0

I just moved to Digital Ocean (PHP 7.0) and im making a global.php file to pass the admin id that is logged and the admins information. I have ran into an error. I don't know if this is the new php version because i was using PHP 5.6 then i moved here to use 7 and have no cpanel to learn linux commands. Below is my code:

*header.php includes global.php below the mysql.php which connects to the db if you think i forgot to add that, it is included. 

<?php

$adminid = $_SESSION['adminid'];
$adminGet = $conn->query("SELECT * FROM admins WHERE id  = '$adminid'");
$adminFetch = $adminGet->fetch_array(MYSQL_ASSOC);

$admin_first = $adminFetch['first_name'];

$admin_first is not reporting firstname. This table does indeed exist and does have admin id 1 which is the session id that is in use (i checked by echoing $_SESION['adminid']

Admins table: http://prntscr.com/fohwtc

Any help is appreciated!

  • What is the error you are getting? – kjones Jun 26 '17 at 21:25
  • No error_log is being reported @kjones –  Jun 26 '17 at 21:28
  • Is `$adminFetch['first_name']` set? Is it an empty string? Do you have `error_reporting(E_ALL); ini_set('display_errors', 1); ` in your index.php just to be sure you're not causing any errors or warnings? PHP 7 handles errors a bit differently. – Goose Jun 26 '17 at 21:30
  • What do you mean @Goose –  Jun 26 '17 at 21:30
  • 1
    What is returned by `var_dump($adminFetch);`? – kjones Jun 26 '17 at 21:30
  • @JarrodEstepp do you understand `isset()`? – Goose Jun 26 '17 at 21:31
  • var_dump returned NULL @kjones –  Jun 26 '17 at 21:31
  • $goose yea i do understand isset() –  Jun 26 '17 at 21:32
  • error.log is empty btw –  Jun 26 '17 at 21:32
  • What is the var_dump of `$conn`? Have you tried doing `echo "SELECT * FROM admins WHERE id = '$adminid'";` and running that directly in the database. – Goose Jun 26 '17 at 21:35
  • Let me run that in the dB –  Jun 26 '17 at 21:35
  • I ran it in DB and it brought up the query. Also, i tired using Mysqli Prepared Statement and it made it work but i don't like using Prepared Statements when i don't have to. –  Jun 26 '17 at 21:36
  • 2
    Shouldn't it be `MYSQLI_ASSOC` instead of `MYSQL_ASSOC`? `mysql_*` doesn't mix with `mysqli_*` – Qirel Jun 26 '17 at 21:37
  • 1
    You're already using an API that supports **prepared statements** with bounded variable input, you should utilize parameterized queries with placeholders (prepared statements) to protect your database against [SQL-injection](http://stackoverflow.com/q/60174/)! Get started with [`mysqli::prepare()`](http://php.net/mysqli.prepare). – Qirel Jun 26 '17 at 21:37
  • I will try Mysqli_assoc –  Jun 26 '17 at 21:37
  • Qirel is right I think, MYSQL extension was deprecated in modern 5.x php and removed in PHP 7 – Goose Jun 26 '17 at 21:38
  • I am using MySQLi Prepared satements where users input info to db. Fetching data that users don't touch is waste of lines of code for prepared statements. @Qirel –  Jun 26 '17 at 21:38
  • @Goose Not only that (meaning the constant `MYSQL_ASSOC` should be removed too), but APIs don't mix/interchange. – Qirel Jun 26 '17 at 21:39
  • 2
    Uhm, no... @JarrodEstepp - it's not waste of time. You should prepare **any** query that use any sort of variable. The time it takes to prepare versus a regular query is minimal difference. – Qirel Jun 26 '17 at 21:39
  • Yea. MYSQL was removed. I changed MYSQL to MYSQLI and it worked perfectly! Thank you for your help! Now i can start on my project! Really appreciated! –  Jun 26 '17 at 21:40
  • @JarrodEstepp glad you got it working. I understand you probably don't believe `$adminid` needs the security of prepared statements because it is not a direct user input, but it's far more difficult to understand the full security implications of every variable every time you make a change than it is to just use best security practices. You should also use a framework so it takes care of all this and more under the hood. You should also trust best practices until you are an expert in the field. – Goose Jun 26 '17 at 21:43

0 Answers0