Help Converting Old Code - $this-> 1

[evil1966]

I need to convert this function that is currently not returning data to mysqli

	function get_user_info() {
		$sql_info = sprintf("SELECT real_name, extra_info, email, id FROM %s WHERE login = '%s' AND pw = '%s'", $this->table_name, $this->user, md5($this->user_pw));
		$res_info = mysql_query($sql_info);
		$this->id = mysql_result($res_info, 0, "id");
		$this->user_full_name = mysql_result($res_info, 0, "real_name");
		$this->user_info = mysql_result($res_info, 0, "extra_info");
		$this->user_email = mysql_result($res_info, 0, "email");
	}

I'm specifically getting errors on the 4 $this-> lines.

Thanks!

 

[jpadie]

and what is the error?

the $this reference can only be used inside a non-statically called object. so that function should be a method of a class.

 

[evil1966]

The function is part of the access_user_class.php page. Logging into the site this function and returns the errors on the first page inside the site. The login is working.

These lines:

		$this->id = mysql_result($res_info, 0, "id");
		$this->user_full_name = mysql_result($res_info, 0, "real_name");
		$this->user_info = mysql_result($res_info, 0, "extra_info");
		$this->user_email = mysql_result($res_info, 0, "email");

Throw the error

Warning: mysql_result() [function.mysql-result]: Unable to jump to row 0 on MySQL result index 7 in /home/mediqw5/public_html/classes/access_user/access_user_class.php on line 190

Searching around the most likely explanation is that the lines aren't returning the data. I checked to make sure the column names are correct and read multiple places that I shouldn't be using mysql_result anymore.

 

[jpadie]

looks like you need to qualify that part of the method.
in the way you have it, even if there is no result, the method continues to try to assign variables.

so check that there is a result first.

$sql_info = sprintf("SELECT real_name, extra_info, email, id FROM %s WHERE login = '%s' AND pw = '%s'", $this->table_name, $this->user, md5($this->user_pw));
$res_info = mysql_query($sql_info);
$row = mysql_fetch_object($res_info);
if($row):
 $this->id = $row->id;
 $this->user_full_name = $row->real_name;
 $this->user_info = $row->extra_info;
 $this->user_email = $row->email;
else: 
 //do something about a false login
endif;

 

[evil1966]

Thanks. It is running the else part.

 

[jpadie]

i guessed as much.

do you need more help or can you sort from here?

the next step would be to check for sql errors.

$sql_info = sprintf("SELECT real_name, extra_info, email, id FROM %s WHERE login = '%s' AND pw = '%s'", $this->table_name, $this->user, md5($this->user_pw));
//this should be 
$sql_info = sprintf("SELECT real_name, extra_info, email, id FROM %s WHERE login = '%s' AND pw = '%s'", 
mysql_real_escape_string($this->table_name), 
mysql_real_escape_string($this->user),
mysql_real_escape_string($this->user_pw));
echo "sql: $sql_info \n"; 
$res_info = mysql_query($sql_info) or die(mysql_error());

$res_info = mysql_query($sql_info);

 

[evil1966]

The sql looks good. I checked it before and triple checked it now. Unless I my host server doesn't allow me to use database.table in a querry. I'll check that. Thanks!

 

[jpadie]

the sql is fine.

but the query may be wrong because the data may be wrong. and it's a terrible idea to use data in a query that has not been cleansed (mysql_real_escape_string). that can kill a query and also expose you to injection vectors.

run the code above and it will show you what the query looks like and tell you whether there are any errors

 

[evil1966]

run the code above and it will show you what the query looks like and tell you whether there are any errors

I did do that. It returned good without error

SELECT real_name, extra_info, email, id FROM users WHERE login = 'me' AND pw = '*********'

 

[jpadie]

great.

then you're down to only one possibility. there is no such record in that table in that database.

 

[evil1966]

Apparently I haven't gotten enough sleep. It does work with your code. I was testing with an admin login, but instead of using the actual password, I was using the hashed code. It let's me in, but throws those errors. If I use a correct login and password it works fine now. If I use a non-member name and made up password it does what it should.

Thank you very much for your help!