I'm trying to re-write some mysqli queries as prepared statements (my first attempt at this). The first two commented lines are the old query that worked just fine. The remainder is my attempt to write a prepared statement:
//$sql = "SELECT hashed_password FROM Administrators WHERE user_name='$username'";
//$result = mysqli_query($link, $sql);
//switch to prepared statement
$stmt = mysqli_stmt_init($link);
$result = false;
if (mysqli_stmt_prepare($stmt,
'SELECT hashed_password FROM Administrators WHERE user_name=?'))
{
/* bind parameters for markers */
mysqli_stmt_bind_param($stmt, "s", $username);
/* execute query */
$result = mysqli_stmt_execute($stmt);
/* close statement */
//mysqli_stmt_close($stmt);
}
if (!$result) {
mysqli_close($link);
die("Error running query " . mysqli_error($link));
}
if (mysqli_num_rows($result) == 0) {
mysqli_close($link);
echo "No such user";
die();
}
The error occurs is revealed in the last line, but obviously traces back to one of the earlier lines.
Can somebody tell me what I am doing wrong? I took this directly from the PHP docs, but I'm missing something, obviously. Thank you!
EDIT: Thanks to people who pointed out that I forgot to assign the return value from the query. I've incorporated those comments and modified my code. However, I'm still not able to successfully run the query. Now I get this error:
Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in /home/content/07/11347607/html/RevRunning/scripts/administration/login.php on line 53
No such user
Trust me, the user that I've entered in the UI does exist, so something is still wrong with my code. Thanks again for any help.
