Deprecated: mysql_query() [duplicate] - php

This question already has an answer here:
The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead [duplicate]
(1 answer)
Closed 8 years ago.
i just update my server. it showing an error today
Deprecated: mysql_query(): The mysql extension is deprecated and will be removed in the >future: use mysqli or PDO instead in C:\wamp\www\work\db\dbfields - Copy.php on line 33
my dbfields - Copy.php page is
mysql_query("insert into user(name,address) values('$name','$address')");
i create 2 columns (name&address), need to insert the value of var($name& $address).


mysqli_query is now used instead of mysql_query. You can also use PDO::query or MySQLi::query. You can see the documentation here


Read : The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead
It basically means mysql_query() can no longer be used. You will have to switch to using PDO.
For PDO, read: http://php.net/manual/en/book.pdo.php

Related

how to solve this php mysql warning [duplicate]

This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 6 years ago.
My code is as following:
$br_code=$_SESSION["br_code"];
echo $sqlstr="select DISTINCT branch_assets.s_id,s_name
from branch_assets,assets
where assets.s_id=branch_assets.s_id and
br_code='$br_code'";
echo $result=mysql_query($sqlstr);
while($row1=mysql_fetch_array($result))
{
}
But on the line of while loop it show me warning as
Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\wamp\www\System_management\send_in_maintanance1.php
where is my mistake please help to find this.

$sqlstr="select DISTINCT branch_assets.s_id,s_name from branch_assets,assets where assets.s_id = branch_assets.s_id and br_code='".$br_code."'";
It's best to switch to either mysqli or PDO with a prepared statement instead of mysql_, since it is deprecated and deleted from PHP 7.0.
Reference:
https://en.wikipedia.org/wiki/Prepared_statement

mysql_query returns the notice "Trying to get property of non-object" [duplicate]

This question already has answers here:
mysql_fetch_array()/mysql_fetch_assoc()/mysql_fetch_row()/mysql_num_rows etc... expects parameter 1 to be resource
(31 answers)
Closed 5 months ago.
I am trying to get an old PHP script to work but I keep getting this notice:
Notice: Trying to get property of non-object in ...
The notice is based on the last line of this code:
$result_id_check = mysql_query("select ses_userid from fe_sessions where ses_id = '".$_COOKIE['fe_typo_user']."';");
$row_check = mysql_fetch_object($result_id_check);
if ($row_check->ses_userid) {
I also tried using mysqli_query and mysqli_fetch_object but that won't take any changes.
Any ideas how I can resolve this?

This error normally means that the query failed.
You should be checking for errors as you go like this, also the string concatenation can be made simpler if you use either the {$_COOKIE['fe_typo_user']} form of variable expansion inside a double quoted string, or alternatively this will also work $_COOKIE[fe_typo_user]
$sql = "select ses_userid
from fe_sessions
where ses_id = '{$_COOKIE['fe_typo_user']}'"
$result_id_check = mysql_query($sql);
if ( $result_id_check === false ) {
echo mysql_error();
echo 'Bad SQL : ' . $sql;
exit;
}
$row_check = mysql_fetch_object($result_id_check);
This way when you make small mistakes with your SQL, you get told about them directly and you dont have to wonder what nay have gone wrong.
Please dont use the mysql_ database extension, it
is deprecated (gone for ever in PHP7)
Specially if you are just learning PHP, spend your energies learning the PDO database extensions.
Start here
You should also be using parameterized queries ( available in the mysqli_ and PDO database extensions, but not the old deprecated mysql_ extension) to avoid SQL Injection Attack Specially if you are using data got from $_POST or $_GET or $_COOKIE
If you are considering moving to mysqli_ or PDO you should read also read this Can I mix MySQL APIs in PHP?

Before using $row_check->ses_userid just check whether $row_check is true or false.
if ($row_check) {
if ($row_check->ses_userid) {
}
}

Installing mysqli [duplicate]

This question already has answers here:
Why shouldn't I use mysql_* functions in PHP?
(14 answers)
Closed 6 years ago.
I'm trying to connect my form to the database but it keeps giving me this error.
( ! ) Deprecated: mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in C:\wamp\www\Excercise\Real\base.php on line 9
Call Stack
# Time Memory Function Location
1 0.4390 135464 {main}( ) ...\index.php:0
2 0.5110 137784 include( 'C:\wamp\www\Excercise\Real\base.php' ) ...\index.php:1
3 0.7050 138816 mysql_connect ( ) ...\base.php:9

It's telling you that your version of mysql is outdated and you need to use mysqli instead.

Should I use mysqli_real_escape string() or mysql_real_escape_string() for form data? [duplicate]

This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
mysql_escape_string VS mysql_real_escape_string
I need to get company_name (given by user through a form) entered into my mysql database.
When I use
$company = mysqli_real_escape_string($_POST['company_name'])
I get an error
Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in /opt/lampp/htdocs/Abacus-Version-2/admin/Company/insert_company.php on line 58
But everything seems to fine while using
$company = mysql_real_escape_string($_POST['company_name'])
What can I do in such cases?

The one to use depends on whether you are using the MySQLi extension or the MySQL extension
// procedural mysqli
$db = new mysqli;
$sql = sprintf("INSERT INTO table (id,name,email,comment) VALUES (NULL,'%s','%s','%s')",
mysqli_real_escape_string($db,$name),
mysqli_real_escape_string($db,$email),
mysqli_real_escape_string($db,$comment) );
// mysql
$conn = mysql_connect();
$sql = sprintf("INSERT INTO table (id,name,email,comment) VALUES (NULL,'%s','%s','%s')",
mysql_real_escape_string($name,$conn),
mysql_real_escape_string($email,$conn),
mysql_real_escape_string($comment,$conn) );

mysql_real_escape_string() is designed to make data safe for insertion into the database without errors. (IE such as escaping slashes so that it doesn't break your code).
You should use mysql_ or mysqli_ functions to match your connection string. "mysqli" is the object oriented implementation of the mysql set of functions, so the functions are called in the object oriented style. "mysql" is procedural. I'd suggest changing over to "mysqli" because I believe there has been talk of depreciating the "mysql" functions in future versions.
If you connection string is:
mysql_connect()
then use:
mysql_real_escape_string($_POST[''])
If it is:
$mysqli = new mysqli();
then use:
$mysqli->real_escape_string($_POST[''])

Definitely NO
Both functions has nothing to do with form data.
They have to be used to format string literals inserted into SQL query only.
This function belongs to the SQL query, not to whatever form. And even to very limited part of the query - a string literal.
So, every time you're going to insert into query a string literal (frankly, a portion of data enclosed in quotes), this function ought to be used unconditionally.
For the any other case it shouldn't be used at all.
As for the error you're getting - it's pretty self-explanatory: this function expects 2 parameters, not one. Just pass proper parameters as stated in the manual page for this function, and you'll be okay

It should be this if you use Procedural style:
$city = mysqli_real_escape_string($link, $city);
where link is the connection
or this when you use Object oriented style:
$city = $mysqli->real_escape_string($city);
Check out the php manual:
http://php.net/manual/en/mysqli.real-escape-string.php

Since all the MySQL extension is being deprecated, you'd best use the MySQLi methods instead, it's more future proof.

Both variants are fine* (Please look at my Update).
When you are using a mysql_connect then you should stick to mysql_real_escape_string() and also pass the connection handle.
When you are using a mysqli_connect then you should stick to mysqli_real_escape_string().
UPDATE
As pointed out by Jeffrey in the comments, using mysql_ functions is NOT fine. I agree to that. I was just pointing out, that you need to use the function that is used by the MySQL-extension you are using.
It came to me, that it was not the question, which MySQL-extension to use, but which function for escaping data.
If you ask me:
Use mysqli or PDO, because mysql is not recommendable and deprecated.
Pass the Connection Handle to the escape-function or better
use prepared Statements (PDO-Style)

Check mysql_query results if DELETE query worked? [duplicate]

This question already has answers here:
How to test if a MySQL query was successful in modifying database table data?
(5 answers)
Closed 1 year ago.
I have a DELETE query which deletes a record from a mysql db.
is there any way to make sure if the delete was performed or not?
I mean, for a query to FIND stuff you do
$res=mysql_query($var);
$nr=mysql_num_rows($res);
and you get nr of rows returned.
Is there any similiar method for deletion of records?
Thanks

Use mysql_affected_rows(). It does not require the response as a parameter.
mysql_query('DELETE FROM whatever');
$num = mysql_affected_rows();
Also, I like PDO better than the classic mysql_ functions. Just saying.

mysql_affected_rows() extension was deprecated in PHP 5.5.0, and it was removed in PHP 7.0.0. Instead,the MySQLi or PDO_MySQL extension should be used.
$mysqli = new mysqli("localhost", "my_user", "my_password", "world");
$mysqli->query("DO SOMETHING");
$mysqli->affected_rows;

Categories