num_rows not working in Object Oriented method

Question

I'm a beginner in php & mysql. The num_rows is not working in the below basic example. The whole script is inspired by the example in w3schools. w3schools example.

the browser shows an error message as follows.

Notice: Trying to get property of non-object in C:\wamp\www\test3\index.php on line 17

code

<?php
require 'connect.inc.php';
require 'core.inc.php';

//check username & password is set.

if(isset($_POST['username']) && isset($_POST['psw'])) 
{
    $username = $_POST['username'];
    $password = $_POST['psw'];
    $pass_md5 = md5($password);
    if(!empty($username) && !empty($password))
    {
        $queryy = "SELECT ID FROM user WHERE email= $username AND password= $pass_md5";
        $result = $conn->query($queryy);

        echo $result->num_rows; //<---------------NOT WORKING..! -----<<
    }
    else echo "incorrect username-password combination";
}
?>

<html>
<form action="<?php echo $current_file ?>" method="POST">
    User name: <input type="text" name="username">
    password: <input type="password" name="psw">
    <input type="submit" value="Login"><br>
</form>
<html>

where connect.inc.php has some simple codes to connect to localhost and database. it's as follows:

<?php
//this sript connects to DB->mytest.

$servername="localhost";
$username="root";
$password="";
$dbname="mytest";

//create connection
@$conn=new mysqli($servername, $username, $password, $dbname);

//check connection
if($conn->connect_error)
{
    die("connection faild");
}
?>

and, core.inc.php is returns the current file location. it's as follows:

<?php
$current_file = $_SERVER['SCRIPT_NAME'];
?>

please help..

That's because you're not treating your query's variables as strings, which is part of the problem. Here http://php.net/manual/en/mysqli.error.php use that. — Funk Forty Niner, Mar 03 '15 at 15:52
Move `//<---------------NOT WORKING..! -----<<` next to `$queryy = "SELECT ID FROM user WHERE email= $username AND password= $pass_md5";` in your question. That's where the ***real*** problem is. Using MD5, *tsk tsk*. So old and unsafe. I hope you're not planning on going LIVE with this. — Funk Forty Niner, Mar 03 '15 at 15:58
I ***strongly*** suggest you read [@deceze](http://stackoverflow.com/users/476/deceze)'s excellent blog article [The Great Escapism (Or: What You Need To Know To Work With Text Within Text)](http://kunststube.net/escapism/). — eggyal, Mar 03 '15 at 16:01

score 3 · Accepted Answer · answered Mar 03 '15 at 15:59

The problem is that you're not quoting the strings in your query:

$queryy = "SELECT ID FROM user WHERE email= '$username' AND password= '$pass_md5'";

However, it would be best to use a prepared query and bind_param instead of substituting variables.

$queryy = "SELECT ID FROM user where email = ? AND password = ?";
$stmt = $conn->prepare($queryy);
$stmt->bind_param("ss", $username, $pass_md5);
$stmt->execute();
$stmt->store_result();
echo $stmt->num_rows;

Maybe a quick mention about MD5? ;-) – Funk Forty Niner Mar 03 '15 at 16:00 — Funk Forty Niner, Mar 03 '15 at 16:00

Timo Schwarzer · Answer 2 · 2015-03-03T15:57:52.843

0

It looks like your $conn is not properly connected to your database or it doesn't have the required permissions to run a/the query. Or your query is invalid.

Edit: Your query is missing ':

$queryy = "SELECT ID FROM user WHERE email= '$username' AND password= '$pass_md5'"

edited Mar 03 '15 at 15:57

answered Mar 03 '15 at 15:52

Timo Schwarzer

399
4
17

`$row_cnt = $result->num_rows;` is valid. http://php.net/manual/en/mysqli-result.num-rows.php – Funk Forty Niner Mar 03 '15 at 15:54
Edited my answer. Sorry... I was elsewhere... :D – Timo Schwarzer Mar 03 '15 at 15:56
*"It looks like your $conn is not properly connected to your database"* - Seems fine to me. Other than the fact they're using `@` symbols which is an error suppressor, the connection should work if there are no errors. – Funk Forty Niner Mar 03 '15 at 16:05

num_rows not working in Object Oriented method

code

2 Answers2