Web lists-archives.com

Re: [PHP] Deprecated features in PHP 5.5.x




Am Montag, den 07.12.2015, 09:33 -0500 schrieb Aziz Saleh:
> mysql_ functions were removed because of insecurities (like in your code,
> you are not escaping your parameters and is very hackable). I would advise
> on using prepared queries in mysqli_ instead of raw queries:
> 
> http://php.net/manual/en/mysqli.prepare.php
> 
> On Mon, Dec 7, 2015 at 8:44 AM, Release Edl <release_editorial@xxxxxxxxxxxx>
> wrote:
> 
> > Perfect, Torsten!
> >
> > Now it works properly:
> >
> > <?php
> >
> > include("conexao.php");
> > $id = $_GET['id'];
> > $conexao = mysqli_connect($host,$user,$pass,$db);
> >
> >    if(!$conexao)
> >
> >         die("Error: " . mysqli_error());
> >
> >    mysqli_select_db($conexao,$db) or die("Error: " . mysqli_error());
> >
> > $SQL = "SELECT * FROM portfolio WHERE id='$id' ORDER BY id DESC LIMIT 1";
> >
> > $query = mysqli_query($conexao,$SQL);
> >
> > while($x = mysqli_fetch_array($query)) {
> >
> > ?>
> >
> > Thanks a lot.
> > "Torsten Rosenberger" <rosenberger@xxxxxxxxx> escreveu na mensagem
> > news:1449494131.8731.20.camel@linux-j8s5...
> >
> > Hello
> >>
> >> Am Montag, den 07.12.2015, 11:07 -0200 schrieb Release Edl:
> >>
> >>> Hi people,
> >>>
> >>> How can I use the mysqli function to substitute of mysql ?
> >>>
> >>> I need to change an old script that uses mysql.
> >>>
> >>> The script::
> >>>
> >>> <?php
> >>>
> >>> include(conexao.php");
> >>>  $id = $_GET['id'];
> >>>  $conexao = mysql_connect('host', 'user', 'pass');
> >>>
> >>>     if(!$conexao)
> >>>
> >>>          die("Error: " . mysql_error());
> >>>
> >>>     mysql_select_db($db) or die("Error: " . mysql_error());
> >>>
> >>> $SQL = "SELECT * FROM portfolio WHERE id='$id' ORDER BY id DESC LIMIT 1";
> >>>
> >>> $query = mysql_query($SQL);
> >>>
> >>> while($x = mysql_fetch_array($query)) {
> >>>
> >>> ?>
> >>>
> >>
> >> http://de.php.net/manual/en/book.mysqli.php
> >>
> >> take a look in the manual.
> >>
> >> most functions are the same but with mysqli in front.
> >>
> >> $link = mysqli_connect("127.0.0.1", "my_user", "my_password", "my_db");
> >>
> >> mysqli_select_db ( $link , $db );
> >> mysqli_query ( $link ,.....)
> >>
> >> so you have to rewrite the mysql with mysqli and add the connection to
> >> all other functions
> >>
> >>


http://de2.php.net/manual/en/mysqli.real-escape-string.php

or you use this on your normal querys





-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php