/    Sign up×
Community /Pin to ProfileBookmark

mysqli frustration mysqli_fetch_assoc

Copy linkTweet thisAlerts:
Feb 20.2018

I have been struggling with this all morning, perhaps someone help me with this.

[code=php]
if (isset($_GET[‘confirmPlayer’]) === true) {
$name = $_POST[‘name’];
$pass = $_POST[‘pass’];
$result = mysqli_query($link, ‘SELECT * FROM player WHERE name = ‘.$name.’ & pass = ‘.$pass.”);

$row = mysqli_fetch_assoc($result);
print_r($row);
if ($row === true) {
echo ‘true’;
} else{
echo ‘false’;
}
}
[/code]

more specifically line 60

[code=php]
$row = mysqli_fetch_assoc($result);
[/code]
[QUOTE]

<b>Warning</b>: mysqli_fetch_assoc() expects parameter 1 to be mysqli_result, boolean given in <b>C:xampphtdocsmessenger.php</b> on line <b>60</b><br />

[/QUOTE]

to post a comment
PHP

4 Comments(s)

Copy linkTweet thisAlerts:
@NogDogFeb 20.2018 — That means that the database itself was not happy with the query you sent it, so it returned an error. As a result, mysqli_query() returned a Boolean false instead of a mysqli_result object. Therefore, you need to add some debugging in order to figure out what went wrong, e.g.:
[code=php]
if($result == false) {
error_log(mysqli_error($link);
die("DB error, data logged");
}
[/code]
My guess is that you'll find out it's a quoting problem. Also, you should escape any values being injected into your query:
[code=php]
$sql = "SELECT * FROM player WHERE name = '" . mysqli_real_escape_string($name) . "'";
$result = mysqli_query($link, $sql);
if($result == false) {
error_log(mysqli_error($link)."n$sql");
die("DB query failed, error logged!");
}
[/code]
My preferred approach would be to use prepared statements with bound parameters, removing the need to do the escape-string stuff (using object-oriented syntax): http://php.net/manual/en/mysqli.prepare.php

_
Copy linkTweet thisAlerts:
@rootFeb 21.2018 — Looking at this [B]if (isset($_GET['confirmPlayer']) === true) [/B] it appears that you are testing if a value is set, because of the function chosen, its output is a boolean value,. so you only need [B]if( isset( $_GET['confirmPlayer'] ) ) [/B], no had you wanted to test if [b]$_GET['confirmPlayer'][/b] was true, then this would fail because it only tests if the variable is present but not its value, so if you are testing the value, you would need to [B]if (isset($_GET['confirmPlayer']) and $_GET['confirmPlayer']===true){[/B] I prefer this approach as it is meant to be a filter pass thru for setting a test condition like [code=php] $confirmPlayer = isset($_GET['confirmPlayer']) ? filter_var( $_GET['confirmPlayer'], FILTER_SANITIZE_STRING ) : false;[/code] which now means that whatever happens, [b]$confirmPlayer[/b] will have a value or a boolean and seeing as a value (result) is seen a a boolean true, so if it returned 1 or 2 or any value, the result is seen as a true.

So filtering the result is better, filter_var will look at the string, if it has anything unusual about it like it is not a string, then the output from that function is a false, otherwise the output value is returned.

for example
[code=php]$confirmPlayer = isset($_GET['confirmPlayer']) ? filter_var( $_GET['confirmPlayer'], FILTER_SANITIZE_STRING ) : false;
$name = $confirmPlayer ? filter_var( $_POST['name'], FILTER_SANITIZE_STRING) : false;
$pass = $confirmPlayer ? filter_var( $_POST['pass'], FILTER_SANITIZE_STRING) : false;

// assumes you are not just testing if the value is set but has a value of true or casts as a true value
if ( $confirmPlayer === true and $name and $pass ) {
$qryString = sprintf("SELECT * FROM player WHERE name='%s' AND pass='%s' LIMIT 1;",$name,$pass );
$result = mysqli_query($link,$qryString);

echo "Results : " . mysqli_num_rows($result) ;
}
[/code]

should be more than ample for testing if the desired results are found, namely if a result is found, the user exists, no need to do what most people do and test the name and the password because thats what the database just did, so why do it all again, your 1 result verifies that the user exists, if they didn't, then zero results are returned.
Copy linkTweet thisAlerts:
@ginerjmFeb 21.2018 — Seems like an odd thing to be looking for $_GET inputs as well as $_POST ones....
Copy linkTweet thisAlerts:
@rootFeb 21.2018 — Yep, people see this URL thing and want to pass a control via that method like [B]domain.tld/index.php?action=post [/B]when the action is a post... go figure.
×

Success!

Help @budzilla spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 6.17,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @nearjob,
tipped: article
amount: 1000 SATS,

tipper: @meenaratha,
tipped: article
amount: 1000 SATS,

tipper: @meenaratha,
tipped: article
amount: 1000 SATS,
)...