1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 6:34 pm Apr 27, 2026

Forum Moderators: coopster

Message Too Old, No Replies

mysqli num rows() expects parameter 1 to be mysqli result, boolean gi

mysqli_num_rows issue

         

Steve_Berry

1:47 pm on Jan 27, 2019 (gmt 0)

5+ Year Member



What I am trying to do is once a user has entered their username and password, they will be directed to another pager (index.php), otherwise it stays on l the login page. However, when I enter in test username and password I get an error message -- Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in C:\xampp\htdocs\MyCMS\admin\login.php on line 13.

the php code is:

<?php
# start session
session_start();

# databaase connection
include('config/setup.php');

if($_POST) {

$q = "SELECT * FROM users WHERE user-email = '$_POST[email]' AND password = SHA1('$_POST[password]')";
$r = mysqli_query($dbc, $q);

if(mysqli_num_rows($r) == 1) {

$_SERVER['username'] = $_POST['email'];

header('Location: index.php');
}
}
?>

The HTML code (form):

<form role="form" action="login.php" method="post">
<div class="form-group">
<label for="Email">Email address</label>
<input type="email" class="form-control" id="Email" name="email" placeholder="Email">
</div>

<div class="form-group">
<label for="Password">Password</label>
<input type="password" class="form-control" id="Password" name="password" placeholder="Password">
</div>

<button type="submit" class="btn btn-default">Submit</button>
</form>
The sql table headers:

id first-name last-name user-email password

I placed a test code (php) to see if username and password are sent. The code:

<?php
if($_POST) {
echo $_POST['email'];
echo '<br>';
echo $_POST['password'];
}
?>
This works - in that is echos to the screen.

What is causing the error.

Thanks in advance

phranque

10:52 pm on Jan 27, 2019 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



you should do some error checking and reporting that on the mysqli_query result.

whitespace

11:34 pm on Jan 27, 2019 (gmt 0)

10+ Year Member Top Contributors Of The Month



What is causing the error.


Work backwards from the error...

A boolean is being passed to the mysqli_num_rows() function instead of the expected mysqli_result object. (This is stated in the warning message.)

Which means that the value returned from the preceding mysqli_query() function is returning a boolean. mysqli_query() will return (bool)False on error (as phranque suggests, you need to validate the response).

It looks like the hyphen in your DB column names is probably the problem. Try surrounding these in backticks when building your SQL statement.

You also need to validate your user inputs (and preferably use SQL prepared statements) as your code is currently vulnerable to SQL injection attacks, and salt your password hashes, etc.

Steve_Berry

10:42 am on Jan 28, 2019 (gmt 0)

5+ Year Member



Thanks. I will take your advice and see what happens.

Steve_Berry

11:16 am on Jan 30, 2019 (gmt 0)

5+ Year Member



Just to let you know I tried the back tick option on both the users and useremail (at different times) but the form redirected back to itself (i.e. back to login). I did some research and found some help with a different login method. My form now directs to the page I intended.

The following is the code I adapted and may not be the best method, but at the moment, it works.

The code: 

if (isset($_POST['email'])) {

$username = stripslashes($_REQUEST['email']); // remve backslashes

$username = mysqli_real_escape_string($dbc, $username); // removes special characters

$password = stripslashes($_REQUEST['password']);

$password = mysqli_real_escape_string($dbc, $password);

$q = "SELECT * FROM `users` WHERE useremail = '$_POST[email]' AND password = SHA1('$_POST[password]')";

$r = mysqli_query($dbc, $q) or die(mysql_error());

$rows = mysqli_num_rows($r);

if($rows === 1) {

$_SESSION['username'] = $username;

header('Location: index.php');
   }
}

whitespace

12:00 pm on Jan 30, 2019 (gmt 0)

10+ Year Member Top Contributors Of The Month



You seem to have removed the hyphen completely from your DB column names? (This is a good thing.)

However, whilst you've created two new variables $username and $password, which you have sanitised. You've not actually used these in your SQL query (which kinda defeats the point)?

phranque

12:18 pm on Jan 30, 2019 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



btw welcome to WebmasterWorld [webmasterworld.com], Steve_Berry!
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 6:34 pm Apr 27, 2026