0
function userexists($username){
    $query=$mysqli->query("SELECT username FROM accounts WHERE username='$username' AND exists=1");
    return mysqli_num_rows($query);
}

This function should be returning 1 or 0 but I can not figure out why the query is not being interpreted. What's wrong?

Edit: the error being returned by php is that $query is a boolean being fed into mysqli_num_rows, not an object.

user1755043
  • 281
  • 1
  • 13

1 Answers1

2

In your query:

SELECT username FROM accounts WHERE username='$username' AND exists=1"

exists is a MySQL keyword. If you've used it as a column name then you'll get a syntax error. You could enclose the column name in back-ticks like this:

SELECT username FROM accounts WHERE username='$username' AND `exists`=1"

It's probably safer to change the column name and your query.

Be careful of possible SQL Injection attacks. At the very least you should escape any user-supplied data with mysqli_real_escape_string($username)

  • Please at least mention the SQL injection vulnerability in your answer as well. The solution doesn't have to be prepared statements - it can be as simple as `mysqli_real_escape_string()` – jcsanyi Jul 04 '13 at 00:16
  • @jcsanyi Done, although it's not covered by the question as the OP stated it, and he indicated that he does this anyway. –  Jul 04 '13 at 00:21
  • Oops - I missed the second part of that comment from the OP. You're right - it looks like he's got it covered. It doesn't hurt to have it in the answer anyways though for anybody else that finds this question. Thanks. – jcsanyi Jul 04 '13 at 00:23