-2

I want to set Location to $link, but still, in the following code, I'm getting an error saying: Catchable fatal error: Object of class stdClass could not be converted to string Here is my code:

<?php
    $site_id=$_GET['site_id'];
    $conn=mysql_connect("localhost","root","") or die("couldn't connect to database") ;
    $db=mysql_select_db("search_engine",$conn);
    $value=mysql_query("UPDATE sites set rank=(rank+1) WHERE site_id='$site_id'");
    $query = "SELECT site_link FROM sites WHERE site_id='$site_id' limit 1";
    $result=mysql_query($query);
    $value=mysql_fetch_object($result);
    $link=(string)$value;
    header("Location:".$link);

?>
Unamata Sanatarai
  • 6,475
  • 3
  • 29
  • 51
user8214181
  • 45
  • 3
  • 1
    Have you tried `$value->site_link`? http://php.net/manual/en/function.mysql-fetch-object.php – ka_lin Jun 30 '17 at 14:21
  • 2
    Don't use the `mysql_*` functions. They have been deprecated since v5.5 (Jun 2013) and removed since v7.0 (Dec 2015). Instead use the [**mysqli_***](https://secure.php.net/manual/en/book.mysqli.php) or [**PDO**](https://secure.php.net/manual/en/book.pdo.php) functions with [**prepared statements**](https://secure.php.net/manual/en/pdo.prepare.php) and [**bound parameters**](https://secure.php.net/manual/en/pdostatement.bindparam.php). – Alex Howansky Jun 30 '17 at 14:21
  • 1
    Your code is vulnerable to [**SQL injection**](https://en.wikipedia.org/wiki/SQL_injection) attacks. You should use prepared statements with bound parameters, via either the [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php) drivers. [**This post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) has some good examples. – Alex Howansky Jun 30 '17 at 14:21
  • 2
    Essentially what @ka_lin said: you're getting an object as your result, so site_link is a property of that object. As a note, what happens if that site ID is not present in the database? – Chris Forrence Jun 30 '17 at 14:23

1 Answers1

1

First of all don't use mysql_* functions. They are vulnerable to SQL injection attacks.

mysql_fetch_object returns object. 

object mysql_fetch_object ( resource $result [, string $class_name [, array $params ]] )

If you want to get data simply use arrow operator

    $value=mysql_fetch_object($result);
    $link=$value->site_link;

Reference: http://php.net/manual/en/function.mysql-fetch-object.php

Sehdev
  • 5,486
  • 3
  • 11
  • 34