1
\$\begingroup\$

I want to know if it is okay/safe to use a prepared statement and mysqli_num_rows like this:

public function getUnreadNumber() {
 $userLoggedIn = $this->user_obj->getUsername();
 // get_result for * and bind for select columns
 // bind_result Doesn't work with SQL query that use *
 $query = $this->con->prepare('SELECT * FROM notifications WHERE viewed="0" AND user_to = ? ');
 $query->bind_param("s", $userLoggedIn);
 $query->execute();
 $query_result = $query->get_result();
 return mysqli_num_rows($query_result);
}

Or should I do this?

$query = $this->con->prepare('SELECT * FROM notifications WHERE viewed="0" AND user_to = ? ');
$query->bind_param("s", $userLoggedIn);
$query->execute();
$query_result = $query->get_result();
$numRows = $query_result->num_rows;
return $numRows;
mickmackusa
8,8021 gold badge17 silver badges31 bronze badges
asked Jul 15, 2020 at 17:26
\$\endgroup\$
9
  • \$\begingroup\$ So is it ok if I use this with a prepared statement ? return mysqli_num_rows($query_result) \$\endgroup\$ Commented Jul 15, 2020 at 19:11
  • \$\begingroup\$ nusphere.com/kb/phpmanual/function.mysqli-num-rows.htm \$\endgroup\$ Commented Jul 15, 2020 at 19:26
  • 1
    \$\begingroup\$ That hasn't been updated since 06 \$\endgroup\$ Commented Jul 15, 2020 at 19:40
  • 2
    \$\begingroup\$ What are the possible values returned by this->user_obj->getUsername()?? \$\endgroup\$ Commented Jul 16, 2020 at 5:34
  • 2
    \$\begingroup\$ (If you are not ready to value feedback and criticism for any aspect of the code posted, your question is off-topic.) \$\endgroup\$ Commented Jul 16, 2020 at 11:11

2 Answers 2

8
\$\begingroup\$

You should definitely not be mixing procedural and object-oriented syntax.

Although it works with un-mixed syntax, the process is working harder than it needs to and delivering more result set data than you intend to use.

I would add COUNT(1) or COUNT(*) to the sql like this:

$sql = "SELECT COUNT(1) FROM notifications WHERE viewed='0' AND user_to = ?";
$query = $this->con->prepare($sql);
$query->bind_param("s", $userLoggedIn);
$query->execute();
$query->bind_result($count);
$query->fetch();
return $count;

Assuming the sql is not broken due to syntax errors, this will always return a number.

Your Common Sense
9,1231 gold badge22 silver badges51 bronze badges
answered Jul 15, 2020 at 23:20
\$\endgroup\$
0
3
\$\begingroup\$

@mickmackusa is correct, you should never ever use num_rows to count the rows in the database, it could kill your database server. This function is rather useless for any other use case too.

Besides, always follow the rule of thumb: make a database to do the job. If you need tell a database to give you the count.

As a code improvement, let me suggest you a mysqli helper function I wrote to put all the prepare/bind/execute business under the hood

public function getUnreadNumber()
{
 $userLoggedIn = $this->user_obj->getUsername();
 $sql = "SELECT COUNT(1) FROM notifications WHERE viewed='0' AND user_to = ?";
 return prepared_query($this->con, $sql, $userLoggedIn)->get_result()->fetch_row()[0];
}
answered Jul 16, 2020 at 7:15
\$\endgroup\$
1
  • \$\begingroup\$ If you need a count tell a database to give you the count.? \$\endgroup\$ Commented Jul 17, 2020 at 17:41

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.