This question already has answers here:
Why shouldn't I use mysql_* functions in PHP?
(14 answers)
Closed 5 years ago.
i need to retrieve the username from the table users but i am using mysql_real_escape_string but it is giving me the error :
( ! ) Fatal error: Uncaught Error: Call to undefined function mysql_real_escape_string() in C:\wamp64\www\final-project\profile.php on line 4
( ! ) Error: Call to undefined function mysql_real_escape_string() in C:\wamp64\www\final-project\profile.php on line 4
Call Stack
# Time Memory Function Location
1 0.0014 368024 {main}( ) ...\profile.php:0
the code is :
<?php include("./inc/header.inc.php");?>
<?php
if(isset($_GET['u'])) {
$username = mysql_real_escape_string($_GET['u']);
if(ctype_alnum($username)){
//check if user exist
$check = DB::query("SELECT username FROM users WHERE username='$username'");
if(mysql_num_rows($check)==1){
$get = mysql_fetch_assoc($check);
$username = $get['username'];
}else{
echo "<meta http-equiv=\"refresh\"0; url=http://localhost/final-project/index.php\">";
exit();
}
}
}
?>
<h2>Profile page for : <?php echo "$username";?></h2>
the if(isset($_GET['u'])) is returning the username
It was removed in PHP7.
Per the documentation:
http://php.net/manual/en/function.mysql-real-escape-string.php
This extension was deprecated in PHP 5.5.0, and it was removed in PHP 7.0.0. Instead, the MySQLi or PDO_MySQL extension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
I'm getting the following errors from php7 on a new Ubuntu server:
Notice: Trying to get property of non-object in ~/tLogServ.php on line 14
Warning: mysqli::query(): Couldn't fetch mysqli in ~/tLogServ.php on line 17
Fatal error: Uncaught Error: Call to a member function fetch_assoc() on null in ~/tLogServ.php:18
Stack trace:
0 {main}thrown in ~/tLogServ.php on line 18
Here's the tLogServ.php
<?php
header("Access-Control-Allow-Origin: *");
header("Content-Type: application/json; charset=UTF-8");
$request = json_decode( file_get_contents('php://input') );
$variable = $request->data;
// echo($variable);
$result = $conn->query("SELECT password FROM login where userID LIKE 'technician'");
$rows = $result->fetch_assoc();
$passHashed = $rows['password'];
if(password_verify($variable, $passHashed)){
$loginMess = "success";
}else{
$loginMess = "fail";
}
echo json_encode($loginMess);
$conn->close();
?>
and my connection script
<?php
DEFINE ('user', '$%^*(');
DEFINE ('pass', '^*&%*');
DEFINE ('host', '1*&^*&^');
DEFINE ('DB', '^*%*(&%^');
$conn = new mysqli(host, user, pass, DB) OR die('Fail Whale ' . mysqli_connect_error());
?>
The notice will go away with input, but I'm unsure about and the warning and the fatal error it causes.
This code works without issue on Ubuntu 14 with PHP5. I've uncommented
extension=php_mysqli.dll
in php.ini. This is obviously a compatibility issue, but I'm unsure if I need to re-write my code or if it's a matter of a simple setting that I can't find.
The issue was two stupid mistakes.
1)The user I referenced in my connection was not given proper rights.
and
2) 'Host' was defined as the IP of the localhost. For whatever reason this worked on Cat connection, but not on WiFI (both had static Ip's).
For others with the same/similar issue. Verify that your php.ini mysqli extension is enabled/uncommmented. As A.L was onto the issue was with mySQL settings not PHP/Ubuntu.
This question already has answers here:
"Notice: Undefined variable", "Notice: Undefined index", "Warning: Undefined array key", and "Notice: Undefined offset" using PHP
(29 answers)
Closed 7 years ago.
I have an Index.php which has a form for fetching user details when that form is submitted it fires the data to a new program.php for validation in program.php I've linked db.php in which I've the connection to the database, code of db.php is given below:
<?php
$link=mysql_connect('localhost', 'root', '') or die ("mysql_connect_error()");
$dbselect=mysql_select_db('test',$link) or die ("Error while connecting the database");
?>
since using it this way sql injections are possible, so I tried changing it to code given below:
<?php
$hostname='localhost';
$username='root';
$password='';
try
{
$dbh = new PDO("mysql:host=$hostname;dbname=test",$username,$password);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); // <== add this line
$dbh = null;
}
catch(PDOException $e)
{
echo $e->getMessage();
}
?>
but I am getting an error when I connect submit the form. Inside my program.php I have called db.php by include "db.php";. Since I am new to PDO, I am not sure where am I going wrong.
Updated program.php code
<?php
if($_POST)
{
include "link_db.php";
if ($_POST[admin_sign_up])
{
$fname=$_POST[fname];
$lname=$_POST[lname];
$id =$_POST[id];
$id_pass=$_POST[id_pass];
$sql="insert into admin_database(fname, lname, id, id_pass)
value ('$fname','$lname','$id','$id_pass')";
mysql_query($sql);
$error=mysql_error();
if(empty($error))
{
echo "<script>alert('Registration Successful...')</script>";
header("Location:index.php",true);
}
else
{
echo "Registration Failed...<br> Email Id already in use<br>";
echo "<a href='failed.php'>Click to SignUp again</a>";
}
}
if ($_POST[admin_login])
{
$id =$_POST[id];
$id_pass=$_POST[id_pass];
$sql="select * from admin_database where id = '$id' and id_pass= '$id_pass'";
$result=mysql_query($sql);
echo mysql_error();
$row=mysql_fetch_array($result);
$rowcnt=mysql_num_rows($result);
if($rowcnt==1)
{
session_start();
$_SESSION['id']=$id;
$_SESSION['fname']=$row['fname'];
$_SESSION['lname']=$row['lname'];
$_SESSION['varn']="Y";
echo "Login Successfully....";
header("Location:home.php",true);
}
else
{
$id =$_POST[id];
$id_pass=$_POST[id_pass];
$sql="insert into adminfailure(id, id_pass, date_time)
value ('$id','$id_pass',NOW())";
mysql_query($sql);
$error=mysql_error();
if(empty($error))
{
Echo "Invalid Login ID or Password....";
header("Location:fail.php",true);
}
else
{
echo "incorrect details";
}
}
}
if ($_POST[logout])
{
header("location:destroy.php",true);
}
}
?>
Updated Errors which I get
Notice: Use of undefined constant test_sign_up - assumed 'test_sign_up' in B:\XAMPP\htdocs\test\program.php on line 6
Notice: Undefined index: test_sign_up in B:\XAMPP\htdocs\test\program.php on line 6
Notice: Use of undefined constant test_login - assumed 'test_login' in B:\XAMPP\htdocs\test\program.php on line 32
Notice: Use of undefined constant id - assumed 'id' in B:\XAMPP\htdocs\test\program.php on line 35
Notice: Use of undefined constant id_pass - assumed 'id_pass' in B:\XAMPP\htdocs\test\program.php on line 36
No database selected
Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in B:\XAMPP\htdocs\test\program.php on line 41
Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in B:\XAMPP\htdocs\test\program.php on line 42
Notice: Use of undefined constant id - assumed 'id' in B:\XAMPP\htdocs\test\program.php on line 56
Notice: Use of undefined constant id_pass - assumed 'id_pass' in B:\XAMPP\htdocs\test\program.php on line 57
incorrect details
Notice: Use of undefined constant logout - assumed 'logout' in B:\XAMPP\htdocs\test\program.php on line 73
Notice: Undefined index: logout in B:\XAMPP\htdocs\test\program.php on line 73
In your code, you first create a connection to the database, then you set it to null.
Whenever you try to access the $dbh object after that, it will be null.
$dbh = new PDO("mysql:host=$hostname;dbname=test",$username,$password);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$dbh = null; // <= Right here.
Remove the $dbh = null; line, and you should be able to use the object as intended.
The $dbh object it not just a "link" as you do in your mysql_* code, but it is a object that you use to call the database, this is not the same object that you use in your mysql_* calls.
i.e., You can not use the earlier mysql_* code and just pass the pdo object into the call instead of the mysql link.
So the code will differ a bit from your earlier code.
Example:
// Earlier code using `mysql_* API`:
$sql="select * from admin_database where id = '$id' and id_pass= '$id_pass'";
$result=mysql_query($sql);
$row=mysql_fetch_array($result);
// Would look something like this using PDO:
$statement = $dbh->prepare('SELECT * FROM admin_database WHERE id =:id AND id_pass =:idpass');
// Here you can either use the bindParam method, or pass the params right into the execute call:
$statement->execute(array('id' => $id, 'idpass' => $id_pass);
$row = $statement->fetch();
I'd recommend reading up on PDO in the docs if you have issues with converting the code.
Further recommendations:
When you are including a file like this, one you only want to be included once per script run, its always a good idea to make sure that it is only included once. This can be done by using the include_once keyword instead of just include. Now, if you use include, this will include the script if possible, if it cant, it will keep run the script, and the script will crash when you try to use the varaiables set in the file.
Instead of using include in this case, I would recommend using the require (or rather require_once) keyword. Which will include the file, and if it cant, stop execution of the script and display an error message (if you have error reporting on).
You have to change not only db.php but ALL the queries over your code. And always use prepared statements to pass variables to queries. Otherwise PDO won't protect you from injections.
At the moment I am writing tutorial on PDO, it is still incomplete but can give you basics you may start from.
having an issue with connecting to my DB (been a long long day) - so anyway I am creating a simple search query into my DB but getting scripting errors - so here is my code:
<?php
mysqli_connect("localhost", "my username", "my password");
mysqli_select_db("smudged");
$search = mysqli_real_escape_string(trim($_POST['searchterm']));
$find_image = mysqli_query("SELECT * FROM 'smd_images' WHERE 'img_description' LIKE'%$search%'");
while($row = mysqli_fetch_assoc($find_image))
{
$name = $row['name'];
echo "$name";
}
?>
Here is my error:
search.php on line 4 Warning: mysql_select_db(): A link to the server could not be established in /marble/search.php on line 4 Fatal error: Call to undefined function mysql_real_escape_sring() in /marble/search.php on line 6
Typo. Instead of mysql_real_escape_sring() you probably meant mysql_real_escape_string()
This question already has answers here:
mysqli fetch_all() not a valid function?
(11 answers)
Closed 9 years ago.
I moved my code from test server to hostgator and I receive this error:
Fatal error: Call to undefined method mysqli_result::fetch_all()
I've coded so many lines with fetch_all that it will be quite tiresome to change it all.
What is the easiest way to get around this problem?
sample php:
function get_all_map_users() {
$mysqli = new mysqli(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME);
if ($mysqli->connect_error) {
//Failed to connect
die('Could not connect: ' . $mysqli->connect_error . ' - ' . $mysqli->connect_errno);
}
//Success
$result = $mysqli->query("SELECT * FROM names");
$rows = $result->fetch_all(MYSQLI_ASSOC);
//Clear result set
$result->free();
//End mysql query
//Close mysqli connection
$mysqli->close();
return $rows;
}
Enable PHP 5.3 on Hostgator: http://support.hostgator.com/articles/hosting-guide/hardware-software/php-5-3.