PHP/SQL - Object of class mysqli_result could not be converted to string

Question

I am fairly new to web programming but I know quite a bit. I am making a private messaging system but I am getting an error:

Catchable fatal error: Object of class mysqli_result could not be converted to string in C:\xampp\htdocs\message\send.php on line 26

This is the code:

$check_conv=mysqli_query($con,"SELECT `hash` FROM `message_g` WHERE (`user_one`='$my_id' AND `user_two`='$user') OR (`user_one`='$user' AND `user_two`='$my_id')");

What am I doing wrong, I have checked and there are values in the database. Also I have checked and I am using mysqli all around and not mixing mysql and mysqli. Any help would be greatly appreciated. Thanks.

Edit: Full code below:

<?php 
if(isset($_POST['submit'])){
$myusername=$_SESSION['myusername'];
$random=rand();
$my_id=mysqli_query($con,"SELECT `id` FROM `users` WHERE (`username`='$myusername')");
$user=$_GET['user'];
$check_conv=mysqli_query($con,"SELECT `hash` FROM `message_g` WHERE (`user_one`='$my_id' AND `user_two`='$user') OR (`user_one`='$user' AND `user_two`='$my_id')");
if(mysqli_num_rows($check_conv) == 1){
    echo "<p>Conversation Already Started!</p>";
} else {
    mysqli_query("INSERT INTO `message_g` (`user_one`, `user_two`, `hash`) VALUES ('$my_id','$user','$random')");
    echo "<p>Conversation Started!</p>";
    }
}
?>

this line of code have no issue, it is not in this line that your issue is, maybe in the line where you are using $check_conv — CodeBird, Feb 27 '14 at 20:56
well nobody can tell you what's wrong just seeing this line of code, no magicians around, just programmers :) — CodeBird, Feb 27 '14 at 21:03
You are doing something that is trying to turn the object into a string, and you can't do that. But we don't know because you aren't showing us the line of code that had the problem. — Andy Lester, Feb 27 '14 at 21:05
That is actually the line of the code that had the problem, it says line 26, and I showed you line 26. — poseidon, Feb 27 '14 at 21:06
it is using `$my_id` inside the $check_conv query your issue, `$my_id` is a mysqli_result not an integer — CodeBird, Feb 27 '14 at 21:07
So i need to convert $my_id to an integer before putting it into the query? — poseidon, Feb 27 '14 at 21:09
you can't convert a result into integer, you have to fetch the result. check my answer. — CodeBird, Feb 27 '14 at 21:12
@poseidon: You need to understand that `mysqli_query` returns an object, not an integer, not a string. If that does not make sense to you, **stop and read the manual**. — Andy Lester, Feb 27 '14 at 21:15
Thanks for the help, in future I will read the manual first, I understand that it returns and object and not a string firstly and that I have to save it as a string first. — poseidon, Feb 27 '14 at 21:16

CodeBird · Accepted Answer · 2014-02-27T22:00:04.287

Try fetching your mysqli_result, at the place of using directly in the query

$my_id_query=mysqli_query($con,"SELECT `id` FROM `users` WHERE (`username`='$myusername')");
//Fetch result 
$my_id_array=mysqli_fetch_assoc($my_id_query);
$my_id=$my_id_array['id'];
//Cast this into int to protect yourself against sql injection
$user=(int)$_GET['user'];
$check_conv=mysqli_query($con,"SELECT `hash` FROM `message_g` WHERE (`user_one`='$my_id' AND 
`user_two`='$user') OR (`user_one`='$user' AND `user_two`='$my_id')");
 if(mysqli_num_rows($check_conv) == 1){

score 1 · Answer 2 · answered Feb 27 '14 at 21:02

1

mysqli_query returns an object. You can't just print the object. You need to read the mysqli documentation to learn what to do with the results of an mysqli_query object.

http://us1.php.net/manual/en/mysqli.query.php

answered Feb 27 '14 at 21:02

Andy Lester

91,102
13
100
152

I am not printing it though, after that I am checking the rows. – poseidon Feb 27 '14 at 21:03
How do we know that? We can't see your code? You showed us one single line of code. – Andy Lester Feb 27 '14 at 21:04
Will add rest, one minute. – poseidon Feb 27 '14 at 21:04

score 1 · Answer 3 · edited May 23 '17 at 11:45

Here's your problem. Here you go and do a query and assign it to $my_id, thinking that you are getting the actual value from the column, but you aren't.

$my_id=mysqli_query($con,"SELECT `id` FROM `users` WHERE (`username`='$myusername')");

Then you try to interpolate it into a string in your second call:

$check_conv=mysqli_query($con,"SELECT `hash` FROM `message_g` WHERE (`user_one`='$my_id' AND `user_two`='$user') OR (`user_one`='$user' AND `user_two`='$my_id')");

For that to work, $my_id would have to be a string, but it is not. It is an object.

Also, unrelated to your problems here, please note that by building SQL statements with outside variables, you are leaving yourself open to SQL injection attacks. Also, any input data with single quotes in it, like a name of "O'Malley", will blow up your SQL query. Please learn about using parametrized queries, preferably with the PDO module, to protect your web app. My site http://bobby-tables.com/php has examples to get you started, and this question has many examples in detail.

THanks for the tips, would give you rep if I could. – poseidon Feb 27 '14 at 21:14 — poseidon, Feb 27 '14 at 21:14

PHP/SQL - Object of class mysqli_result could not be converted to string

3 Answers3