PHP/SQL - 类 mysqli_result 的对象无法转换为字符串
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/22080090/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
PHP/SQL - Object of class mysqli_result could not be converted to string
提问by poseidon
I am fairly new to web programming but I know quite a bit. I am making a private messaging system but I am getting an error:
我对网络编程相当陌生,但我知道很多。我正在制作一个私人消息系统,但出现错误:
Catchable fatal error: Object of class mysqli_result could not be converted to string in C:\xampp\htdocs\message\send.php on line 26
This is the code:
这是代码:
$check_conv=mysqli_query($con,"SELECT `hash` FROM `message_g` WHERE (`user_one`='$my_id' AND `user_two`='$user') OR (`user_one`='$user' AND `user_two`='$my_id')");
What am I doing wrong, I have checked and there are values in the database. Also I have checked and I am using mysqli all around and not mixing mysql and mysqli. Any help would be greatly appreciated. Thanks.
我做错了什么,我已经检查过并且数据库中有值。我也检查过,我到处都在使用 mysqli,而不是混合使用 mysql 和 mysqli。任何帮助将不胜感激。谢谢。
Edit: Full code below:
编辑:完整代码如下:
<?php
if(isset($_POST['submit'])){
$myusername=$_SESSION['myusername'];
$random=rand();
$my_id=mysqli_query($con,"SELECT `id` FROM `users` WHERE (`username`='$myusername')");
$user=$_GET['user'];
$check_conv=mysqli_query($con,"SELECT `hash` FROM `message_g` WHERE (`user_one`='$my_id' AND `user_two`='$user') OR (`user_one`='$user' AND `user_two`='$my_id')");
if(mysqli_num_rows($check_conv) == 1){
echo "<p>Conversation Already Started!</p>";
} else {
mysqli_query("INSERT INTO `message_g` (`user_one`, `user_two`, `hash`) VALUES ('$my_id','$user','$random')");
echo "<p>Conversation Started!</p>";
}
}
?>
回答by CodeBird
Try fetching your mysqli_result, at the place of using directly in the query
尝试在查询中直接使用的地方获取您的 mysqli_result
$my_id_query=mysqli_query($con,"SELECT `id` FROM `users` WHERE (`username`='$myusername')");
//Fetch result
$my_id_array=mysqli_fetch_assoc($my_id_query);
$my_id=$my_id_array['id'];
//Cast this into int to protect yourself against sql injection
$user=(int)$_GET['user'];
$check_conv=mysqli_query($con,"SELECT `hash` FROM `message_g` WHERE (`user_one`='$my_id' AND
`user_two`='$user') OR (`user_one`='$user' AND `user_two`='$my_id')");
if(mysqli_num_rows($check_conv) == 1){
回答by Andy Lester
mysqli_queryreturns an object. You can't just print the object. You need to read the mysqli documentation to learn what to do with the results of an mysqli_query object.
mysqli_query返回一个对象。你不能只打印对象。您需要阅读 mysqli 文档以了解如何处理 mysqli_query 对象的结果。
回答by Andy Lester
Here's your problem. Here you go and do a query and assign it to $my_id, thinking that you are getting the actual value from the column, but you aren't.
这是你的问题。在这里,您执行查询并将其分配给 $my_id,认为您正在从列中获取实际值,但实际上并没有。
$my_id=mysqli_query($con,"SELECT `id` FROM `users` WHERE (`username`='$myusername')");
Then you try to interpolate it into a string in your second call:
然后,您尝试在第二次调用中将其插入到字符串中:
$check_conv=mysqli_query($con,"SELECT `hash` FROM `message_g` WHERE (`user_one`='$my_id' AND `user_two`='$user') OR (`user_one`='$user' AND `user_two`='$my_id')");
For that to work, $my_id would have to be a string, but it is not. It is an object.
为此, $my_id 必须是一个字符串,但事实并非如此。它是一个对象。
Also, unrelated to your problems here, please note that by building SQL statements with outside variables, you are leaving yourself open to SQL injection attacks.Also, any input data with single quotes in it, like a name of "O'Malley", will blow up your SQL query. Please learn about using parametrized queries, preferably with the PDO module, to protect your web app. My site http://bobby-tables.com/phphas examples to get you started, and this questionhas many examples in detail.
此外,与您的问题无关,请注意,通过使用外部变量构建 SQL 语句,您将面临 SQL 注入攻击。此外,任何带有单引号的输入数据,例如“O'Malley”的名称,都会破坏您的 SQL 查询。请了解如何使用参数化查询(最好使用 PDO 模块)来保护您的 Web 应用程序。我的网站http://bobby-tables.com/php有一些例子可以帮助你入门,这个问题有很多详细的例子。
