PHP MySQL return row count

Any idea why this code fails with a "Call to a member function fetch_assoc() on a non-object" error message instead of echoing 'Found'?

There is one row that meet this requirement.

<?php
	include 'Stuff necessary to connect to DB.php';

	$query = "select * from orders where customerID = " . $_GET["companyID"] . " and orderID = '" . $_GET["orderID"] . "'";
	$objConnection = new mysqli(connection stuff);
	$result=mysqli_query($objConnection,$query);

	while($row = $result->fetch_assoc()){
		echo "Found";
	}

	mysqli_close($objConnection);
?>

Open in new window


I'm trying to an .ajax "found" or "not found" reply to see if a customer is about to generate an order ID that already exists.
Sheldon LivingstonConsultantAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ray PaseurCommented:
The query failed.  You have to test the return values from these functions.  This article shows how to do it.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/PHP_Databases/A_11177-PHP-MySQL-Deprecated-as-of-PHP-5-5-0.html

In addition it looks like the script is using unfiltered external data in the query string -- that's a big security risk!
0
Ray PaseurCommented:
This might be a little closer to what you want.  Note that it is untested pidgin code - I do not have your database.  Please read it over (along with the article posted above) and post back if you still have questions.
<?php

// ALWAYS RAISE ERROR REPORTING TO THE HIGHEST POSSIBLE LEVEL
error_reporting(E_ALL);

	include 'Stuff necessary to connect to DB.php';

// CONNECT AND TEST BEFORE USING OTHER RELATED FUNCTIONS
$objConnection = new mysqli(connection stuff);
if (!$objConnection) trigger_error('CONNECT FAIL', E_USER_ERROR);

// SECURE YOUR QUERY VARIABLES!
$c = mysqli_real_escape_string($_GET["companyID"]);
$o = mysqli_real_escape_string($_GET["orderID"]);

// CONSTRUCT THE QUERY USING THE SAFE VARIABLES
$query = "SELECT * FROM orders WHERE customerID = '$c' AND orderID = '$o'"; // MAYBE ADD LIMIT? ORDER BY? GROUP BY?
	
	$result=mysqli_query($objConnection,$query);

// TEST TO SEE IF THE QUERY WORKED OR FAILED
if (!$result) trigger_error('QUERY FAIL', E_USER_ERROR);


// NOW IT IS SAFE TO USE THE RESULTS SET
	while($row = $result->fetch_assoc()){
		echo "Found";
	}

// NOTHING BELOW THIS LINE BELONGS IN THIS SCRIPT
	mysqli_close($objConnection);
?>

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Sheldon LivingstonConsultantAuthor Commented:
The issue was that my query accounted for ' but SQL statement did as well.  Thus I was looking for ''a'' instead of 'a'.

Thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.