Mysqli_fetch_row() expects parameter 1 to be mysqli_result, bool given in C:\xampp\htdocs

Estoy realizando una pagina de administrador donde se editan los datos de los usuarios de una tabla llamada login , pero me indica que tengo un error y no se como solventarlo , agradecería su ayuda

English translation: I am making an administrator page where the user data of a table called login is edited, but it tells me that I have an error and I do not know how to solve it, I would appreciate your help

<h2> Administración de usuarios registrados</h2>	
		<div class="well well-small">
		<hr class="soft"/>
		<h4>Edición de usuarios</h4>
		<div class="row-fluid">

		$sql="SELECT * FROM login WHERE id=$id";
				while ($row=mysqli_fetch_row ($ressql)){



		<form action="ejecutaactualizar.php" method="post">
				Id<br><input type="text" name="id" value= "<?php echo $id ?>" readonly="readonly"><br>
				Usuario<br> <input type="text" name="usuario" value="<?php echo $usuario?>"><br>
				Contraseña<br> <input type="text" name="pass" value="<?php echo $pass?>"><br>
				rol<br> <input type="text" name="rol" value="<?php echo $rol?>"><br>
				<input type="submit" value="Guardar" class="btn btn-success btn-primary">



Please post your questions in English and use bbcode [code][/code] tags or three markdown back-ticks ``` before/after your code so that it will be formatted as code by the forum software. I have edited your post above with these.

If you are just starting out, forget about using the overly complicated and inconsistent mysqli extension. Instead, use the much simpler PDO extension.

As to the error. It is because the sql query failed with an error, but you don’t have any error handling to tell you if and why the query failed. You ALWAYS need error handling for statements that can fail. For database statements that can fail - connection, query, prepare, and execute, the simplest way of adding error handling, without adding code at each statement, is to use exceptions for errors and in most cases simply let php catch and handle the exception, where php will use its error related settings to control what happens with the actual error information (database statement errors will ‘automatically’ get displayed/logged the same as php errors.)

To enable exceptions for errors for the mysqli extension, add the following line of code before the point where you make the database connection -


As to the posted code -

  1. Don’t use extract() as this will allow hackers to set any of your program variables to any value they want. If you expect a $_GET input, write code using the specific input.
  2. Trim, then validate all inputs before using them. If there isn’t a $_GET[‘id’] input or is it empty, that’s an error and your code should not try to use a non-existent input.
  3. The php ‘business logic’ that knows how to query and retrieve data should be above the start of the html document. This will make it easier to design, write, test, debug, and maintain your code.
  4. You should list out the columns you are selecting. This will help reduce mistakes, insure that you are only selecting the data you want, makes your code self-documenting, and prevents changes in the table structure from causing errors when you fetch data using numerical indexes (which should be avoided.)
  5. Don’t put external, unknown, dynamic values directly into an sql query statement. Use a prepared query instead. This where the PDO extension comes in handy. With the mysqli extension, the prepared and non-prepared query programming is completely different, requiring you to learn two different sets of statements. With the PDO extension, a prepared and non-prepared query is the same.
  6. Don’t use a loop to fetch data from a query that will match at most one row of data. Directly fetch the row of data.
  7. You should almost always fetch data as an associate array. This reduces errors and makes it easy for anyone reading the code to see what it is trying to do.
  8. Don’t copy variables to other variables for nothing. This is just a waste of typing. Just use the original variables.
  9. When you output dynamic values onto a web page (the form field values), apply htmlentities to them to help prevent cross site scripting.
  10. To get a form to submit to the same page it is on, which is what you should be doing in this case, leave out the entire action=’…’ attribute.

Some additional points -

The stored password should be hashed using php’s password_hash() function. You would then not be able to populate the form field with the existing value. If an administrator has entered a new password, you would hash it and include the new value in the UPDATE query. If a new password has not been entered, you would not include the password column in the UPDATE query.

If the rol value is one of a specific list of values, you should use either a select/option menu or radio buttons for its selection, rather than requiring the value to be typed.

Sponsor our Newsletter | Privacy Policy | Terms of Service