If the query fails then the result from
mysqli_query
is a boolean (
false
). So first investigate if the query has failed, and if it hasn't, then check the number of rows. Consider the following example
...
if ($qr = mysqli_query($connection,$sql)) {
$result = mysqli_num_rows($qr);
...
One likely reason for your query to fail is that you concatenate values directly to the SQL statement. This leaves you open to SQL injection and introduces different kinds of problems, see
SQL injection - Wikipedia[
^]
So try using parameters instead, for more information, see
PHP: mysqli::prepare - Manual[
^]
One more observation, you seem to store the password as plain text. This should never be done. To properly handle passwords, see
Password Storage: How to do it.[
^]