server now running php8+ and my code now returns no results on anything

[nearenough1]

a few months ago my free server updated its php to php8 and now nothing on my results website shows up when you click a link.

http://trotdata.byethost32.com/

im assuming i need to update the php code for each serch page but ive no idea where to start and what to do. at the moment i have the following for the results search page which currently returns a blank page.

 

{

$Meetcode = $_GET['Meetcode'];

}

{

$searchSQL = "SELECT RaceDate, RaceNumber, RaceName, RaceDist, Track, Placing, Sorter, Horseid, Trail, Draw, Driver, Dist, Time, Comment, Prize FROM RaceTable WHERE ";

 

$types = array();

$types[] = $_GET['Meetcode']?"`Meetcode` LIKE '$Meetcode'":'';

 

$types = array_filter($types, "removeEmpty"); 

 

if (count($types) < 1)

$types[] = "`Meetcode` LIKE '$Meetcode'";

 

$andOr = isset($_GET['matchall'])?'AND':'OR';

$searchSQL .= implode(" {$andOr} ", $types) . " ORDER BY racedate, racenumber, Sorter, Placing ASC"; // order by title.order by title.

 

$searchResult = mysqli_query($searchSQL) or trigger_error("There was an error.<br/>" . mysqli_error() . "<br />SQL Was: {$searchSQL}");

 

if (mysqli_num_rows($searchResult) < 1)

{

$error[] = "The search term provided {$searchTerms} yielded no results.";

}

else

{

$results = array(); // the result array

echo '<table border="0" align=center width=80%>';

$last_race_number ='';

while ($row = mysqli_fetch_assoc($searchResult))

{

if($last_race_number != $row['RaceNumber'])

{

echo "<tr><th colspan='9'>". $row['RaceName'] ." - ". $row['RaceDist']." - ". $row['Track']." - ". $row['RaceDate'] ."</td></tr>";

}

echo '<tr>';

echo "<th>".$row['Placing']."</td>";

echo "<td align=left><a href='horse.html.php?Horseid=".urlencode($row['Horseid'])."'>".$row['Horseid']."</a></td>";

echo "<td>".$row['Trail']."</td>";

echo "<td>".$row['Draw']."</td>";

echo "<td align=left>".$row['Driver']."</td>";

echo "<td>".$row['Dist']."</td>";

echo "<td>".$row['Time']."</td>";

echo "<td align=left>".$row['Comment']."</td>";

 

echo "<td>£".$row['Prize']."</td>";

 

echo '</tr>';

$last_race_number = $row['RaceNumber'];

}

echo '</table>';

}

}

 

?>

************when i test the code i get an error for line=

$searchResult = mysqli_query($searchSQL) or trigger_error("There was an error.<br/>" . mysqli_error() . "<br />SQL Was: {$searchSQL}");

and line=

$error[] = "The search term provided {$searchTerms} yielded no results.";

what do i need to do to ressurect my site please??

 

[Barand]

RTFM

mysqli_query() requires 2 arguments.

There  is more to switching from mysql_xxx() to mysqli_xxx() than just adding an "i". They are completely different animals.

[nearenough1]

19 minutes ago, Barand said:

RTFM

mysqli_query() requires 2 arguments.

There  is more to switching from mysql_xxx() to mysqli_xxx() than just adding an "i". They are completely different animals.

thanks for the reply. would be nice if adding an i had solved all my problems, but hey ho lifes never that simple is it.

so if the above requires 2 arguments how do i do that please?

thanks

[mac_gyver]

to convert old mysql_ based code, you need to 1) convert the database extension to a currently supported one, 2) provide protection against sql special characters in a value being able to break the sql query syntax, which is how sql injection is accomplished, and 3) handle database statement errors.

for item #1, the PDO extension is much simpler and more modern then the mysqli extension.

for item #2, the simplest way of doing this is to use prepared queries, which provides protection for all data types. converting any query to a prepared query is straightforward -

1. remove the php variables (keep these for later) and any single-quotes, {}, and quotes/concatenation dots that were used to get the variables into the sql query statement.
2. put a ? place-holder into the sql query statement for each variable you removed.
3. prepare the query.
4. supply an array of the variables to the ->execute([...]) call.

note: any wild-card search characters, typically used with a LIKE comparison, are part of the value, not part of the sql query statement.

for item #3, as of php8, both the mysqli and PDO extensions use exceptions by default for all the database statements that can fail -  connection, query, exec, prepare, and execute. this simplifies your code, since you can remove any existing error handling logic. the only database exceptions you should catch and handle in your code are for user recoverable errors, such as when inserting/updating user submitted data (which you are not doing in this case.) in all other cases, simply let php catch and handle any database exceptions, where php will use its error related settings to control what happens with the actual error information (database statement errors will 'automatically' get displayed/logged the same as php errors.)

 

Edited December 22, 2023 by mac_gyver

[Barand]

10 minutes ago, nearenough1 said:

so if the above requires 2 arguments how do i do that please?

Following the link to the required page in the manual that I provided would be a start.

[nearenough1]

i followed the link "SQL tutorials" at the footer of the reply and i got to a very complex website on which i could not find the relevant page dealing with mysqli_query() sorry i did try. id like my free website to be back working as its a big help to a sport which is really struggling in the UK at present. ive hardly any knowledge of computer programming so its quite a struggle to get my head around all these new things flying about from all directions.

 

 

[Barand]

The relevant link was in my reply...

                                

which linked to ...

                                 https://www.php.net/mysqli_query

[ginerjm]

I realize that you are used to using free things but in this case if you make the effort to teach yourself how to implement PDO for a database interface you will learn so much more than you currently know.  No - it's not gonna be free but it will be worth the effort.

[nearenough1]

3 hours ago, ginerjm said:

I realize that you are used to using free things but in this case if you make the effort to teach yourself how to implement PDO for a database interface you will learn so much more than you currently know.  No - it's not gonna be free but it will be worth the effort.

as i have one website and its free for anyone to use it would not make sense to spend money on learning a thing i would only ever use once im afraid. i will certainly look into finding somewhere to learn about PDO with a budget of £0

[gizmola]

On 12/23/2023 at 12:35 PM, nearenough1 said:

as i have one website and its free for anyone to use it would not make sense to spend money on learning a thing i would only ever use once im afraid. i will certainly look into finding somewhere to learn about PDO with a budget of £0

I guess you don't understand that phpfreaks is a free site, with expert help provided by volunteers.  Given the fact that everyone is donating their time and expertise to try and help people like yourself, the argument that you host a free site with source code you got from somewhere else for free, means you shouldn't ever have to learn anything (which can be learned in a few hours) will not get you much sympathy here.  

[Andou]

On 12/23/2023 at 3:35 PM, nearenough1 said:

as i have one website and its free for anyone to use it would not make sense to spend money on learning a thing i would only ever use once im afraid. i will certainly look into finding somewhere to learn about PDO with a budget of £0

gizmola said it better than I could, but how you should do it is by googling "PHP The Right Way" and scroll down until you see PDO. Or just check the manual.

You can, in fact, learn PDO with a budget of £0 (or $0, as the case may be). I myself am trying to learn it right now.