Weedpacket What do you think what is wrong here?
Xxkevin
- Feb 18, 2019
- Joined Aug 14, 2018
- Edited
Weedpacket Adding mysqli_error(db::$db) removed the warnings. But the query is wrong. It says: You have an error in your SQL syntax ... right syntax to use near '?,?,?, NOW() )' at line 7
$sql = "INSERT INTO transactions_in( transact_in_date, transact_in_note, transact_in_by_user, transact_in_date_added ) VALUES (?,?,?, NOW() )"; db::query($sql,[$transact_date, $post['transact_note'], $_SESSION['user_name']]); //From this class rather inside final class db{} static function query($sql) { $result = mysqli_query(self::$db, $sql); if(!$result) trigger_error("MySQL UPDATE error: ".mysqli_error(db::$db).'<pre>'.$sql.'</pre><br>'); #if($_SESSION['access'] == 'admin') recache($sql); }Do you think it there's wrong with the prepared statement?
- Edited
Thank you for your time, helping me here.
pbismad $sql = "INSERT INTO transactions_in(
transact_in_date,
transact_in_note,
transact_in_by_user,
transact_in_date_added
)
VALUES (?,?,?,
NOW()
)";db::query($sql,[$transact_date, $post['transact_note'], $_SESSION['user_name']]);
I got an error using this code. And I mistakenly paste the wrong code here. Sorry, it should be.
db::select($sql);and I am using this class inside
final class db{}:static function select($sql, $args=false){ if($args['pager']){ $limit = self::load_pager($args['pager']); $sql .= 'LIMIT '.$limit; } $result = mysqli_query(self::$db, $sql); if(!$result) trigger_error("MySQL SELECT error: ".mysqli_error()." using ".$sql); //error 1 if(@$args['explain']==true) self::explain($sql); while ($r = mysqli_fetch_array($result,MYSQLI_ASSOC)){ //error 2 $row[] = $r; } mysqli_free_result($result); //error 3 @array_walk_recursive($row, 'de_clean_post_recursive'); return @$row; }So now my latest code:
$sql = "INSERT INTO transactions_in( transact_in_date, transact_in_note, transact_in_by_user, transact_in_date_added ) VALUES (?,?,?, NOW() )"; db::select($sql,[$transact_date, $post['transact_note'], $_SESSION['user_name']]);And got this error:
Error 1: mysqli_error() expects exactly 1 parameter, 0 given ...
Error 2: mysqli_fetch_array() expects parameter 1 to be mysqli_result, object given ...
Error 3: mysqli_free_result() expects parameter 1 to be mysqli_result, boolean given ...Thank you for the concern, I am developing the program on my local machine. So nothing to worry about the errors.
- Edited
I am on my way re-coding my old code using mysql function which is already deprecated.
I am using a class to connect on my database:<?php final class db{ static $db, $pager, $pager_vars; static function config($conf=false){ self::$db = mysqli_connect($conf['host'], $conf['username'], $conf['password']); if (!self::$db) { die("Database connection failed: " . mysqli_connect_error()); } mysqli_select_db(self::$db, $conf['database']); } }?>//This is how I use a query
<?php $sql = "INSERT INTO transactions_in( transact_in_date, transact_in_note, transact_in_by_user, transact_in_date_added ) VALUES( '{$transact_date}', '{$post['transact_note']}', '{$_SESSION['user_name']}', NOW() )"; db::query($sql); mysqli_close(); //close the connection } ?>Am I doing the right way? I used
mysqli_close();to disconnect. But I have an error: "mysqli_close() expects exactly 1 parameter, 0 given..."
What I have tried is to add the connection to my code e.g (mysqli_close(db::config($db))); but I got the same error.And is there a way I can prevent an SQL injection on my code? Like using mysqli_real_escape_string? How to do it on my code structure?
- Edited
laserlight Error, it is not connecting to the database. Do you have any guide where I can begin with this (maybe procedural approach)? I am a beginner, but I want this old program to be upgraded.
laserlight
So do you think I need to re-code it? Is there no other way to convert this to mysqli?
I tried to change all mysql to mysqli_ like this code.mysql_select_db($conf['database'], self::$db); to mysqli_select_db($conf['database'], self::$db);
- Edited
I need help converting mysql to msqli in the program I am using.
This is the database class to connect to database and to insert,select,delete and update.<?php
final class db{
static $db;static function config($conf=false){ #echo '<pre>'.print_r($conf, 1).'</pre>'; self::$db = mysql_connect($conf['host'], $conf['username'], $conf['password']); mysql_select_db($conf['database'], self::$db); } static function changedb($database){ $resp = mysql_select_db($database); return($resp); } static function select($sql, $args=false){ if($args['pager']){ $limit = self::load_pager($args['pager']); $sql .= 'LIMIT '.$limit; } $result = mysql_query($sql, self::$db); if(!$result) trigger_error("MySQL SELECT error: ".mysql_error()." using ".$sql); if(@$args['explain']==true) self::explain($sql); while ($r = mysql_fetch_array($result,MYSQL_ASSOC)){ $row[] = $r; } mysql_free_result($result); @array_walk_recursive($row, 'de_clean_post_recursive'); return @$row; } static function select_row($sql, $args=false){ $result = mysql_query($sql, self::$db); if(!$result) trigger_error("MySQL SELECT error: ".mysql_error()." using ".$sql); if(@$args['explain']==true) self::explain($sql); $row = mysql_fetch_array($result,MYSQL_ASSOC); mysql_free_result($result); @array_walk_recursive($row, 'de_clean_post_recursive'); return @$row; } static function query($sql) { $result = mysql_query($sql, self::$db); if(!$result) trigger_error("MySQL UPDATE error: ".mysql_error().'<pre>'.$sql.'</pre><br>'); #if($_SESSION['access'] == 'admin') recache($sql); } static function explain($sql){ trigger_error("SQL: ".$sql); $explain = mysql_query("EXPLAIN {$sql}", self::$db); if ($row = mysql_fetch_assoc($explain)) { foreach ($row as $key => $value) { trigger_error("$key: $value\n"); } } }}
?>USAGE:
I use this to select a row:
<?
$sql = "SELECT * FROM user
WHERE userid = {$_SESSION['userid']}";
$user = db::select_row($sql);
?>And this to select multiple rows
<?
$sql = "SELECT * FROM user";
$users = db::select($sql);
?>To update:
<?
$sql = "UPDATE user SET user_name = '".($post['user_name'])."'
WHERE userid = '{$_SESSION['userid']}' LIMIT 1";
db::query($sql);
?>To insert:
<?
$sql = "INSERT INTO user( ...,..,...,..) VALUES(..,..,..,..')";
db::query($sql);
?>To delete:
<?
db::query('DELETE FROM user WHERE userid = "'.intval($GET['id']).'" LIMIT 1');
?>
OR
<?
$sql = "DELETE FROM user WHERE userid = "'.intval($GET['id']).'" LIMIT 1";
db::query($sql);
?>I tried changing all mysql to mysqli but I can't connect to the server. Thank you for any help.