I have a login php file giving me this error "mysqli_stmt_close() expects parameter 1 to be mysqli_stmt, boolean"

Question

I have a login page for a website that is connected to a MySQL database but I'm getting an error when I try to log in to the website. I am also using xampp. The error says "Warning: mysqli_stmt_close() expects parameter 1 to be mysqli_stmt, boolean given in C:\xamppp**********\login.php on line 86".

This feature is supposed to let you log in based on the username and password in the database it's connected to. I've tried moving the "mysqli_stmt_close($stmt);" statement into different places, commenting it out, and playing around with the syntax.

if(empty($username_err) && empty($password_err)){
    // Prepare a select statement
    $sql = "SELECT id, username, [password] FROM users WHERE username = ?";

    if($stmt = mysqli_prepare($link, $sql)){
        // Bind variables to the prepared statement as parameters
        mysqli_stmt_bind_param($stmt, "s", $param_username);

        // Set parameters
        $param_username = $username;

        // Attempt to execute the prepared statement
        if(mysqli_stmt_execute($stmt)){
            // Store result
            mysqli_stmt_store_result($stmt);

            // Check if username exists, if yes then verify password
            if(mysqli_stmt_num_rows($stmt) == 1){                    
                // Bind result variables
                mysqli_stmt_bind_result($stmt, $id, $username, $hashed_password);
                if(mysqli_stmt_fetch($stmt)){
                    if(password_verify($password, $hashed_password)){
                        // Password is correct, so start a new session
                        session_start();

                        // Store data in session variables
                        $_SESSION["loggedin"] = true;
                        $_SESSION["id"] = $id;
                        $_SESSION["username"] = $username;                            

                        // Redirect user to welcome page
                        header("location: welcome.php");
                    } else{
                        // Display an error message if password is not valid
                        $password_err = "The password you entered was not valid.";
                    }
                }
            } else{
                // Display an error message if username doesn't exist
                $username_err = "No account found with that username.";
            }
        } else{
            echo "Sorry, Please try again.";
        }

   }
  \*this is the line that is giving me the error    *\   
  mysqli_stmt_close($stmt);

}

mysqli_close($link);

I'm hoping for the login function to work and bring the user to the welcome page

Answer 1

The function mysqli_prepare can return a boolean FALSE instead of a statement object when an error occurs.

Analysing your statement I can see there's probably an error with the brackets wrapping password in your select statement.

$sql = "SELECT id, username, [password] FROM users WHERE username = ?";

-----------------------------^ this bracket might be causing an error

Try to execute your query directly in your MySQL terminal to see if it runs properly.

Also, I would recommend you to check in your code if your $stmt variable is a boolean or an object before calling mysqli_stmt_close($stmt) as this would avoid this function to be called when an error has occurred with the query.

Answer 2

mysqli_prepare() returns FALSE on error instead of a statement object. That would be the boolean mysteriously appearing in your $stmt variable.

You should add some error checking to see what went wrong.

Your initial assignment will evaluate to false in the if statement on failure, so your error check can go in the else block. Your close call should only be on the success path.

if ($stmt = mysqli_prepare($link, $sql)) {
    // do query things
    mysqli_stmt_close($stmt);
} else {
    printf("MySQL Error: %s", mysqli_error($link));
}