#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2017
    Posts
    3
    Rep Power
    0

    Update issues from mysql to mysqli on PHP 7 server


    Hi anyone,

    Had this update code running fine for years until my ISP updated to PHP 7!! and now I am completely lost as what changes would have to be made to make it work?

    I can't seem to find any useful info on the web and kinda hoped someone here could help me or point me in the right direction?

    Thanks in advance
    ___________________________________________

    <?
    include("../php/db2.inc.php");
    $conn = mysql_connect($host,$username,$password);
    if(!$conn) die("Failed to connect to database!");
    $status = mysql_select_db($db, $conn);
    if(!$status) die("Failed to select database!");
    $id=$_GET['id'];
    $query=" SELECT * FROM artists WHERE id='$id'";
    $result=mysql_query($query);
    $num=mysql_numrows($result);
    mysqli_close();
    $i=0;
    while ($i < $num) {
    $artist=mysql_result($result,$i,"artist");
    $comments=mysql_result($result,$i,"comments");
    $video_link=mysql_result($result,$i,"video_link");
    $style=mysql_result($result,$i,"style");
    ?>

    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
    <html lang="en">
    <head>
    <!-- Includes -->
    <link href="../css/administration.css" rel="stylesheet" type="text/css">
    </head>
    <body>
    <div id="add_wrapper">
    <div class="admin_page_heading2">Update Artists Details</div>
    <form action="../includes/update.php" method="post">
    <input type="hidden" name="ud_id" value="<? echo $id; ?>"><br>
    <div id="artist_name_title">Artist:</div><br><input type="text" name="ud_artist" class="artist_name_enter" value="<? echo $artist; ?>"><br>
    <div id="artist_comments_title">Comments:</div> <br><textarea cols="1" rows="3" name="ud_comments" class="artist_comments_enter" value="<? echo $comments; ?>"><? echo $comments; ?></textarea><br>
    <div id="weblink_title">Weblink:</div> <br><textarea cols="1" rows="3" name="ud_video_link" class="weblink_enter" value="<? echo $video_link; ?>"><? echo $video_link; ?></textarea><br>
    <div id="artist_style_title">Artist Style:</div><input type="text" name="style" class="artist_style_enter" value="<? echo $style; ?>"><br>
    <select name="ud_style" type="text" value="" class="artist_style_enter2">
    <option value="Acoustic">Acoustic</option>
    <option value="Alternative">Alternative</option>
    <option value="Classical">Classical Old &amp; New</option>
    <option value="Electronic">Electronic</option>
    <option value="Folkloric">Folkloric / World</option>
    <option value="Dance">Dance / House / Disco / Electro</option>
    <option value="Grooves">Grooves</option>
    <option value="HipHop">Hip Hop / Rap / R&amp;B / Soul</option>
    <option value="Jazz">Jazz</option>
    <option value="Unclassifiable">Abstract / Unclassifiable</option>
    </select>
    <div id="submit"><input type="Submit" value="Update"></div>
    </form>
    </div>
    </body>
    </html>
    <?php
    ++$i;
    }
    ?>

    ______________________________________

    Form Action Code PHP from "../includes/update.php"

    <?php
    include("../php/db2.inc.php");
    $conn = mysqli_connect($host,$username,$password);
    if(!$conn) die("Failed to connect to database!");
    $status = mysqli_select_db($db, $conn);
    if(!$status) die("Failed to select database!");
    $ud_id=$_POST['ud_id'];
    $ud_artist=$_POST['ud_artist'];
    $ud_comments=$_POST['ud_comments'];
    $ud_video_link=$_POST['ud_video_link'];
    $ud_style=$_POST['ud_style'];
    $query="UPDATE artists SET artist='$ud_artist', comments='$ud_comments', video_link='$ud_video_link', style='$ud_style' WHERE id='$ud_id'";
    mysqli_query($query);
    echo "Record Updated - Refresh Page";
    mysqli_close();

    ?>
  2. #2
  3. Lazy Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    16,329
    Rep Power
    9645
    The mysql_* functions have been removed because they were old and not that good. You're using mysqli functions in that second page - use those in the first file too. It's fairly straight-forward to convert to it.

    For future reference, next time you have a problem with something working, you need to describe what is happening and include any error messages you may be seeing. Saying simply that something doesn't work (which you didn't even do) isn't helpful.
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2016
    Posts
    92
    Rep Power
    5
    Unfortunately, except for the mysqli_connect() statement, all of the rest of the mysqli statements in the posted code are incorrect and will need to be fixed.

    I can't seem to find any useful info on the web ...
    The information to correctly use any php statement can be found in the php.net documentation.

    Also, since magic quotes have been removed from php as well, you will need to ADD protection against sql special characters in the data from breaking the sql query syntax, which is also how sql injection is accomplished. The fool-proof way of doing this is to use prepared queries, with place-holders in the sql statements for the values and then supply the actual data values when the query is executed.
  6. #4
  7. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2016
    Location
    Lakewood, WA
    Posts
    199
    Rep Power
    17
    It's only my uneducated opinion, but if I were converting to mysqli, I would go straight to using the PDO objects and all the glory of prepared statements that go with it. It's the future!

    At least, that's what I'm doing.
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2017
    Posts
    3
    Rep Power
    0
    Thank you so much for all your replies, however, unless I am wrong there are contradictory answers.

    Requinix states that changing the msql_ to mysqli_ in the first code is all that is needed, but when I tried this nothing happens, literally nothing! Sorry if I didn't mention this in my post.

    DSmabismad says that all the statements are now incorrect and Arty Zifferelli says to switch to PDO objects and not mysqli_ at all?

    So I am left with three questions... Which code to use? How to protect against sql injection? And how to detect where the errors lie?

    Thanks.
  10. #6
  11. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2016
    Posts
    92
    Rep Power
    5
    requinix stated that it's fairly straight-forward to convert from mysql to mysqli statements and he may have only noticed that you had mysqli statements in the second piece of code, not if they were being used correctly. Converting to mysqli statements does not involve just adding an i to the function names. It involves making use of the documentation for the functions you are using so that you know what parameters the function calls take, what order the parameters are in, and that there is no mysqli equivalent to the mysql_result() statement, which would need to be converted to a fetch statement, followed by references to the resulting array elements or the use of a list() statement to populate the existing variables.

    Arty Zifferelli posted a conditional statement, that you should skip trying to convert the code to use the mysqli extension and instead use the PDO extension. The PDO extension is in fact simpler and more consistent to use then the msyqli extension, especially when using prepared queries. Using PDO would be my recommendation too.

    You are getting no result from your converted code due to php errors. You need to have php's error_reporting set to E_ALL and display_errors set to ON, preferably in the php.ini on your development system, so that php will help you by reporting and displaying all the errors that it detects.

    You also need to have error handling for all the database statements. The easiest way of adding error handling, that doesn't require adding conditional logic at each statement that can fail, is to enable exceptions for the mysqli/pdo extension. The exact method of enabling exceptions is different between the two extensions, so you would first need to decide which extension you are going to use.
    Last edited by DSmabismad; May 15th, 2017 at 07:10 AM.
  12. #7
  13. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2017
    Posts
    3
    Rep Power
    0
    Thank you DSmabismad for such a complete reply

    I guess I will have to do a bit of research into PDO extensions then.

    I'll give them a try and see if I can resolve the problems. Are there any good tutorial websites you would personally recommend?

    As a matter of interest, what would be the exceptions for PDO so I can begin to isolate the dysfunctional code?
  14. #8
  15. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2016
    Location
    Lakewood, WA
    Posts
    199
    Rep Power
    17
    When I'm working with a piece of code, I *always* have a boilerplate starting point with this:
    PHP Code:
    <?php

    ini_set
    ('display_errors'1);
    ini_set('display_startup_errors'1);
    error_reporting(E_ALL);
    In fact I leave it in and comment it out when I'm done, it's there when / if I want to re-edit the code...
  16. #9
  17. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2016
    Location
    Lakewood, WA
    Posts
    199
    Rep Power
    17
    Also, I've found this tutorial on PDO extremely useful:

    https://phpdelusions.net/pdo

IMN logo majestic logo threadwatch logo seochat tools logo