Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 1 of 2 12 LastLast
Results 1 to 15 of 19
  1. #1
    Regular Coder
    Join Date
    Nov 2011
    Location
    Preston, UK
    Posts
    131
    Thanks
    36
    Thanked 0 Times in 0 Posts

    Code problem after changing from mysql to mysqli

    On advice, I am changing all my mysql scripts to mysqli.
    I have had quite a bit of success, but I am stuck on one particular script.

    I have changed a script from mysql to mysqli and it doesn't work.

    I have isolated the problem down to this snippet of script:
    PHP Code:
        function clean($str) {
            
    $str = @trim($str);
            if(
    get_magic_quotes_gpc()) {
                
    $str stripslashes($str);
            }
            return 
    mysqli_real_escape_string($link$str);
        }
        
    $fname clean($_GET['fname']);
        
    $surname clean($_GET['surname']);    
        
    $country clean($_GET['country']);    
        
    $email clean($_GET['email']); 
    If I take this out altogether the script works fine.

    The only line that I have changed during the update is:
    PHP Code:
    return mysqli_real_escape_string($link$str);

    //Changed from

    return mysql_real_escape_string($str); 
    Can anybody advise me what I should do.

    Thanks,
    The MAN, The MYTH, The LEGEND:
    John C
    ________________________________
    Support your local Country Music Club

  • #2
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    $link isn't available to the scope of the function clean(). You'll need to pass the link into the function to use it.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #3
    Regular Coder
    Join Date
    Nov 2011
    Location
    Preston, UK
    Posts
    131
    Thanks
    36
    Thanked 0 Times in 0 Posts
    Hi Fou-Lu

    Thanks for your reply.
    However, I don't know what you mean.

    I have modified the script to:
    PHP Code:
    function clean($str) {
            
    $str = @trim($str);
            if(
    get_magic_quotes_gpc()) {
                
    $str stripslashes($str);
            }
            return 
    mysqli_real_escape_string($str);
        }
        
    clean($_GET['fname']);
        
    clean($_GET['surname']);    
        
    clean($_GET['country']);    
        
    clean($_GET['email']); 
    And it now works.

    However, I'm not sure if this does what it is supposed to do.
    To be honest, I don't really know what it is supposed to do.

    Can you advise me please.

    Thanks,
    Last edited by countrydj; 02-05-2013 at 04:28 PM.
    The MAN, The MYTH, The LEGEND:
    John C
    ________________________________
    Support your local Country Music Club

  • #4
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    That function does nothing. Since it doesn't take a reference and it doesn't reassign the result, and the function call to mysqli_real_escape_string is invalid, it simply throws a warning and keeps going. Presumably you are later fetching from $_GET directly again which is why it looks like it is working.
    Enable your error reporting
    PHP Code:
    ini_set('display_errors'1);
    error_reporting(E_ALL); 
    It will tell you that there is an error on calling mysqli_real_escape_string.

    What you want to do is:
    PHP Code:
    function clean(MySQLi $link$str)
    {
        
    $str trim($str);
        if (
    get_magic_quotes_gpc())
        {
            
    $str stripslashes($str);
        }
        return 
    mysqli_real_escape_string($link$str);
    }

    $fname clean($link$_GET['fname']); 
    Or convert to prepared statements which do not require the real_escape_string call.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #5
    Regular Coder
    Join Date
    Nov 2011
    Location
    Preston, UK
    Posts
    131
    Thanks
    36
    Thanked 0 Times in 0 Posts
    Hi Fou-Lu...

    Many thanks for helping me with this code.
    It has worked fine for me.

    I also included:
    PHP Code:
    ini_set('display_errors'1);
    error_reporting(E_ALL); 
    And it through up some interesting facts.
    Notice: Undefined variable: errflag in /home/countrymusic/countrymusic.org.uk/html/calendar/register-exec.php on line 86 Deprecated: Function eregi() is deprecated in /home/countrymusic/countrymusic.org.uk/html/calendar/register-exec.php on line 132 Notice: Undefined index: m in /home/countrymusic/countrymusic.org.uk/html/calendar/register-exec.php on line 140 Notice: Undefined variable: name in /home/countrymusic/countrymusic.org.uk/html/calendar/register-exec.php on line 174
    I'm not worried about "Notice: Undefined index:" and "Undefined variable: name in ", but it seems to me that "Function eregi() is deprecated" needs looking at.

    I will do some Googling and see what I can come up with.

    Once again, THANK YOU for all your help.
    The MAN, The MYTH, The LEGEND:
    John C
    ________________________________
    Support your local Country Music Club

  • #6
    Senior Coder Dormilich's Avatar
    Join Date
    Jan 2010
    Location
    Behind the Wall
    Posts
    3,248
    Thanks
    12
    Thanked 340 Times in 336 Posts
    Quote Originally Posted by countrydj View Post
    but it seems to me that "Function eregi() is deprecated" needs looking at.
    the ereg* functions are now replaced by the preg* functions, though bear in mind that they differ slightly in use (refer to the Manual for that).

    Quote Originally Posted by countrydj View Post
    I'm not worried about "Notice: Undefined index:" and "Undefined variable: name in "
    why are you not worried about that? it indicates a problem somewhere (no data availability check in this case) that may somewhen bite back at you.
    The computer is always right. The computer is always right. The computer is always right. Take it from someone who has programmed for over ten years: not once has the computational mechanism of the machine malfunctioned.
    André Behrens, NY Times Software Developer

  • #7
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,311
    Thanks
    58
    Thanked 525 Times in 512 Posts
    Blog Entries
    5
    Quote Originally Posted by Dormilich View Post
    why are you not worried about that? it indicates a problem somewhere (no data availability check in this case) that may somewhen bite back at you.
    Indeed. Error reporting should be turned on permanently so that nothing is being hidden. I don't know about anyone else but I don't feel happy with even mild warning messages - I have to solve everything before I'm happy with it.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #8
    Senior Coder
    Join Date
    Nov 2010
    Posts
    1,380
    Thanks
    263
    Thanked 32 Times in 31 Posts
    I just added my include for my connection to my functions and then added the link parameter to the function statement.

  • #9
    Regular Coder
    Join Date
    Nov 2011
    Location
    Preston, UK
    Posts
    131
    Thanks
    36
    Thanked 0 Times in 0 Posts
    Hi Guys...
    Thanks very much for your help.

    First of all can I explain that I didn't write this script.
    I bought the script, called Broadfast. It is a mass email script and has a registration element to it.
    The terms of the author is that the script can be used as many times as required, by me, and can be modified accordingly.

    the ereg* functions are now replaced by the preg* functions
    Thank you for your advice.
    However, I did google it and found the solution.
    I'm not worried about "Notice: Undefined index:" and "Undefined variable: name in "
    The reason that I'm not worried about these is that the script is a double opt-in script.
    'm' is generated by the script and emailed to the subscriber for confirmation. The second part of the double opt-in.
    'name' was already in the script and I hadn't removed it. I have now removed that part of the script.
    My error reporting now reads:
    Code:
    Notice: Undefined variable: errflag in /home/countrymusic/countrymusic.org.uk/html/calendar/register-exec.php on line 75 Notice: Undefined index: m in /home/countrymusic/countrymusic.org.uk/html/calendar/register-exec.php on line 129
    'Notice: Undefined variable: errflag' is a mystery to me. This is the offending code:
    PHP Code:
         //CHECK FOR DUPLICATE EMAIL ADDRESS

    if($email != '') {
            
    $qry "SELECT * FROM bf_users WHERE email='$email'";
            
    $result mysqli_query($link$qry);
            if(
    $result) {
                if(
    mysqli_num_rows($result) > 0) {

                    
    $errflag true;
                }
                @
    mysqli_free_result($result);
            }
            else {
                die(
    "Query failed");
            }
        }
        

        if(
    $errflag) {

        
    //IF THE EMAIL ADDRESS IS A DUPLICATE 
    It looks to me that $errflag is set to true, as in code above.

    This part of the script certainly works.
    It is designed to check for a duplicate email address and if one exists the email count is increased by 1. This is the code:
    PHP Code:
        //IF THE EMAIL ADDRESS IS A DUPLICATE

    $query "select emailcount from bf_users where email = '$email'";
    $result mysqli_query($link$query);
    $row mysqli_fetch_row($result);
    if(
    $row)
    {
        
    $emailcount $row[0];
        
    $emailcount++;  // ADD ONE TO THE $emailcount

        
    $result mysqli_query($link$query);  



    Can you please explain why it is throwing up an error ???

    Thank you very much for your help and advise.
    The MAN, The MYTH, The LEGEND:
    John C
    ________________________________
    Support your local Country Music Club

  • #10
    Regular Coder
    Join Date
    Nov 2011
    Location
    Preston, UK
    Posts
    131
    Thanks
    36
    Thanked 0 Times in 0 Posts
    Hi tangoforce...
    Indeed. Error reporting should be turned on permanently so that nothing is being hidden.
    Do you mean by this, even when the script is in use ???
    //Please don't use this for your form processing:
    if (isset($_POST['submit']))
    //Internet explorer has a bug and does not always send the submit value.
    I don't understand this.
    I wonder if you would explain what you mean (in Noddy terms) so that I can understand it.

    Thank you very much.
    The MAN, The MYTH, The LEGEND:
    John C
    ________________________________
    Support your local Country Music Club

  • #11
    Regular Coder
    Join Date
    Nov 2011
    Location
    Preston, UK
    Posts
    131
    Thanks
    36
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by durangod View Post
    I just added my include for my connection to my functions and then added the link parameter to the function statement.
    I'm sorry, but I don't understand this statement, or the relevance to this thread.
    Can you please explain for me.

    Thank you.
    The MAN, The MYTH, The LEGEND:
    John C
    ________________________________
    Support your local Country Music Club

  • #12
    Senior Coder Dormilich's Avatar
    Join Date
    Jan 2010
    Location
    Behind the Wall
    Posts
    3,248
    Thanks
    12
    Thanked 340 Times in 336 Posts
    Quote Originally Posted by countrydj View Post
    'Notice: Undefined variable: errflag' is a mystery to me. This is the offending code [...]
    if you return no results from the query, the condition that set $errflag is never executed and hence $errflag doesn’t exists. the easiest solution is to set $errflag to the default value (false, I guess) before that condition (either directly before the condition or at the beginning of the function) so that the default value is *changed* when the condition is met.

    Quote Originally Posted by countrydj View Post
    Hi tangoforce...

    Do you mean by this, even when the script is in use ???
    if the script works without error, what is there to report? though sensibly any reports should be routed to the responsible developer (there are some config options in PHP for that purpose)

    Quote Originally Posted by countrydj View Post
    I don't understand this.
    I wonder if you would explain what you mean (in Noddy terms) so that I can understand it.
    Internet explorer has a bug and does not always send the submit value. (important part underlined)

    welcome to the world of cross-browser issues.
    Last edited by Dormilich; 02-06-2013 at 12:14 PM.
    The computer is always right. The computer is always right. The computer is always right. Take it from someone who has programmed for over ten years: not once has the computational mechanism of the machine malfunctioned.
    André Behrens, NY Times Software Developer

  • #13
    Senior Coder
    Join Date
    Nov 2010
    Posts
    1,380
    Thanks
    263
    Thanked 32 Times in 31 Posts
    Quote Originally Posted by countrydj View Post
    I'm sorry, but I don't understand this statement, or the relevance to this thread.
    Can you please explain for me.

    Thank you.
    I was referring to one of your original posts to where Fou-Lu was explaing to you the options and way to use escape inside your functions when it comes to MySQLi requirements.

  • #14
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,311
    Thanks
    58
    Thanked 525 Times in 512 Posts
    Blog Entries
    5
    Quote Originally Posted by countrydj View Post
    Hi tangoforce...

    Do you mean by this, even when the script is in use ???

    I don't understand this.
    I wonder if you would explain what you mean (in Noddy terms) so that I can understand it.

    Thank you very much.
    It's my signature (just like you'll see under this post). If you look at the bottom, there is a link that actually explains the IE bug. Click it and learn
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #15
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    Errors, including notices, should be fixed regardless of it you are concerned of the value or not. You can end up in trouble if you attempt to use them within say, comparisons, due to PHP's datatype weak nature (false = 0 = 0.0 = '0' = '' = null = array() = declared but not instantiated member properties). This can cause unwanted behaviour.
    If something is not set, such as a checkbox (which is the only thing through $_POST that shouldn't be successful, aside from the possible IE bug of course), than you simply default the values to something so that reading doesn't cause any issues:
    PHP Code:
    $aChecked = isset($_POST['mycheckbox']) ? $_POST['mycheckbox'] : array(); 
    So long as its initialized to something, than you can treat it as if it does exist without throwing an error. Of course the default value should be that of what you can evaluate after, an empty string for a text entry (or even number if you anticipate numerical input), arrays for checkboxes, etc.

    If I were you, I'd be more concerned of undefined offsets / variables than that of deprecated eregi. As mentioned, eregi is *slightly* different than PREG, but the conversion is little more than a find and replace click for most basic patterns.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • Users who have thanked Fou-Lu for this post:

    countrydj (02-07-2013)


  •  
    Page 1 of 2 12 LastLast

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •