PHP search - catchable fatal error

Question

I would like to write a little search engine, but I can't solve my problem. I tried to find any solution but I can't find the root cause.

Error: Catchable fatal error: Object of class mysql_result not be converted to string (in line 31)

include ("../connect.php");

$brand = $_POST["brand"];
$gyartmany = $_POST["gyartmany"];
$csalad = $_POST["csalad"];
$cikktipus = $_POST["tipus"];

//$cikkszamok = $_POST["cikkszamok"];

$doktipus = $_POST["doktipus"];
$ervenyessegkezdete = $_POST["ervenyessegkezdete"];
$ervenyessegvege = $_POST["ervenyessegvege"];
$dokazonosito = $_POST["dokazonosito"];
$fajlnev = $_POST["fajlnev"];
//$archiv = $_POST["archiv"];

$valasz= array();

if (isset($brand))
{
    $vissza = $kapcsolat->query("SELECT * FROM dokumentumok WHERE brand = '$brand'");

    if (isset($gyartmany)) {
        $vissza .= "AND gyartmany LIKE '$gyartmany'"; //Line 31
    }

    if (isset($csalad)) {
        $vissza .= "AND csalad LIKE '$csalad'";
    }

    if (isset($cikktipus)) {
        $vissza .= "AND cikktipus LIKE '$cikktipus'";
    }

    if (isset($cikkszamok)) {
        $vissza .= "AND erintett_cksz LIKE '$cikkszamok'";
    }

    if (isset($ervenyessegkezdete)) {
        $vissza .= "AND  letrehozas  >='$ervenyessegkezdete'";
    }

    if (isset($ervenyessegvege)) {
        $vissza .= "AND ervenyesseg <= '$ervenyessegvege'";
    }

    if (isset($dokazonosito)) {
        $vissza .= "AND dokazonosito LIKE '$dokazonosito'";
    }

    if (isset($fajlnev)) {
        $vissza .= "AND fajlnev LIKE '$fajlnev'";
    }

}

if (mysqli_num_rows($vissza)>0)  
{
    while($sor = mysqli_fetch_assoc($vissza))
    {
        array_push($valasz, $sor);
    }
} else {
    $valasz["uzenet"]=("sometext!");
}

print json_encode ($valasz);

I think the main problem in this row: $vissza = $kapcsolat->query("SELECT * FROM dokumentumok WHERE brand = '$brand'");

Answer 1

$vissza is of type mysql_result because of this line:

$vissza = $kapcsolat->query("SELECT * FROM dokumentumok WHERE brand = '$brand'");

but you try to work with it as if it were a string like:

$vissza .= "AND gyartmany LIKE '$gyartmany'";

This won't work. Once a query is send to mysql it is "gone". You can not edit it afterwards. You have to build your query PRIOR to sending it with ->query().

Also: Please have a look at PDO. Additionally your code introduces sql injection. You might want to read about this.

Here an example stub so you get the idea:

<?php
$vissza = "SELECT * FROM dokumentumok WHERE brand = '$brand'";
if (isset($brand))
{

    if (isset($gyartmany)) {
        $vissza .= "AND gyartmany LIKE '$gyartmany'"; //Line 31
    }

    //...

}

$visszaResult = $kapcsolat->query($vissza);

// work with the result here