Connecting to Drupal 7

Hi everyone

I am trying to connect a third party app to my Drupal 7 database with this code:

// Create connection
$conn = new mysqli($servername, $username, $password);

if (@$_GET["sessionid"])
  $_SESSION["sessionid"] = @$_GET["sessionid"];


if (@$_SESSION["sessionid"])
{

//Get the get username/role from the database

$sql="select u.*,s.*,ur.rid, r.name as rolename
from sessions s
inner join users u on s.uid=u.uid
left outer join users_roles ur on u.uid=ur.uid
LEFT OUTER JOIN role r ON r.rid = ur.rid
where u.status=1 and u.uid>0 and s.sid='" . $_SESSION["sessionid"]. "'";
$rs=db_query($sql,$conn);

$data=db_fetch_array($rs);

if($data)
{
        $_SESSION["UserID"] = $data["name"];
        if (!is_null($data["rolename"]))
        {
                $_SESSION["GroupID"] = $data["rolename"];
                if ($data["rolename"]=='administrator')
                        $_SESSION["AccessLevel"] = ACCESS_LEVEL_ADMINGROUP;
                else
                        $_SESSION["AccessLevel"] = ACCESS_LEVEL_USER;
        }
        else
                $_SESSION["AccessLevel"] = ACCESS_LEVEL_USER;
}
else
// log out
{
        session_unset();}
}

Code (markup):

But I am getting the following error:

Any ideas? Line 475 of appsettings is $rs=db_query($sql,$conn); from the above code.

Line 2311 of database.inc is function db_query($query, array $args = array(), array $options = array())

 

this looks very strange, as it looks like you are attempting to run drupal php code from a standard php file. If you are trying to call drupal functions, like db_query, you will need to bootstrap into drupal first. You may be better off using mysql_db_query

http://php.net/manual/en/function.mysql-db-query.php

Also, have you attempted to run your mysql query in phpmyadmin with known data and retrieved a positive result?

Also, you are not using any kind of while or foreach loop for your results, and there is no Limit 0,1 to ensure you only get 1 result, but I think you should be fine with the fact that you are checking by SessionID, which should be unique.

 

From exactly that link:


From: https://www.drupal.org/forum/suppor...s/2008-05-19/how-to-use-drupal-api-outside-of

<?php
require_once './includes/bootstrap.inc'; // assuming your script is in the same folder as Drupal's index.php
drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL); // you now have access to all Drupal functionality

PHP:

 

@deathshadow likes these types of posts.

• mysqli_*
• SQL injection
• Suppressing errors with @

 

Yeah, the error suppression and blindly stuffing $_GET information into the query string. Throw that ENTIRE mess in the trash and start over. It's called prepare/execute, USE IT!

... and not sure why anyone would bother doing a manual connection to a new mysqli object then try to use drupals silly db_ functions... but that's just part of why Drupal leaves me wondering just what the f*** is in their kool aid -- just like every other one of the dumbass ignorant 'frameworks' out there.

Y'all just made a perfectly good mysqli connection, USE IT!!!

Much less why in the bloody blue blazes would you be screwing around with the session id much less derping it around as getDATA?

 

Well, the problem is that the OP was using php commands from Drupal when Drupal wasn't loaded. So that's a big part of the issue. It seems like he was familiar with how to perform the request in Drupal, but then tried to setup a third party app, but still used the same commands. No big deal, but would be interesting to hear if he was able to get it resolved with the information provided.

But yeah, the whole reason Drupal uses their own functions is to allow the commands to hook into the rest of Drupal, and to sanitize the data beforehand

 

In other words prepare/execute's job and part of why both PDO and mysqli should have made MOST of the nonsense in these 'frameworks' go the way of the dodo over a decade ago.