X
xkevin

  • Feb 18, 2019
  • Joined Aug 14, 2018
  • Weedpacket Adding mysqli_error(db::$db) removed the warnings. But the query is wrong. It says: You have an error in your SQL syntax ... right syntax to use near '?,?,?, NOW() )' at line 7

          $sql = "INSERT INTO transactions_in(
    		        transact_in_date,
    			transact_in_note,
    			transact_in_by_user,
    			transact_in_date_added
    			)
    			VALUES (?,?,?,
    			 NOW()
    			)";
    
     db::query($sql,[$transact_date, $post['transact_note'], $_SESSION['user_name']]);
    
    //From this class rather inside final class db{}
    static function query($sql)
    {
    
    
    	$result = mysqli_query(self::$db, $sql);
    	if(!$result) trigger_error("MySQL UPDATE error: ".mysqli_error(db::$db).'<pre>'.$sql.'</pre><br>');
    	#if($_SESSION['access'] == 'admin') recache($sql);
    }

    Do you think it there's wrong with the prepared statement?

    • Thank you for your time, helping me here.

      pbismad $sql = "INSERT INTO transactions_in(
      transact_in_date,
      transact_in_note,
      transact_in_by_user,
      transact_in_date_added
      )
      VALUES (?,?,?,
      NOW()
      )";

      db::query($sql,[$transact_date, $post['transact_note'], $_SESSION['user_name']]);

      I got an error using this code. And I mistakenly paste the wrong code here. Sorry, it should be.

        db::select($sql);

      and I am using this class inside final class db{}:

       static function select($sql, $args=false){
      	
      	if($args['pager']){
      		$limit = self::load_pager($args['pager']);
      		$sql .= 'LIMIT '.$limit;
      	}
      	
      	$result = mysqli_query(self::$db, $sql);
      	if(!$result) trigger_error("MySQL SELECT error: ".mysqli_error()." using ".$sql); //error 1 
      
      	if(@$args['explain']==true) self::explain($sql);
      	
      	while ($r = mysqli_fetch_array($result,MYSQLI_ASSOC)){  //error 2
      			$row[] = $r;
      	}
      
      	mysqli_free_result($result); //error 3
      
      	@array_walk_recursive($row, 'de_clean_post_recursive');
      	return @$row;
        }

      So now my latest code:

          $sql = "INSERT INTO transactions_in(
      			        transact_in_date,
      				transact_in_note,
      				transact_in_by_user,
      				transact_in_date_added
      				)
      				VALUES (?,?,?,
      				 NOW()
      				)";
      
           db::select($sql,[$transact_date, $post['transact_note'], $_SESSION['user_name']]);

      And got this error:
      Error 1: mysqli_error() expects exactly 1 parameter, 0 given ...
      Error 2: mysqli_fetch_array() expects parameter 1 to be mysqli_result, object given ...
      Error 3: mysqli_free_result() expects parameter 1 to be mysqli_result, boolean given ...

      Thank you for the concern, I am developing the program on my local machine. So nothing to worry about the errors.

    • I am on my way re-coding my old code using mysql function which is already deprecated.
      I am using a class to connect on my database:

      <?php
          
      final class db{
           static $db, $pager, $pager_vars;
      
      static function config($conf=false){
      
      	self::$db = mysqli_connect($conf['host'], $conf['username'], $conf['password']);
          if (!self::$db) {
              die("Database connection failed: " . mysqli_connect_error());
          }
      
          mysqli_select_db(self::$db, $conf['database']);
      
        }
      }?>

      //This is how I use a query


      <?php
           $sql = "INSERT INTO transactions_in(
      				        transact_in_date,
      					transact_in_note,
      					transact_in_by_user,
      					transact_in_date_added
      					)
      					VALUES(
      					'{$transact_date}',
      					'{$post['transact_note']}',
      					'{$_SESSION['user_name']}',
      					 NOW()
      					)";
      
        db::query($sql);
        mysqli_close(); //close the connection
      
      }
      
      ?>
      1. Am I doing the right way? I used mysqli_close(); to disconnect. But I have an error: "mysqli_close() expects exactly 1 parameter, 0 given..."
        What I have tried is to add the connection to my code e.g (mysqli_close(db::config($db))); but I got the same error.

      2. And is there a way I can prevent an SQL injection on my code? Like using mysqli_real_escape_string? How to do it on my code structure?

    • laserlight Error, it is not connecting to the database. Do you have any guide where I can begin with this (maybe procedural approach)? I am a beginner, but I want this old program to be upgraded.

      • laserlight
        So do you think I need to re-code it? Is there no other way to convert this to mysqli?
        I tried to change all mysql
        to mysqli_ like this code.

        mysql_select_db($conf['database'], self::$db); to mysqli_select_db($conf['database'], self::$db);

        • I need help converting mysql to msqli in the program I am using.
          This is the database class to connect to database and to insert,select,delete and update.

          <?php
          final class db{
          static $db;

          static function config($conf=false){
          	#echo '<pre>'.print_r($conf, 1).'</pre>';
          	self::$db = mysql_connect($conf['host'], $conf['username'], $conf['password']);
          	mysql_select_db($conf['database'], self::$db);
          }
          
          static function changedb($database){
          	$resp = mysql_select_db($database);
          	return($resp);
          }
          
          static function select($sql, $args=false){
          	
          	if($args['pager']){
          		$limit = self::load_pager($args['pager']);
          		$sql .= 'LIMIT '.$limit;
          	}
          	
          	$result = mysql_query($sql, self::$db);
          	if(!$result) trigger_error("MySQL SELECT error: ".mysql_error()." using ".$sql);
          
          	if(@$args['explain']==true) self::explain($sql);
          	
          	while ($r = mysql_fetch_array($result,MYSQL_ASSOC)){
          			$row[] = $r;
          	}
          
          
          	mysql_free_result($result);
          
          	@array_walk_recursive($row, 'de_clean_post_recursive');
          	return @$row;
          }
          
          static function select_row($sql, $args=false){
          		$result = mysql_query($sql, self::$db);
          		if(!$result) trigger_error("MySQL SELECT error: ".mysql_error()." using ".$sql);
          		
          		if(@$args['explain']==true) self::explain($sql);
          		
          		$row = mysql_fetch_array($result,MYSQL_ASSOC);			
          		mysql_free_result($result);
          
          		@array_walk_recursive($row, 'de_clean_post_recursive');					
          		return @$row;
          }
          
          static function query($sql)
          {
          	$result = mysql_query($sql, self::$db);
          	if(!$result) trigger_error("MySQL UPDATE error: ".mysql_error().'<pre>'.$sql.'</pre><br>');
          	#if($_SESSION['access'] == 'admin') recache($sql);
          }
          
          static function explain($sql){
          	
          	trigger_error("SQL: ".$sql);
          	$explain = mysql_query("EXPLAIN {$sql}", self::$db);
          	if ($row = mysql_fetch_assoc($explain)) { 
          		foreach ($row as $key => $value) { 
          			trigger_error("$key: $value\n"); 
          		}
          	} 
          
          }

          }
          ?>

          USAGE:
          I use this to select a row:
          <?
          $sql = "SELECT * FROM user
          WHERE userid = {$_SESSION['userid']}";
          $user = db::select_row($sql);
          ?>

          And this to select multiple rows
          <?
          $sql = "SELECT * FROM user";
          $users = db::select($sql);
          ?>

          To update:
          <?
          $sql = "UPDATE user SET user_name = '".($post['user_name'])."'
          WHERE userid = '{$_SESSION['userid']}' LIMIT 1";
          db::query($sql);
          ?>

          To insert:
          <?
          $sql = "INSERT INTO user( ...,..,...,..) VALUES(..,..,..,..')";
          db::query($sql);
          ?>

          To delete:
          <?
          db::query('DELETE FROM user WHERE userid = "'.intval($GET['id']).'" LIMIT 1');
          ?>
          OR
          <?
          $sql = "DELETE FROM user WHERE userid = "'.intval($
          GET['id']).'" LIMIT 1";
          db::query($sql);
          ?>

          I tried changing all mysql to mysqli but I can't connect to the server. Thank you for any help.