mysqli conversion on fetch_assoc and real_escape_string

[acctman 0]

 can someone assistance me with converting this code over to mysqli. I know that mysqli requires 2 parameters instead of one... i tried 

$user = mysqli_real_escape_string($g_link, $en['user']); 

but no connection was passed.

$user = mysql_real_escape_string($en['user']);
$pass = mysql_real_escape_string($en['pass']);

$sql = "SELECT m_id, m_user, m_pass, m_email, m_del 
        FROM $membtable WHERE m_user='".$user."' AND m_pass='".$pass."' AND m_del!=1";

$result = mysql_query($sql);
$line = mysql_fetch_assoc($result);

Db Connection

    $g_link = false;

    function GetDbConn()
    {
        global $g_link;
        if( $g_link )
            return $g_link;
        $g_link = mysqli_connect($db_server, $db_user, $db_pass) or die("Error " . mysqli_error($g_link));
        mysqli_select_db($g_link, 'cialdb') or die('Could not select database.');
        return $g_link;
    }

[requinix 789]

$user = mysqli_real_escape_string(GetDbConn(), $en['user']);

[ginerjm 233]

1 - you didn't show us where you actually called your connection function.

 

2 - your function should do some testing of the results of its actions (as you should in ALL code) to ensure that the connection was made. Perhaps it wasn't made and that is your problem which you would have known if you had done simple basic error checking. One should always take advantage of the return results, uaually Boolean, to ensure that unexpected things haven't interfered with your PHP code's execution. Things like db connections, query calls, external file opens/closes and other things that rely on the rest of the world functioning normally.

 

3 - STOP using the MySQL_* functions. Look them up in the manual. Note the red print (is it still red?) telling you that the interface is deprecated - that means outlawed - and is already removed from the latest version of PHP.

[requinix 789]

3 - STOP using the MySQL_* functions. Look them up in the manual. Note the red print (is it still red?) telling you that the interface is deprecated - that means outlawed - and is already removed from the latest version of PHP.

It looks like you missed the very first sentence of OP's post.

[Jacques1 628]

You shouldn't try to translate your old code word-for-word, especially when you've adopted all kinds of bad techniques (which you have).

 

The purpose of MySQLi is not to add a fancy new “i” to all functions. It has actually introduced new features to make you write better code:

• Manual escaping (which nobody seems to get right) has been replaced with prepared statements.
• Manual error handling (which nobody seems to get right) has been replaced with exceptions.

Use those features! In the 21st century, websites really should stop printing MySQL errors on the screen or telling me that no database could be selected. What the hell am I supposed to do with this information? I'm a random visitor, not your PHP developer or database administrator.

 

You should also consider using PDO instead of MySQLi, because it's a lot more flexible and comfortable. MySQLi may sound familar and easy to transition to, but it's very cumbersome and limits you to the MySQL database system once and forever.

[ginerjm 233]

Requinex - Yes I noticed the mismatch in the OPs use of function sets. I thought it was more important to get him/her to change the outdated functions and improve his coding practices instead of having him/her 'correct' one statement to old, outdated code.

[Jacques1 628]

Getting rid of the old MySQL extension is the whole point of this thread. The OP knows that it's outdated.

[acctman 0]

thanks for all the tips ... I'm going to find a tutorial on mysqli to bring myself up to speed 

[mac_gyver 454]

if you are going to take the time to learn a new php database extension, use that time learning the PDO extension. it's more constant, simpler, and cleaner than the mysqli extension, particularly when using prepared queries.