I just ran my Account Activation scripts in PHP, and I haven't changed anything that I can think of since last night, but now got a *weird* SQL error...

An error occurred in script '/home/content/76/5060376/html/106_ActivateAccount.php' on line 72: Object of class mysqli_result could not be converted to string
Date/Time: 10-11-2009 15:15:41


Array
(
[GLOBALS] => Array
*RECURSION*
[_POST] => Array
(
)

[_GET] => Array
(
[x] => test@mail.com
[y] => f85e70af6307c75284af7b68453856dc
)

[_COOKIE] => Array
(
[PHPSESSID] => 9ghisl9pfjhks21cvfefo1sjm3
)

[_FILES] => Array
(
)

[_SESSION] => Array
(
[email] => test@mail.com
[first_name] => Amy
[account_results] =>

Here is my PHP code...

Code:
<?php # Script 16.7 - activate.php
  // This page activates the user's account.

  // Address error-handling.
  error_reporting(E_ALL & ~E_NOTICE);

  // Include Configuration Settings.
  require_once ('includes/config.inc.php');

  // Start output buffering.
  ob_start();

  // Initialize a session.
  session_start();

  // Validate $_GET['x'] and $_GET['y']:
  // Assume value are invalid.
  $x = FALSE;
  $y = FALSE;

  // Validate E-mail address.
  if (isset($_GET['x'])
        && preg_match ('/^[\w.-]+@[\w.-]+\.[A-Za-z]{2,6}$/', $_GET['x']) ) {
          $x = $_GET['x'];
  }

  // Validate Authorization Code.
  if (isset($_GET['y']) && (strlen($_GET['y']) == 32 ) ) {
          $y = $_GET['y'];
  }

  // Validate both URL values.
  if ($x && $y) {
      // Authorization values valid.

      // Path to DB Connection Script.
      require_once (MYSQL);

      //************************************************************************
      // Determine User's Name based on Email in URL.
      // Build query.
      $name = "SELECT first_name " .
              "FROM users " .
              "WHERE (email = '" . mysqli_real_escape_string($dbc, $x) .
              "') LIMIT 1";

      // Run query.
      $r1 = mysqli_query ($dbc, $name)
              or trigger_error("Query: $name\n<br />MySQL Error: " . mysqli_error($dbc));

      //************************************************************************
      // Remove Authorization String from database.
      // Build query.
      $auth = "UPDATE users " .
              "SET active = NULL " .
              "WHERE (email = '" . mysqli_real_escape_string($dbc, $x) .
              "' AND active = '" . mysqli_real_escape_string($dbc, $y) .
              "') LIMIT 1";

      // Run query.
      $r2 = mysqli_query ($dbc, $auth)
              or trigger_error("Query: $auth\n<br />MySQL Error: " . mysqli_error($dbc));

      //************************************************************************
      // Verify record was changed.
      if (mysqli_affected_rows($dbc) == 1) {
          // Insert succeeded.
          //echo "<h3>Your account is now active. You may now log in.</h3>";

          // Create "Account Validated" message.
          $_SESSION['validation_results'] =
            "<span id=\"congrats\">Congratulations, " . $r1 .
            ", your account is now active!!</span>" .
            "<span id=\"congrats_msg\">You may log in.</span>";

      } else {
          // Insert failed.
          //echo '<p class="error">Your account could not be activated. Please re-check the link or contact the system administrator.</p>';

          // Create Error message.
          $_SESSION['validation_results'] =
            "<span id=\"congrats\">Sorry, " . $r1 .
            ", your account could not be actived!!</span>" .
            "<span id=\"congrats_msg\">Please re-check the link or contact the system administrator.</span>";
      }

      // Close Database Connection.
      mysqli_close($dbc);

  } else {
      // Authorization values invalid.

      // Redirect.
      $url = BASE_URL . 'index.php'; // Define the URL:
      ob_end_clean(); // Delete the buffer.
      header("Location: $url");
      exit(); // Quit the script.

  }
?>
I don't see any code anywhere near Line 72 that looks wrong?!

UGH!!

Any idea what is wrong??


Amy