douluan5523 2017-02-09 10:40
浏览 346
已采纳

PHP - 获取sql select查询返回的行数

I would like to get the number of lines returned by a select query in PHP. I have the following code:-

$connection = new mysqli($server_name, $server_login, $server_password, $dbName);

if (!$connection) {
    echo "error";
    die("Connection failed. ".mysqli_connect_error())
}

//...

$command = "SELECT player_id FROM Player WHERE player_login = '" . $login."' AND player_password= '".$password."' ";

$result = mysqli_query($connection, $command);
echo num_rows($result);

I also tried with mysqli_stmt_num_rows() and mysqli_num_rows() but my result is always null (no result actually).

Do you know why ? Thanks.

  • 写回答

3条回答 默认 最新

  • dongpan2788 2017-02-09 10:53
    关注

    There are a few ways to get the number of rows returned, the most common ones are to run COUNT(*) in MySQL, but there's also mysqli_num_rows($result) (not num_rows() like you used, unless you created that function yourself). mysqli_stmt_num_rows() will only work when you're using prepare() instead of query().

    In ordre to use COUNT(*) you have to run and fetch the query first, while mysqli_num_rows() is a constant returned by the MySQLiResult object, which you can use if the query didn't fail.

    I modified the piece of code you've got to check if the query actually succeeded, mysqli_num_rows() won't work if the query failed.

    $command = "SELECT player_id FROM Player WHERE player_login = '" . $login."' AND player_password= '".$password."' ";

if ($result = mysqli_query($connection, $command)) {
    echo mysqli_num_rows($result);
} else {
    /* Query failed */
    echo "There was an error with the query: $command";
    echo "<br />".mysqli_error($connect);
}

    Or you can use COUNT(*), but then you'll have to fetch the results first.

    $command = "SELECT player_id, COUNT(*) as cnt FROM Player WHERE player_login = '" . $login."' AND player_password= '".$password."' ";

if ($result = mysqli_query($connection, $command)) {
    $row = mysqli_fetch_assoc($result);
    echo $row['cnt'];
} else {
    /* Query failed */
    echo "There was an error with the query: $command";
    echo "<br />".mysqli_error($connect);
}

    You should also note that this query is vulnerable to SQL injection, you should learn how to use prepared statements with placeholders to protect yourself against that. The manual on prepare() is a good place to start with that.

    You also seem to be storing passwords either in plain-text, or with poor methods (such as md5 or sha1). PHP offer's a built-in function, password_hash()/password_verify() which you should use. If you're below PHP version 5.5, these functions aren't native, but there's a compability pack which can be used instead.

    As a final note, mixing object oriented and procedural code will technically work (as the procedural ones in reality call the object oriented ones), but it's considered bad practice. If you connect with an object, continue to use object-oriented code.

    References

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 急matlab编程仿真二阶震荡系统
  • ¥20 TEC-9的数据通路实验
  • ¥15 ue5 .3之前好好的现在只要是激活关卡就会崩溃
  • ¥50 MATLAB实现圆柱体容器内球形颗粒堆积
  • ¥15 python如何将动态的多个子列表,拼接后进行集合的交集
  • ¥20 vitis-ai量化基于pytorch框架下的yolov5模型
  • ¥15 如何实现H5在QQ平台上的二次分享卡片效果?
  • ¥15 python爬取bilibili校园招聘网站
  • ¥30 求解达问题(有红包)
  • ¥15 请解包一个pak文件