PHP 'sqlsrv_query' null in resource

Question

<?php

class Database {

protected $server;

function __construct($sql_server) {

    $this->server = $sql_server;

}

public function connect() {

    $connect = sqlsrv_connect($this->server, ["Database" => "ACCOUNT_DBF"]); // Windows Auth

    if(!$connect) { die(print_r(sqlsrv_errors(), true)); }
    else { echo "Connection established!"; }

}

public function userExists($data) {

    $query  = sqlsrv_query($his->server, "SELECT * FROM ACCOUNT_TBL where account = '$data'");

    if(!$query) { die(print_r(sqlsrv_errors(), true)); }
    else { echo "Bind success."; }

}

}

$db = new Database("YNCA\SQLEXPRESS");

$db->connect();
$db->userExists("bush");

?>

The $db->userExists("bush"); gives me a null resource in parameter, I cannot figure it out to why. Tho, I passed a valid parameter string into the $data in the userExists function.

EDIT : Fixed it with this final piece of code:

<?php

class Database {

    protected $server, $connect;    

    function __construct($sql_server) {

        $this->server = $sql_server;

    }

    public function connect() {

        $this->connect = sqlsrv_connect($this->server, ["Database" => "ACCOUNT_DBF"]); // Windows Auth

        if(!$this->connect) { die(print_r(sqlsrv_errors(), true)); }
        else { echo "Connection established!"; }

    }

    public function userExists($data) {

        $query = sqlsrv_query($this->connect, "SELECT * FROM ACCOUNT_TBL where account = ?", ["$data"]);

        if(!$query) { die(print_r(sqlsrv_errors(), true)); }
        else { echo "Bind success."; }

    }

}

$db = new Database("YNCA\SQLEXPRESS");

$db->connect();
$db->userExists("bush");

?>

Pinke Helga · Accepted Answer · 2016-04-16T05:55:19.613

2

Store the connection resource into an object property and pass it to sqlsrv_query instead of $his->server. If passing the server string would be correct at this point, there is also a typo in $his->server ($this->server)

class Database {
  protected
    $server,
    $connection
  ;

// ...

public function connect() {
  $this->connection = sqlsrv_connect($this->server, ["Database" => "ACCOUNT_DBF"]); // Windows Auth
  // ...
}

public function userExists($data) {
  $query  = sqlsrv_query($his->connection, "SELECT * FROM ACCOUNT_TBL where account = '$data'");
  // ...
}

edited Apr 16 '16 at 05:55

answered Apr 16 '16 at 05:21

Pinke Helga

6,378
2
22
42

Hello there sir, can you explain more further? – Fur Apr 16 '16 at 05:38
1

`sqlsrv_query(...)` takes a connection resource as first argument. You get this from `$connect = sqlsrv_connect('servername')`. You have to do the same thing you have done in the constructor (`$this->server = $sql_server`). Do a `$this->connect = sqlsrv_connect($this->server)`. Remember to add `$connect` also to the list of protected properties. Later query on the connection, not the servername. – Pinke Helga Apr 16 '16 at 05:45
Hello there sir, I did this: http://prntscr.com/asuxpv and there's some errors(?) that I recieved. – Fur Apr 16 '16 at 06:01
There are no errors, just informations. They are printed due to your if-condition `!$connect` instead of `!$this->connect` – Pinke Helga Apr 16 '16 at 06:16
Thank you so much sir, that fixed it! – Fur Apr 16 '16 at 06:21
2

I recommend the usage of some PHP IDE such as Netbeans with PHP plugin. There you can press ctrl+r to refactor an identifier and it will be changed in the hole declaration scope automatically. It has also debugging features in conjunction with xdebug. – Pinke Helga Apr 16 '16 at 06:22

score 1 · Answer 2 · edited May 23 '17 at 12:16

1

You're doing $his->server in function userExists($data). Should be $this->server

This should be a comment. I just wanted to throw in tip to about a sqlsrv_query.

You get parameterized queries really easy with sqlsrv_. Just change query to:

$query  = sqlsrv_query($this->server
    , "SELECT *
        FROM ACCOUNT_TBL
        WHERE account = ?"
    , array($data));

And leave the rest alone. (the extra whitespace is optional ;)

In case you didn't know, parameterized queries help protect against SQL injection attacks. Even "accidental" SQL injection like people's names (think "O'Neil" :). This question explains why with examples for PDO and mysqli. Still applicable.

edited May 23 '17 at 12:16

Community

1
1

answered Apr 16 '16 at 05:23

This would be fine right? "$query = sqlsrv_query($this->connect, "SELECT * FROM ACCOUNT_TBL where account = '?'", $data);" – Fur Apr 16 '16 at 05:33
1

@fur Close. When you're using the `?`, do not put single quotes around the `?`. Otherwise, perfect! – Apr 16 '16 at 05:39
Sir, I made the whole code like this http://prntscr.com/asuu68 but I've got "Parse error: syntax error, unexpected '(', expecting ',' or ';' in C:\AppServ\www\index.php on line 6". – Fur Apr 16 '16 at 05:44
1

well for one thing, i forgot to include the fix for the real problem in the first place(i was still using `$his` instead of `$this`. see my edit.) Can you make sure that's fixed in your code? if it is, edit your question to include the code from index.php – Apr 16 '16 at 05:48
Hello there sir, I've got my code to transform to this but then I got some errors(?) or warnings(?) received in the browser: http://prntscr.com/asuxpv – Fur Apr 16 '16 at 06:11

PHP 'sqlsrv_query' null in resource

2 Answers2