0

I'm a beginner in php & mysql. The num_rows is not working in the below basic example. The whole script is inspired by the example in w3schools. w3schools example.

the browser shows an error message as follows.

Notice: Trying to get property of non-object in C:\wamp\www\test3\index.php on line 17

code

<?php
require 'connect.inc.php';
require 'core.inc.php';

//check username & password is set.

if(isset($_POST['username']) && isset($_POST['psw'])) 
{
    $username = $_POST['username'];
    $password = $_POST['psw'];
    $pass_md5 = md5($password);
    if(!empty($username) && !empty($password))
    {
        $queryy = "SELECT ID FROM user WHERE email= $username AND password= $pass_md5";
        $result = $conn->query($queryy);

        echo $result->num_rows; //<---------------NOT WORKING..! -----<<
    }
    else echo "incorrect username-password combination";
}
?>

<html>
<form action="<?php echo $current_file ?>" method="POST">
    User name: <input type="text" name="username">
    password: <input type="password" name="psw">
    <input type="submit" value="Login"><br>
</form>
<html>

where connect.inc.php has some simple codes to connect to localhost and database. it's as follows:

<?php
//this sript connects to DB->mytest.

$servername="localhost";
$username="root";
$password="";
$dbname="mytest";

//create connection
@$conn=new mysqli($servername, $username, $password, $dbname);

//check connection
if($conn->connect_error)
{
    die("connection faild");
}
?>

and, core.inc.php is returns the current file location. it's as follows:

<?php
$current_file = $_SERVER['SCRIPT_NAME'];
?>

please help..

Improve this question
3
  • 2
    That's because you're not treating your query's variables as strings, which is part of the problem. Here php.net/manual/en/mysqli.error.php use that. Commented Mar 3, 2015 at 15:52
  • Move //<---------------NOT WORKING..! -----<< next to $queryy = "SELECT ID FROM user WHERE email= $username AND password= $pass_md5"; in your question. That's where the real problem is. Using MD5, tsk tsk. So old and unsafe. I hope you're not planning on going LIVE with this. Commented Mar 3, 2015 at 15:58
  • 1
    I strongly suggest you read @deceze's excellent blog article The Great Escapism (Or: What You Need To Know To Work With Text Within Text). Commented Mar 3, 2015 at 16:01

2 Answers 2

Reset to default
3

The problem is that you're not quoting the strings in your query:

$queryy = "SELECT ID FROM user WHERE email= '$username' AND password= '$pass_md5'";

However, it would be best to use a prepared query and bind_param instead of substituting variables.

$queryy = "SELECT ID FROM user where email = ? AND password = ?";
$stmt = $conn->prepare($queryy);
$stmt->bind_param("ss", $username, $pass_md5);
$stmt->execute();
$stmt->store_result();
echo $stmt->num_rows;
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Maybe a quick mention about MD5? ;-)
0

It looks like your $conn is not properly connected to your database or it doesn't have the required permissions to run a/the query. Or your query is invalid.

Edit: Your query is missing ':

$queryy = "SELECT ID FROM user WHERE email= '$username' AND password= '$pass_md5'"
Improve this answer

3 Comments

$row_cnt = $result->num_rows; is valid. php.net/manual/en/mysqli-result.num-rows.php
Edited my answer. Sorry... I was elsewhere... :D
"It looks like your $conn is not properly connected to your database" - Seems fine to me. Other than the fact they're using @ symbols which is an error suppressor, the connection should work if there are no errors.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.