8

I was using PHP 5.4 in Godaddy Hosting. I have one PHP script which was working fine in it. Now I have changed Hosting and New Hosting company Provide PHP 5.6. I do not PHP coding. I am getting error in my script as below

Deprecated: mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in /home4/z4g9f1v6/public_html/mydomain.com/folder/config.php on line 7

My Configure file is like below 

$mysql_hostname = "localhost";
$mysql_user = "dbuser";
$mysql_password = "dbpass";
$mysql_database = "dbname";
$bd = mysql_connect($mysql_hostname, $mysql_user, $mysql_password) or die("Could not connect database");
mysql_select_db($mysql_database, $bd) or die("Could not select database");

and I am using it in my Search.php like below

include("config.php");
if($_SERVER["REQUEST_METHOD"] == "POST")
{
mysql_query('SET character_set_results=utf8');
mysql_query('SET names=utf8');
mysql_query('SET character_set_client=utf8');
mysql_query('SET character_set_connection=utf8');
mysql_query('SET character_set_results=utf8');
mysql_query('SET collation_connection=utf8_general_ci');
$q=$_POST['q'];
$q=mysql_escape_string($q);
$q_fix=str_replace(" ","%",$q); // Space replacing with %
$sql=mysql_query("SELECT qu_text FROM quotes WHERE qu_text LIKE '%$q%'");
}while($row=mysql_fetch_array($sql)){$title=$row['qu_text'];

Please help me. How can I solve the issue ?

Thanks

Priya
  • 143
  • 1
  • 1
  • 7
  • The end of the warning tells you how to fix it. `use mysqli or PDO`. You also are open to SQL injections with this. Use parameterized queries once updated. – chris85 Nov 27 '16 at 03:19

2 Answers2

9

For Myqli connection

$mysql_hostname = "localhost";
$mysql_user = "dbuser";
$mysql_password = "dbpass";
$mysql_database = "dbname";
$bd = mysqli_connect($mysql_hostname, $mysql_user, $mysql_password,$mysql_database) or die("Could not connect database");

For Query Please follow this answer How can I prevent SQL injection in PHP? it's really nice.

You could use this for query

$sql=sprintf("SELECT qu_text FROM `quotes` WHERE qu_text LIKE '%s%%'"),mysqli_real_escape_string($bd,$q));

$fetch= mysqli_query($bd,$sql) or die(mysql_error());

while ($row = mysqli_fetch_array($fetch, MYSQLI_ASSOC)) {
//Your Result
}

Most of mysql_ syntax you could use with mysqli_

Community
  • 1
  • 1
DAKSH
  • 460
  • 1
  • 5
  • 22
0

As PHP is becoming a Object Oriented Scripting language, it will be better to make use of PDOs to make connections to Database and perform the operations, for this you have a give a little bit of more effort. Like making Entity Classes for each table's(each column as variable), this is the only hectic part but it will make the program more secure and more readable.

I am just giving the code for connecting to database and retrieving the dataset :

1. DBConfig.php

$dsn = 'mysql:dbname=<database-name>;host=<host-name>';
$user = '<user-name>';
$password = '<password>';

try 
{
    $conn = new PDO($dsn, $user, $password);
}
catch (PDOException $e) 
{
    echo 'Connection failed: ' . $e->getMessage();
}

2. Search.php

require_once 'DBConfig.php';   //If DBConnection is not made in same file
require_once '<name-of-entity-class>.php';

$q = (isset($_POST['q']) && !empty($_POST['q'])) ? $_POST['q'] : NULL; 

try
{
   $query = "SELECT qu_text FROM quotes WHERE qu_text LIKE :q";

   $stmt = $conn->prepare($query);

   $stmt->bindValue(':q', $q, PDO::PARAM_STR);

   $stmt->execute();

   while($row = $stmt->fetch())
   {
      $dataset[] = new <name-of-entity-class>($row);
   }

   if(!empty($dataset))
   {
      foreach ($dataset as $data)
      {   
        echo '<p>';
        echo $data->get<var-name>;
        echo '</p>';
      }
   }
   else
      echo 'empty database';
}
catch (Exception $ex) 
{
     echo 'Some error occured: ' . $e->getMessage();
}

Thanks and Regards.

Subhra Jyoti Lahiri
  • 320
  • 2
  • 15