows from an INSERT query. You need to use a SELECT query after the INSERT one and then get the number of rows available in the database.

 

As the other user said regarding the user data. You actually are inputting the data directly into it. This is a security flaw and would cause sql injections. The correct way for mysqli perpared statements is as follows:

<?php
$stment = $dbConnection->prepare('SELECT * FROM users WHERE name = ?');
$stment->bind_param('s', $name);
$stment->execute();
$result = $stment->get_result();
while ($row = $result->fetch_assoc()) {
     // do something with $row
}
?>

[benanamen]

You can't get the number of rows from an INSERT query. You need to use a SELECT query after the INSERT one and then get the number of rows available in the database.

 

Who told you that? Perhaps you should read the manual for mysqli_affected_rows. http://php.net/manual/en/mysqli.affected-rows.php

 

Per the manual:

mysqli::$affected_rows -- mysqli_affected_rows — Gets the number of affected rows in a previous MySQL operation

Returns the number of rows affected by the last INSERT, UPDATE, REPLACE or DELETE query.

[SteamingAlong]

Assumptions is the mother of all fck ups. You are right!

 

Never had the need to even get the number of rows after anything other than a SELECT which in turn has always made me stick to _num_rows.

 

Anyways, you can see clearly where the error is as he has used the wrong code to get the number of rows. Since mysqli_num_rows requires a mysqli_result argument which you only get for SELECT queries. He should in turn be using mysqli_affected_rows in that case.

[gizmola]

What do you mean by a prepared query?

I am not putting user input directly into the query, otherwise I would have put the ($_POST['Value']) into the query!

Am I not understanding why that no rows are produced with msqli_num_rows()?

I am still somewhat 'green', probably due to my age!

 

The entire insert query is user input coming from $_POST!

 

Just because you assign a redundant variable:

 

$Fname = $_POST['firstname'];

... that does not do anything to escape quotes. None of those variables are necessary if you used a prepared statement, and bind the $_POST variables.

 

With that said, if any of those variables are missing from the $_POST, you're going to have an error. Usually people will have some sort of validation or parameter checking routine. You might want to look at the Symfony validation and options resolver components to see the types of design patterns that work well in robustly solving this problem. The form component might be worth looking at as well.