-2

When I run my PHP code, it gives me the following error:

Warning: mysqli_query() expects parameter 1 to be mysqli, boolean given

What is causing this?

Here is the code in which the query is executed: 

class accounts {


public function check_login($a,$b)
{
      $conn = mysqli_connect("localhost", "username", "pw", "dbname");

 $result = mysqli_query($conn, "select * from members WHERE username='$a' and password='$b'");
    if (mysqli_num_rows($result) == 0) {

        $arr = array("message" => "fail");


    } else {

       $row=mysqli_fetch_assoc($result);
       $arr=array("message"=>"success");


    }
    return $arr;

   }
   }



  ?>

and here is the code that calls that function:

if (isset($_POST['Login'])){
$ra=$obj->check_login($_POST['myusername'],$_POST['mypassword']);
if ($ra['message']=="success") {
     $_SESSION['x']=$ra['myusername'];
    $_SESSION['y']=$ra['mypassword'];
    header("location:index.php");
    } else {
            echo "<center><font color='red'><b>Wrong Username or     Password</center></font></b>";

Any help would be very much appreciated.

a_horse_with_no_name
  • 497,550
  • 91
  • 775
  • 843
Acros Khan
  • 7
  • 6

1 Answers1

0

Problem

The mysqli_num_rows function only works when you have a valid results set. Since it's telling you that you've passed it a boolean instead, the means that there must be something wrong with what's in the $result variable.

mysqli_query will return false if there is an error in your SQL query. I've read over your query, and you don't seem to have any major syntactical errors, so the problem is probably with the spelling of one of the column or table names.

Solution

To see what the problem is, change

$result = mysqli_query($conn, "select * from members WHERE username='$a' and password='$b'");

to 

$result = mysqli_query($conn, "select * from members WHERE username='$a' and password='$b'") or die(mysqli_error($conn));

This will echo out the MySQL error onto the page, so that you can debug your query.

Once you adjust your query to be correct, you will no longer get this error.

SQL Injection

You need to sanitise any input that you're putting into a query, otherwise you leave yourself open to a major security exploit. Read more about SQL injection and what you can do about it: http://php.net/manual/en/security.database.sql-injection.php

Toastrackenigma
  • 6,303
  • 4
  • 39
  • 52
  • thanks alot but when i add the code and try to login it says another problem Warning: Cannot modify header information - headers already sent by (output started at /home/localhost/login.php at line 18 which is $_SESSION['x']=$myusername; – Acros Khan May 10 '17 at 19:47
  • That should be easy to fix - just make sure that you have no content on the page before you use the `header` function - this article may be useful http://stackoverflow.com/questions/8028957/how-to-fix-headers-already-sent-error-in-php – Toastrackenigma May 10 '17 at 19:49
  • If my answer solved your original question (or if you found it helpful), please don't hesitate to mark it as accepted (by clicking the tick button) or upvote it (by clicking the up arrow) by the side of this post. – Toastrackenigma May 10 '17 at 19:51