-1

How do I make this older version of php work in php7? I have a mysql database that I use for posting high scores from my games that I create in Construct 2. But now it has stopped working because my host updated to php7 ( at the moment I can choose between php 7.1 - 7.3 )

I have tried for a long time, searching the web, to make it work again, but haven't been able to solve it.

I have 2 php-files: getscores.php and savescores.php

When I try to view getscores.php in a webbrowser ( Chrome ) I get an error: Fatal error: Uncaught Error: Call to undefined function mysql_query() ...And it's referring to line 18.

I'm sorry but I have almost no knowledge of php and mysql-databases

Thank you so much, in advance, if there's anyone out there who could help. :) ///Soulmachine!

getscores.php

<?php
header('Access-Control-Allow-Origin: *');

$host="localhost"; // Host name 
$username="username"; // Mysql username 
$password="password"; // Mysql password 
$db_name="database"; // Database name 
$tbl_name="scores"; // Table name

// Connect to server and select database.
$link = mysqli_connect("$host", "$username", "$password", "$db_name");

// Retrieve data from database
$sql="SELECT * FROM scores ORDER BY score DESC LIMIT 10";   // The 'LIMIT                 10' part will only read 10 scores. Feel free to change this value
$result=mysql_query($sql);

// Start looping rows in mysql database.
while($rows=mysqli_fetch_array($result)){
echo $rows['name'] . "|" . $rows['score'] . "|";

// close while loop 
}

// close MySQL connection 
mysql_close();
?>

savescores.php

<?php

$db = "database";//Your database name
$dbu = "username";//Your database username
$dbp = "password";//Your database users' password
$host = "localhost";//MySQL server - usually localhost

$dblink = mysqli_connect($host,$dbu,$dbp,$db);

if(isset($_GET['name']) && isset($_GET['score'])){

 //Lightly sanitize the GET's to prevent SQL injections and possible XSS     attacks
 $name = strip_tags(mysql_real_escape_string($_GET['name']));
 $score = strip_tags(mysql_real_escape_string($_GET['score']));

 $sql = mysqli_query($dblink, "INSERT INTO `$db`.`scores` (`id`,`name`,`score`) VALUES ('','$name','$score');");
 if($sql){

      //The query returned true - now do whatever you like here.
      echo 'Your score was saved. Congrats!';

 }else{

      //The query returned false - you might want to put some sort of error reporting here. Even logging the error to a text file is fine.
      echo 'There was a problem saving your score. Please try again later.';

 }

}else{
 echo 'Your name or score wasnt passed in the request. Make sure you add ?    name=NAME_HERE&score=1337 to the tags.';
}

mysqli_close($dblink);//Close off the MySQL connection to save resources.
?>
Soulmachine
  • 9
  • 1
  • **WARNING**: When using `mysqli` you should be using [parameterized queries](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add user data to your query. **DO NOT** use string interpolation or concatenation to accomplish this because you have created a severe [SQL injection bug](http://bobby-tables.com/). **NEVER** put `$_POST`, `$_GET` or **any** user data directly into a query, it can be very harmful if someone seeks to exploit your mistake. – tadman Jan 20 '19 at 20:23
  • Note: The object-oriented interface to `mysqli` is significantly less verbose, making code easier to read and audit, and is not easily confused with the obsolete `mysql_query` interface. Before you get too invested in the procedural style it’s worth switching over. Example: `$db = new mysqli(…)` and `$db->prepare("…")` The procedural interface is an artifact from the PHP 4 era when `mysqli` API was introduced and should not be used in new code. – tadman Jan 20 '19 at 20:23
  • Refer to the PHP docs [mysql_query](http://php.net/manual/en/function.mysql-query.php) :: mysql_query has been removed from PHP 7.0 – Barns Jan 20 '19 at 20:24
  • Note that "lightly sanitizing" is not a best practice. Instead escape on display for the context you're displaying in. Calling `strip_tags` can mangle legitimate input and annoy users. It also doesn't really protect you. – tadman Jan 20 '19 at 20:24

1 Answers1

0

Replace mysql_query and mysql_close with mysqli_query and mysqli_close respectively.

<?php
header('Access-Control-Allow-Origin: *');

$host="localhost"; // Host name 
$username="username"; // Mysql username 
$password="password"; // Mysql password 
$db_name="database"; // Database name 
$tbl_name="scores"; // Table name

// Connect to server and select database.
$link = mysqli_connect("$host", "$username", "$password", "$db_name");

// Retrieve data from database
$sql="SELECT * FROM scores ORDER BY score DESC LIMIT 10";   // The 'LIMIT                 10' part will only read 10 scores. Feel free to change this value
$result=mysqli_query($link, $sql);

// Start looping rows in mysql database.
while($rows=mysqli_fetch_array($result)){
echo $rows['name'] . "|" . $rows['score'] . "|";

// close while loop 
}

// close MySQL connection 
mysqli_close($link);
?>

This should work.

Valerian Pereira
  • 725
  • 1
  • 6
  • 16