问题
I have a POST php script that I'm wanting to check if the POST data already exists in the database and if it does, throw error message, if it doesn't add it to database and give success message.
It adds successfully but if I try and add a name that already exists, it gives error:
Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, string given in
and adds the new data anyways.
Code:
<?php // _POST Add Major Category
if(isset($_POST['AddMajorCat']))
{
// Declare _POST Variables
$POSTNewMajorCatName = $_POST['MajorCatName'];
// Check if name exists in database
include_once('connection.php'); // db connection
$query = "SELECT *
FROM DowntimeCategoriesMain
WHERE DowntimeCategoriesMain.maincategory = '$POSTNewMajorCatName'";
$response = mysqli_query($db, $query); // Send Statement
$NumRows = mysqli_num_rows($query); // Count number of rows
if ($NumRows != 0) {
$messageSendTitle = "Uh-oh!";
$messageSend = "Major Downtime Category " . $POSTNewMajorCatName ." already exists. Unable to add Category.";
$messageSendType = "error";
}
else { // If name doesn't exist in database, add
include_once('connection.php'); // db connection
$query = "INSERT INTO DowntimeCategoriesMain (maincategory)
VALUES ('$POSTNewMajorCatName')";
$response = mysqli_query($db, $query); // Send Statement
if ($response) { // Successful
$messageSendTitle = "Success!";
$messageSend = "Major Category " . $POSTMajorCatName . " was added. ";
$messageSendType = "success";
}
else { // Unsuccessful
$messageSendTitle = "Uh-oh!";
$messageSend = "There seems to be a problem. MySQL Error: " . mysqli_error($db);
$messageSendType = "error";
}
} // else statement
} // If _POST is set statement
?>
I have tried exchanging mysqli_num_rows($query); for $query->num_rows; and it no longer shows error, but still adds the data.
回答1:
Did you actually read the error message? It tells you exactly what is wrong. $query is a string, and it wants a mysqli_result, which is $response in your case:
$response = mysqli_query($db, $query);
$NumRows = mysqli_num_rows($response);
回答2:
The error message gives you a hint as to what the problem is. mysqli_num_rows expects a resource as an argument. You are giving it your $query variable which is a string. The resource that you want to provide to mysqli_num_rows is in your $response variable. So what you want is something like this: $NumRows = mysqli_num_rows($response);
Also, by concatenating the $POSTNewMajorCatName variable into your query string directly, you are opening yourself up to SQL injection attacks. You can prevent this by using a prepared statement. The mysqli_prepare function is what you would use for this. You can review the documentation here mysqli_prepare
回答3:
You passed the $query as argument of mysqli_num_rows(), which in turn is a string based on your code. You must pass $response:
$NumRows = mysqli_num_rows($response);
来源:https://stackoverflow.com/questions/39855933/mysqli-num-rows-not-working-correctly