0

I have a lot of code for a website in php that uses deprecated mysql functions. (Sql injection protection was via real_escape_string). I am suddenly getting warnings at top of page that mysql_connect is deprecated probably because my host has upgrade their version of PHP and there is no question I have to upgrade to mysqli asap. This is no easy task as we are talking thousands of calls.

However, althoughthe site is flashing these warnings, the majority of the calls still work, i.e. you can log in and display data-driven pages. In fact I am getting warnings about just three functions, mysql_connect, mysql_numrows and dates.

Why would the database connection still work if mysql_connect supposedly is now totally deprecated? As a quick fix while I undertake the job of upgrading the whole site, can anyone suggest a substitute for mysql_numrows.

Thanks for any insights or suggestions.

user1904273
  • 4,562
  • 11
  • 45
  • 96
  • This can easily be Google'd. – Funk Forty Niner Oct 13 '15 at 00:24
  • 1
    I've already googled it. No good answers. I take it you don't have any suggestions other than check google? – user1904273 Oct 13 '15 at 00:27
  • Deprecated and removed are two different things, which is why it still works (unless the host upgraded to 7 or above) – camelCase Oct 13 '15 at 00:28
  • 1
    what are you asking about a substitute for `mysql_numrows`? You're going to have to elaborate on that and post some code. – Funk Forty Niner Oct 13 '15 at 00:28
  • oh and `mysql_` will still work, up until (and if you're on a hosted site) they change it to a PHP version that no longer supports those functions. Again; Google'able and is on the PHP.net website. If on local, then still with the PHP version you have now. *"Best way to upgrade to mysqli"* - There is no "best" way; you just do. – Funk Forty Niner Oct 13 '15 at 00:30
  • I have emailed my host to inquire if they've changed something about the warning messages. It has been deprecated for some time but my host still had older version. – user1904273 Oct 13 '15 at 00:31
  • so you want to suppress warnings probably; here http://stackoverflow.com/a/16912923/ while still using `mysql_` functions. – Funk Forty Niner Oct 13 '15 at 00:32
  • 1
    You can use `error_reporting(E_ALL & ~E_DEPRECATED);` temporarily while you are trying to upgrade to [mysqli](http://php.net/manual/en/book.mysqli.php). And the best recommendation that we can give is to study [prepared statement](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) – Logan Wayne Oct 13 '15 at 00:32
  • I should add, one other thing suddenly stopped working. Images which were displayed using a library. – user1904273 Oct 13 '15 at 00:32
  • error reporting will tell you that ^ if paths were changed etc. – Funk Forty Niner Oct 13 '15 at 00:33
  • How do I turn on error reporting? – user1904273 Oct 13 '15 at 00:33
  • Add error reporting to the top of your file(s) right after your opening PHP tag for example ` – Funk Forty Niner Oct 13 '15 at 00:34
  • Ok. Thx. I will try that. I have one file called at beginning of all the others so I can just put it there. – user1904273 Oct 13 '15 at 00:34
  • however, use error reporting inside all `.php` files, so if one file/or more (say an included file) fails, it will show you which file(s) and on which line. – Funk Forty Niner Oct 13 '15 at 00:36
  • ...and to somewhat answer your question *"a substitute for mysql_numrows"*: you can use `count()` as either an aggregate MySQL function, or as a PHP function. See https://dev.mysql.com/doc/refman/5.1/en/counting-rows.html and http://php.net/manual/en/function.count.php and using that inside a conditional statement. – Funk Forty Niner Oct 13 '15 at 00:43

1 Answers1

1

While this can be Googled, I want to explain the answer to the asker, and allow future readers to understand this question easily.

Deprecated code doesn't necessarily mean the code won't work. It indicates that it is no longer supported.

Now in theory, you can just go and put an @ in front of the function and the error won't appear. Now I recommend you NEVER DO THIS in a working environment. It exists to suppress warnings, but it still means you have security weaknesses. All php functions that express mysql_functionName() are outdated (or deprecated). To fix this, use something along the lines of mysqli_functionName() instead.

Using mysqli allows you to stay up to date. Now I see you are using procedural styling. This is allowed, but it is recommended that you use object-oriented-programming or PDO. I personally use OOP-mysqli.

Now it should be noted that it is not a seamless transition; meaning you cannot simply just add the i in mysql. Functions such as mysqli_connect() are different. mysqli_num_rows() on the other hand should handle the same by just adding the i in mysql. Check the Mysqli Documentation here for more info on the transitions.

To be more elaborate:

This are nearly the same: mysqli_num_rows()

These are different: mysqli_connect(), mysqli_real_escape_string()

This is removed mysql_result() (There is no built in equivalent in mysqli).

I hope this answer was elaborate enough for you.

EDIT:

Based on the question asked by the asker, it is not possible to combine both mysql and mysqli together. They are different calls to the database. If you call a mysqli_connect(), the variable you set it to is connected to that db call. It will only recognize mysqli. A lot of functions in mysqli such as mysqli_real_escape_string() and mysqli_query() require you to pass the connection of the original db call.

In conclusion, don't try to mix calls. It won't work and it has a lot of security issues and flaws.

It is my opinion that one should completely rewrite their code when the entire infrastructure changes, since it is safer to not risk any old code that might have been left behind in edits. This of course has a major flaw; being it means having to work super hard to rebuild. It is up to the user in this case depending on the size of the project.

Mitch Mullvain
  • 185
  • 10
  • Ok. THx. Got some good news. Host made upgrade for security reasons but it turns they have option for me to switch php version back so I have more time to do this. The specifics are very helpful. – user1904273 Oct 13 '15 at 00:43
  • One last question. Can these mysql and mysqli co-exist or do I have to change and debug everything before it will work correctly? I read somewhere they use same underlying library. – user1904273 Oct 13 '15 at 00:50
  • @user1904273 I went back and edited the question for you. – Mitch Mullvain Oct 13 '15 at 01:23