0

I have an "Empty Database" of users.

The first thing I want to do with my code if check if user id exist, before creating them an user ID.

I am getting following error: Trying to get property 'num_rows' of non-object

I have taken my query and submitted it on mysql and return nothing.

My HTML submit form:

<form action="index.php" method="post" autocomplete="off">
<input type="text" name="username" placeholder="Username" />
<input type="password" name="password" placeholder="Password" />
<input type="submit" value="Login" />
</form>

I am testing if user name exist.

$query=("SELECT count(*) FROM users WHERE user_name = ?,[$username]");
$result = mysqli_query($conn, $query);

if ($result)
    {
        $result = mysqli_fetch_all($result,MYSQLI_ASSOC);
        return $result;
    } else {
        return mysqli_affected_rows($conn);
    }

After the test, it will submit my query to create user account.

Improve this question
4
  • Possible duplicate of check if row exists with mysql Commented Feb 5, 2019 at 3:32
  • Can you add code where you are fetching num_rows as an object and getting this error: Trying to get property 'num_rows' of non-object Commented Feb 5, 2019 at 3:42
  • 1
    That query is not valid syntax. Commented Feb 5, 2019 at 3:47
  • WARNING: Writing your own access control layer is not easy and there are many opportunities to get it severely wrong. Please, do not write your own authentication system when any modern development framework like Laravel comes with a robust authentication system built-in. At the absolute least follow recommended security best practices and never store passwords as plain-text or a weak hash like SHA1 or MD5. Commented Feb 5, 2019 at 3:51

1 Answer 1

Reset to default
1

Re-written to use the correct syntax it looks like this:

$stmt = $conn->prepare("SELECT count(*) FROM users WHERE user_name = ?");
$stmt->bind_param('s', $username);

$result = $stmt->execute();

if ($result)
{
    return $result->fetch_assoc();
} else {
    return $conn->num_rows;
}

That being said, hopefully this is an academic exercise because writing your own login system for production use is extremely dangerous. Use a framework with a built-in security layer as an application foundation.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

I assume you are saying this because people use old guides which show really outdated code and/or do not follow the procedure that is required to make your login safe (prone to sql injection etc..)? If not I would be really interested if you happen do have some information about why building your own login system is extremely dangerous.
@Chris I'm saying this because the number of threats today is way higher because there's automated tools to probe and exploit sites that can be used by unsophisticated attackers. A lot of this code floating about dates from the 1990s when the threats were far fewer and less sophisticated. The number of threats you have to defend against is huge, doing that all yourself is basically impossible. Using a pre-existing, tested and supported authentication system is critical.
@Chris If you use a popular system (e.g. Laravel) then the chance that your site is the first to fall to a new vulnerability is very low, you have safety in numbers. In most cases you'll get notified about a CVE and have time to patch before you're a target. This is not the case with your self-built system where you are the first and only target for any attacks. You only find out after you've been compromised.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.