Jump to content
acctman

mysqli conversion on fetch_assoc and real_escape_string

Recommended Posts

 can someone assistance me with converting this code over to mysqli. I know that mysqli requires 2 parameters instead of one... i tried 

$user = mysqli_real_escape_string($g_link, $en['user']); 

but no connection was passed.

$user = mysql_real_escape_string($en['user']);
$pass = mysql_real_escape_string($en['pass']);

$sql = "SELECT m_id, m_user, m_pass, m_email, m_del 
        FROM $membtable WHERE m_user='".$user."' AND m_pass='".$pass."' AND m_del!=1";

$result = mysql_query($sql);
$line = mysql_fetch_assoc($result);

Db Connection

    $g_link = false;

    function GetDbConn()
    {
        global $g_link;
        if( $g_link )
            return $g_link;
        $g_link = mysqli_connect($db_server, $db_user, $db_pass) or die("Error " . mysqli_error($g_link));
        mysqli_select_db($g_link, 'cialdb') or die('Could not select database.');
        return $g_link;
    }

Share this post


Link to post
Share on other sites
$user = mysqli_real_escape_string(GetDbConn(), $en['user']);

Share this post


Link to post
Share on other sites

1 - you didn't show us where you actually called your connection function.

 

2 - your function should do some testing of the results of its actions (as you should in ALL code) to ensure that the connection was made. Perhaps it wasn't made and that is your problem which you would have known if you had done simple basic error checking. One should always take advantage of the return results, uaually Boolean, to ensure that unexpected things haven't interfered with your PHP code's execution. Things like db connections, query calls, external file opens/closes and other things that rely on the rest of the world functioning normally.

 

3 - STOP using the MySQL_* functions. Look them up in the manual. Note the red print (is it still red?) telling you that the interface is deprecated - that means outlawed - and is already removed from the latest version of PHP.

Share this post


Link to post
Share on other sites

3 - STOP using the MySQL_* functions. Look them up in the manual. Note the red print (is it still red?) telling you that the interface is deprecated - that means outlawed - and is already removed from the latest version of PHP.

It looks like you missed the very first sentence of OP's post.

Share this post


Link to post
Share on other sites

You shouldn't try to translate your old code word-for-word, especially when you've adopted all kinds of bad techniques (which you have).

 

The purpose of MySQLi is not to add a fancy new “i” to all functions. It has actually introduced new features to make you write better code:

  • Manual escaping (which nobody seems to get right) has been replaced with prepared statements.
  • Manual error handling (which nobody seems to get right) has been replaced with exceptions.

Use those features! In the 21st century, websites really should stop printing MySQL errors on the screen or telling me that no database could be selected. What the hell am I supposed to do with this information? I'm a random visitor, not your PHP developer or database administrator.

 

You should also consider using PDO instead of MySQLi, because it's a lot more flexible and comfortable. MySQLi may sound familar and easy to transition to, but it's very cumbersome and limits you to the MySQL database system once and forever.

Share this post


Link to post
Share on other sites

Requinex - Yes I noticed the mismatch in the OPs use of function sets. I thought it was more important to get him/her to change the outdated functions and improve his coding practices instead of having him/her 'correct' one statement to old, outdated code.

Share this post


Link to post
Share on other sites

Getting rid of the old MySQL extension is the whole point of this thread. The OP knows that it's outdated.

Share this post


Link to post
Share on other sites

thanks for all the tips ... I'm going to find a tutorial on mysqli to bring myself up to speed 

Share this post


Link to post
Share on other sites

if you are going to take the time to learn a new php database extension, use that time learning the PDO extension. it's more constant, simpler, and cleaner than the mysqli extension, particularly when using prepared queries.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.