-3

So this problem is apparently related to the mysql server version. This php function:

mysql_query("INSERT INTO `x_servers_pay`(`service_type`, `ip`, `time_created`, `amount`, `currency`,`receiver_email`) VALUES ('boost','".mysql_real_escape_string($ip)."','".time()."','".$price_boost."','".$currency_boost."','".$receiver_email."')");

works perfectly on mysql 5.5.49 and 5.5.41 but doesn't seem to work with mysql server 5.7. There is another simplier function which is also INSERT which works but that particular one does not and I completely ran out of ideas why.

I couldn't find any error logs in php-fpm log folder or nginx log folder.

Can anyone make a suggestion?

Maxim K. Magnes
  • 7
  • 5
  • 2
    mind removing the caps from your title? it's called "shouting" and nobody likes getting shouted at; do you? there you go ;-) Edit: thank you ;-) – Funk Forty Niner Jan 23 '17 at 20:07
  • 2
    your server might no longer be supporting the mysql_ api – Funk Forty Niner Jan 23 '17 at 20:08
  • 1
    Did you check for `mysql_error()`? And I'd really recommend you switch to [PDO](https://secure.php.net/manual/en/pdo.prepared-statements.php) or [mysqli](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). You are wide open for SQL injection, and mysql_* functions are removed in PHP7 and deprecated in previous versions. – aynber Jan 23 '17 at 20:09
  • what does http://php.net/manual/en/function.error-reporting.php throw back? and `mysql_error()` on the query? – Funk Forty Niner Jan 23 '17 at 20:10
  • "works perfectly" is subjective here. That looks like some seriously problematic code. As others have pointed out, but to reiterate because it's important, **please**, stop using `mysql_query` and move to PDO at the very least. – tadman Jan 23 '17 at 20:13
  • Sorry for caps, didn't intend to shout. – Maxim K. Magnes Jan 23 '17 at 20:15
  • Thanks guys, just realized my mistake. mysql_error() wasn't included in the string. Now it gave me: Field 'time_payed' doesn't have a default value. – Maxim K. Magnes Jan 23 '17 at 20:16
  • ah... now you need to fix that ;-) and one of those may have been an empty value. – Funk Forty Niner Jan 23 '17 at 20:17
  • that is because of this `'".time()."'` you're quoting a function and is treated as a string literal; there's an easy fix for that. – Funk Forty Niner Jan 23 '17 at 20:18
  • Thanks a lot every one! I fixed it by adding the missing columns and default zero values. – Maxim K. Magnes Jan 23 '17 at 20:22

1 Answers1

0

"Thanks guys, just realized my mistake. mysql_error() wasn't included in the string. Now it gave me: Field 'time_payed' doesn't have a default value"

That is because of this '".time()."' you're quoting a function and is treated as a string literal.

What you need to do is assign a variable to it first:

$time = time();

then using that variable in the query.

VALUES ('boost','".mysql_real_escape_string($ip)."','$time', ...

and having a default value for that column.

You should also get into using either the mysqli_ or PDO API (with a prepared statement). That mysql_ API is in deprecation and deleted as of PHP 7.

Even mysql_real_escape_string() is open to injection.

Have a read SQL injection that gets around mysql_real_escape_string()

Community
  • 1
  • 1
Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141