I upgraded codes of a php file upload and management script from PHP 5.4 to PHP 7.
It works now,

There are many functions at my functions.php file
it was giving some errors like;

Warning: mysqli_error() expects parameter 1 to be mysqli, null given in
Warning: mysqli_fetch_assoc expects parameter 1 to be mysqli, null given in

for every mysqli related codes for ever function inside of functions.php file.

to solve this problem, I put include('dbconnect.php'); to inside of every function {} as you can see at below sample codes.
Now script works but it is not normal because there are many include('dbconnect.php'); lines at functions.php file.

How can i solve this problem ?
Is there any simpler and better way to get rid of above errors and to put only one include('dbconnect.php'); to my php file.?

Thanks,

<?php

//GET USERNAME BY USER ID
function getUser($userID){
include('dbconnect.php');
		$sqll="SELECT id,username FROM users WHERE id='".$userID."'";
		$result1=mysqli_query($link,$sqll);
		$row11=mysqli_fetch_assoc($result1);
		$processor=$row11["username"]; 
		return $processor;
}
function getExtensions(){
include('dbconnect.php');
		$processor = array();
		$sqll="SELECT * FROM extensions ORDER BY name ASC";
		$result1=mysqli_query($link,$sqll);
		while($row11=mysqli_fetch_assoc($result1)){
		$processor[]=$row11["name"]; 
		}
		return $processor;
}

function getCommentCount($fileID){
include('dbconnect.php');
		$sqll="SELECT COUNT(id) as countme FROM messages WHERE fileID='".$fileID."'";
		$result1=mysqli_query($link,$sqll);
		$row11=mysqli_fetch_assoc($result1);
		return $row11["countme"];
}

function getUploadDir($user){
include('dbconnect.php');
		$sqll="SELECT id,upload_dir FROM users WHERE id='".$user."'";
		$result1=mysqli_query($link,$sqll);
		$row11=mysqli_fetch_assoc($result1);
		return $row11["upload_dir"];
}

function send_mail($subject="Notification",$message="") {
include('dbconnect.php');
			$upload_notify_email = getSystemMail();
			$from = 'AdvancedFileManager@'.$_SERVER['HTTP_HOST'];
			$return_path = '-f '.$from ;
			mail($upload_notify_email,$subject,$message,"From: $from\nX-Mailer: PHP/ . $phpversion()");
}
..................
?>

    Unfortunately, there's no simple way of just converting old code, mainly from a security standpoint, but also because the mysql_ extension broke function 'encapsulation' by making the last database connection globally available. Yes, you can convert code to use either the mysqli or PDO extensions, but for external data being put into an sql query statement, php was (past tense) providing a (small) level of security by escaping all input data as though it was going to be treated as literal string data. The best way of handling (external) data being put into an sql query statement is to use a prepared query, with place-holders in the sql statement for the external data, then supply the data value(s) when the query is executed.

    Converting your code to use prepared queries will require rewriting the sql query statements to include place-holder(s) where the variables are at now (which will actually simplify the syntax), adding the variable(s) holding the data to an array, calling a general purpose prepared query class method to execute the query, then fetching the data that the query returns.

    If your code is only connecting to one database server, you can address the encapsulation problem by using static (singleton) methods.

    Unfortunately (a big unfortunately), the mysqli extension is NOT the best choice for writing a general purpose prepared query method that is needed to accomplish this. You would need to use the PDO extension. It takes less statements to accomplish the tasks needed.

      You could pass the MySQLi object into each function when calling it:

      function getUser($userID, $link){
              $sqll="SELECT id,username FROM users WHERE id='".$userID."'";
              $result1=mysqli_query($link,$sqll);
              $row11=mysqli_fetch_assoc($result1);
              $processor=$row11["username"]; 
              return $processor;
      }
      

      Then you'd only have to do your dbconnect include once in the main script, but you would have to edit the calls to those functions to add the new parameter.

        Thank you pbismad and NogDog,

        I dont know PDO because it seemed to me diffucult compared to mysqli, but at some day i think will need to work on it.

        Anyway, I solved this by applying NogDog's offer, it was time consuming because there were many functions, but it worked.

          ugurpc;11058179 wrote:

          it was time consuming because there were many functions, but it worked.

          That's the nature of moving from the old to a newer paradigm. There are no shortcuts. Be certain that everything you write from now on uses the more modern extension, though; you certainly don't want to make someone else do this "time consuming" work on your current code in the future ... 😉 😉

            Write a Reply...