This question already has answers here:
How to change mysql to mysqli?
(12 answers)
Closed 2 years ago.
As mysql_real_escape_string is now deprecated, I have to change one function on the site that is using it. For the life of me, I can't figure out proper mysqli or pdo code to use. Maybe someone can guide me at the right direction. This is how it currently looks.
if (isset($_GET['btnSearch']) && !empty($_GET['txtSearch'])) {
$txtSearch = trim(mysql_real_escape_string($_GET['txtSearch']));
if (preg_match("/^(?i)BAW[0-9]+/", $txtSearch)) {
$pilot->pilot_num = strtoupper($txtSearch);
} else {
$pilot->name = $txtSearch;
}
}
Thank you all.
To replace mysql_real_escape_string with mysqli_real_escape_string you need to have an already opened connection to your DB like this:
$DBH = new mysqli($dbhost, $dbusername, $dbpasswd, $database_name);
then you can replace
mysql_real_escape_string($_GET['txtSearch'])
with
$DBH->real_escape_string($_GET['txtSearch'])
As it appears, I already have open connection and framework handles the query. All that needed is removal of
mysql_real_escape_string
Related
This question already has answers here:
Why shouldn't I use mysql_* functions in PHP?
(14 answers)
Closed 5 years ago.
I'm a php beginner. I saw many videos in youtube, where they are using mysql instead of mysqli; My editor is NetBeans and Netbeans warns me the mysql is deprecated.
$conn = new mysqli($servername, $username, $password);
My doubt:
Should i learn mysql format or just skip that?
Dont learn the mysql_* functions. Even if you stumble accross them in legacy code its not hard to understand them.
As you already said by yourself, mysql_* functions are deprecated (as of PHP 5.5) and even removed (as of PHP 7).
Also, MySQLi is much more secure because it supports prepared statements.
If you dont want to use MySQLi, you can also use PDO instead.
PDO: http://php.net/manual/en/book.pdo.php
Prepared Statement: http://php.net/manual/en/mysqli.quickstart.prepared-statements.php
Definitely skip it. Using depreciated technologies is never a good idea especially in a production environment. mysqli and pdo
are better and much safer solutions. PDO is my personal fav ;). Here is a connection to get you started.
<?php
define("DSN", "mysql:host=localhost;dbname=db_name");
define("USERNAME", "root");
define("PASSWORD", "");
$options = array(PDO::ATTR_PERSISTENT => true);
try{
$conn = new PDO(DSN, USERNAME, PASSWORD, $options);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
echo "connection successful";
}catch (PDOException $ex){
echo "A database error occurred ".$ex->getMessage();
}
This question already has an answer here:
PDO Setting PDO::MYSQL_ATTR_FOUND_ROWS fails
(1 answer)
Closed 6 years ago.
I want to change the value of the PDO MYSQL_ATTR_FOUND_ROWS connection option between queries.
Initially I define the connection handle like:
$dbh = new PDO('mysql:host=localhost;dbname=db', $uid, $pwd, array(PDO::MYSQL_ATTR_FOUND_ROWS => true));
I would like to change the value of MYSQL_ATTR_FOUND_ROWS to false at some point in the program. Is that possible? If so, how is it done?
Try using this command:
$dbh->setAttribute("PDO::MYSQL_ATTR_FOUND_ROWS", true);
setAttribute() documentation
This question already has an answer here:
Fetching one row only with MySQLi
(1 answer)
Closed 7 years ago.
I've tried looking around and couldn't find an answer myself, so I'll post my problem instead, maybe it will help other people :)
I'm making a mysql query and getting an array out of it as it's supposed to do, but I want to take my first result out of this array and put that result in a variable instead so I can use it in my logic.
$conn = new mysqli($servername, $username, $password, $dbname);
$value_High = mysqli_query($conn, "SELECT MAX(picID) from pictures");
$id = mysqli_data_seek($value_High, 0);
var_dump($id);
I've tried some different things, I get a bool out of myqli_data_seek which is not what I want ofc, so I obviously need to use something else, I just don't know what.
$id = mysqli_fetch_row($value_High);
This question already has an answer here:
The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead [duplicate]
(1 answer)
Closed 8 years ago.
My host recently upgrade the PHP version and a certain part of my website now shows the following error:
Deprecated: mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in url/structure/here on line 49
That is referencing the below code:
function DBConnect() {
$this->connectCount ++;
//echo "$this->connectCount<br>";
if ($this->dbType == 'mysql') {
$dbConnect = mysql_connect($this->dbHost, $this->dbUser, $this->dbPasswd) or die ("MySql Connection Failed: " . mysql_error());
mysql_select_db($this->dbName, $dbConnect);
}
if ($this->dbType == 'postgresql') {
$dbConnect = pg_connect("host=$this->dbHost port=$this->dbPort dbname=$this->dbName user=$this->dbUser password=$this->dbPasswd") or die ("PostgreSQL Connection Failed: " . pg_errormessage($dbConnect));
//$dbConnect = pg_pconnect("host=$this->dbHost port=$this->dbPort dbname=$this->dbName user=$this->dbUser password=$this->dbPasswd") or die ("PostgreSQL Connection Failed: " . pg_errormessage($dbConnect));
}
return $dbConnect;
}
I'm aware the fact that this is because the current way my site connects to MYSQL is now outdated in the new version of PHP but does anyone know how I would update the above code to make this work?
The easier way is to use mysqli_connect(). The syntax is very similar to what you would had with mysql_connect(),which means the changes in your code will be minor and easy to make.
Pdo would be the safest, but if you are trying to get you site back on quickly, the mysqli_* commands will achieve that.
Google (or check on stackoverflow) mysql vs mysqli. You ll find plenty of examples.
Hope this helps.
Good luck
--
Sorry after re-reading i see you asked what needs to be change on your source code. Afraid i cannot help right now as i am responding from a mobile phone :(
This question already has answers here:
mysqli_query() expects at least 2 parameters, 1 given
(5 answers)
Closed 9 years ago.
Im trying to convert a project of mine from mysql to mysqli but it seems to give me a error
Warning: mysqli_query() expects at least 2 parameters, 1
this is my database connection
$mysqli = new mysqli();
$mysqli->connect('localhost', 'root', '', 'myscript');
this is the query
$sql = mysqli_query("SELECT * FROM settings WHERE id='1'") or die (mysqli_error());
$results = mysqli_fetch_array($sql);
if anyone can tell me how to fix this error i will be grateful. thanks in advance.
You can try performing your query using Object oriented PHP way instead of mixing and matching Object oriented PHP and regular PHP:
$mysqli = new mysqli();
$mysqli->connect('localhost', 'root', '', 'myscript');
if($result = $mysqli->query("SELECT * FROM settings WHERE id='1'")){
//DO STUFF
$result->close();
}else{
printf("Error: %s\n", $mysqli->error);
}
Please, do not convert a project of yours from mysql to mysqli.
Convert it to PDO.
Mysqli is good only for the silly examples from beginner's manual - it will make your life harder as you progress.
So, instead of mysqli just use PDO.
It's almost the same:
$opt = array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION);
$pdo = new PDO('mysql:dbname=myscript;host=localhost','root','', $opt);
$stm = $pdo->prepare("SELECT * FROM settings WHERE id=?");
$stm->execute(array(1));
$data = $stm->fetch();
Note parameretized query support - the main reason for such a move between drivers - which already used in this code.
Even in such small examples PDO is better. Way better. And with more complex ones mysqli will become totally unusable while PDO would be the same - quite ugly but at least feasible.