如何获取 SQL 选择查询返回的行数？

Question

I would like to get the number of lines returned by a select query in PHP. I have the following code:

$connection = new mysqli($server_name, $server_login, $server_password, $dbName);

if (!$connection) {
    echo "error";
    die("Connection failed. ".mysqli_connect_error())
}

//...

$command = "SELECT player_id FROM Player WHERE player_login = '" . $login."' AND player_password= '".$password."' ";

$result = mysqli_query($connection, $command);
echo num_rows($result);

I also tried with mysqli_stmt_num_rows() and mysqli_num_rows() but my result is always null (no result actually).

Do you know why?

Answer 1

There are a few ways to get the number of rows returned, the most common ones are to run COUNT(*) in MySQL, but there's also mysqli_num_rows($result) (not num_rows() like you used, unless you created that function yourself). mysqli_stmt_num_rows() will only work when you're using prepare() instead of query() .

In ordre to use COUNT(*) you have to run and fetch the query first, while mysqli_num_rows() is a constant returned by the MySQLiResult object, which you can use if the query didn't fail.

I modified the piece of code you've got to check if the query actually succeeded, mysqli_num_rows() won't work if the query failed.

$command = "SELECT player_id FROM Player WHERE player_login = '" . $login."' AND player_password= '".$password."' ";

if ($result = mysqli_query($connection, $command)) {
    echo mysqli_num_rows($result);
} else {
    /* Query failed */
    echo "There was an error with the query: $command";
    echo "<br />".mysqli_error($connect);
}

Or you can use COUNT(*) , but then you'll have to fetch the results first.

$command = "SELECT player_id, COUNT(*) as cnt FROM Player WHERE player_login = '" . $login."' AND player_password= '".$password."' ";

if ($result = mysqli_query($connection, $command)) {
    $row = mysqli_fetch_assoc($result);
    echo $row['cnt'];
} else {
    /* Query failed */
    echo "There was an error with the query: $command";
    echo "<br />".mysqli_error($connect);
}

---

You should also note that this query is vulnerable to SQL injection, you should learn how to use prepared statements with placeholders to protect yourself against that. The manual on prepare() is a good place to start with that.

---

You also seem to be storing passwords either in plain-text, or with poor methods (such as md5 or sha1 ). PHP offer's a built-in function, password_hash() / password_verify() which you should use. If you're below PHP version 5.5, these functions aren't native, but there's a compability pack which can be used instead.

As a final note, mixing object oriented and procedural code will technically work (as the procedural ones in reality call the object oriented ones), but it's considered bad practice. If you connect with an object, continue to use object-oriented code.

References

• http://php.net/mysqli-result.num-rows
• http://php.net/mysqli-stmt.prepare
• http://php.net/password_hash

Answer 2

$command = "SELECT count(*) as numberofrecord, player_id FROM Player WHERE player_login = '" . $login."' AND player_password= '".$password."' ";

Answer 3

Very simple solution:-

Use $result->num_rows in below way:-

if ($result = $mysqli->query("SELECT player_id FROM Player WHERE player_login = '" . $login."' AND player_password= '".$password."'")) {
  printf("Select returned %d rows.\n", $result->num_rows);
}

Reference:- http://php.net/manual/en/mysqli.query.php

Note:-

Meanwhile read prepared statement and use them to prevent your code from SQL Injection .

Also always use password hashing mechanism while storing the password (if you used plain password).