Login page "mysqli_query"

Question

I am setting up a web server with sql database been watching a video on it everything looked like it was working up until this issues

<?php
function user_exists($username) {
    $username = sanitize($username);
    $con = mysqli_connect('localhost', 'root', '');
    $query = mysqli_query("SELECT COUNT (`id`) FROM users WHERE username = '$con,$username'");
    return (mysqli_result($query, 0) == 1) ? true : false;

}
?>

Recoverable fatal error:

Object of class mysqli could not be converted to string in C:\xampp\htdocs\login\core\functions\users.php on line 5

Note:- I have taken reference from this Video, but i have changed mysql_* to mysqli_* [https://www.youtube.com/watch?v=Til3oVNlho4]

dont pass $con in where clause, try mysqli_query($con,"SELECT COUNT (`id`) FROM users WHERE username = '$username'); — Sanjun Dev, May 16 '19 at 06:22

score 4 · Answer 1 · answered May 16 '19 at 05:15

A few things to note,

The connection object needs to be visible in the scope of the function. The best way of doing that, is by passing the argument into the function (avoid using global or creating a connection within the function).
mysqli_result() is not a function that exists in mysqli_. It existed only in mysql_, which is deprecated and should not be used.
When dealing with user-input or any sort of variable, its better to use a prepared statement
You can return the expression $count == 0 instead of $count == 0 ? true : false, as they are equivalent.

function user_exists($username, $conn) {
    $stmt = $conn->prepare("SELECT COUNT(id) 
                            FROM users 
                            WHERE username=?");
    $stmt->bind_param("s", $username);
    $stmt->execute();
    $stmt->bind_result($count);
    $stmt->fetch();
    $stmt->close();

    return $count == 0;

}

Now, when you're calling it, remember to pass in the $conn argument (or whatever your connection object is defined as).

$conn = mysqli_connect('localhost', 'root', 'root', 'databasename'); // Change credentials accordingly
if (user_exists($username, $conn)) {
    // User does exist!
} else {
    // User does not exist
}

this one seems to be the perfect answer among all.+1 – Alive to die - Anant May 16 '19 at 05:51 — Alive to die - Anant, May 16 '19 at 05:51

Zain Farooq · Answer 2 · 2019-05-16T05:33:43.130

You have not passed the database name in the mysqli_connect function and the connection variable is needed to be passed as the first parameter. You can remove COUNT from the query and use mysqli_num_rows to count the number of rows.

 $username = sanitize($username);
$con = mysqli_connect('localhost', 'root', '','databasename');//<- database name is required
$query = mysqli_query($con,"SELECT (`id`) FROM users WHERE username = '$username'");
return (mysqli_num_rows($query) > 0 ) ? true : false;

I suggest you to use prepared statements to prevent from sql injections

score 0 · Answer 3 · answered May 16 '19 at 04:48

use mysqli_fetch_row() function. it will fetch one row

<?php
function user_exists($username) {
    $username = sanitize($username);
    $con = mysqli_connect('localhost', 'root', '');
    $query = mysqli_query($con,"SELECT COUNT (`id`) FROM users WHERE username = '$username'");
    $result = mysqli_fetch_row($query);  
    return ($result[0] == 1) ? true : false;
}
?>

Login page "mysqli_query"

3 Answers3