1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Connecting to Drupal 7

Discussion in 'PHP' started by NITRO23456, May 24, 2018.

  1. #1
    Hi everyone

    I am trying to connect a third party app to my Drupal 7 database with this code:

    
    // Create connection
    $conn = new mysqli($servername, $username, $password);
    
    if (@$_GET["sessionid"])
      $_SESSION["sessionid"] = @$_GET["sessionid"];
    
    
    if (@$_SESSION["sessionid"])
    {
    
    //Get the get username/role from the database
    
    $sql="select u.*,s.*,ur.rid, r.name as rolename
    from sessions s
    inner join users u on s.uid=u.uid
    left outer join users_roles ur on u.uid=ur.uid
    LEFT OUTER JOIN role r ON r.rid = ur.rid
    where u.status=1 and u.uid>0 and s.sid='" . $_SESSION["sessionid"]. "'";
    $rs=db_query($sql,$conn);
    
    $data=db_fetch_array($rs);
    
    if($data)
    {
            $_SESSION["UserID"] = $data["name"];
            if (!is_null($data["rolename"]))
            {
                    $_SESSION["GroupID"] = $data["rolename"];
                    if ($data["rolename"]=='administrator')
                            $_SESSION["AccessLevel"] = ACCESS_LEVEL_ADMINGROUP;
                    else
                            $_SESSION["AccessLevel"] = ACCESS_LEVEL_USER;
            }
            else
                    $_SESSION["AccessLevel"] = ACCESS_LEVEL_USER;
    }
    else
    // log out
    {
            session_unset();}
    }
    
    Code (markup):
    But I am getting the following error:

    Any ideas? Line 475 of appsettings is $rs=db_query($sql,$conn); from the above code.

    Line 2311 of database.inc is function db_query($query, array $args = array(), array $options = array())
    SEMrush
     
    NITRO23456, May 24, 2018 IP
    SEMrush
  2. Cameron Fillers

    Cameron Fillers Member

    Messages:
    33
    Likes Received:
    4
    Best Answers:
    0
    Trophy Points:
    33
    #2
    this looks very strange, as it looks like you are attempting to run drupal php code from a standard php file. If you are trying to call drupal functions, like db_query, you will need to bootstrap into drupal first. You may be better off using mysql_db_query

    http://php.net/manual/en/function.mysql-db-query.php

    Also, have you attempted to run your mysql query in phpmyadmin with known data and retrieved a positive result?

    Also, you are not using any kind of while or foreach loop for your results, and there is no Limit 0,1 to ensure you only get 1 result, but I think you should be fine with the fact that you are checking by SessionID, which should be unique.
     
    Cameron Fillers, Jul 27, 2018 IP
  3. ThePHPMaster

    ThePHPMaster Well-Known Member

    Messages:
    737
    Likes Received:
    52
    Best Answers:
    33
    Trophy Points:
    150
    #3
    ThePHPMaster, Jul 28, 2018 IP
  4. NetStar

    NetStar Notable Member

    Messages:
    2,360
    Likes Received:
    501
    Best Answers:
    21
    Trophy Points:
    245
    #4
    @deathshadow likes these types of posts.

    • mysqli_*
    • SQL injection
    • Suppressing errors with @
     
    NetStar, Jul 29, 2018 IP
  5. deathshadow

    deathshadow Acclaimed Member

    Messages:
    9,110
    Likes Received:
    1,692
    Best Answers:
    239
    Trophy Points:
    515
    #5
    Yeah, the error suppression and blindly stuffing $_GET information into the query string. Throw that ENTIRE mess in the trash and start over. It's called prepare/execute, USE IT!

    ... and not sure why anyone would bother doing a manual connection to a new mysqli object then try to use drupals silly db_ functions... but that's just part of why Drupal leaves me wondering just what the f*** is in their kool aid -- just like every other one of the dumbass ignorant 'frameworks' out there.

    Y'all just made a perfectly good mysqli connection, USE IT!!!

    Much less why in the bloody blue blazes would you be screwing around with the session id much less derping it around as getDATA?
     
    deathshadow, Jul 30, 2018 IP
    nico_swd likes this.
  6. Komputerking

    Komputerking Greenhorn

    Messages:
    34
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    8
    #6
    Well, the problem is that the OP was using php commands from Drupal when Drupal wasn't loaded. So that's a big part of the issue. It seems like he was familiar with how to perform the request in Drupal, but then tried to setup a third party app, but still used the same commands. No big deal, but would be interesting to hear if he was able to get it resolved with the information provided.

    But yeah, the whole reason Drupal uses their own functions is to allow the commands to hook into the rest of Drupal, and to sanitize the data beforehand
     
    Komputerking, Jul 31, 2018 IP
  7. deathshadow

    deathshadow Acclaimed Member

    Messages:
    9,110
    Likes Received:
    1,692
    Best Answers:
    239
    Trophy Points:
    515
    #7
    In other words prepare/execute's job and part of why both PDO and mysqli should have made MOST of the nonsense in these 'frameworks' go the way of the dodo over a decade ago.
     
    deathshadow, Jul 31, 2018 IP