Upgrading from mysql_ to mysqli_

Codes here !

Moderators: egami, macek, gesf

Post Reply
xkevin
New php-forum User
New php-forum User
Posts: 5
Joined: Wed Nov 22, 2017 4:42 pm

Tue Aug 14, 2018 1:35 am

I need help updating mysql_ to mysqli_ in the old program I am using.
This is the database class to connect to the database and to insert, select, delete and update.
Link here: https://pastebin.com/7SQBdNSb

USAGE:
I use this to select a row:

Code: Select all

$sql = "SELECT * FROM user
			WHERE userid = {$_SESSION['userid']}";
	$user = db::select_row($sql);
And this to select multiple rows

Code: Select all

$sql = "SELECT * FROM user";
	$users = db::select($sql);
To update:

Code: Select all

$sql = "UPDATE user SET user_name = '".($post['user_name'])."'
		WHERE userid = '{$_SESSION['userid']}' LIMIT 1";
       db::query($sql);
To insert:

Code: Select all

$sql = "INSERT INTO user( ...,..,...,..)  VALUES(..,..,..,..')";
	db::query($sql);
To delete:

Code: Select all

db::query('DELETE FROM user WHERE userid = "'.intval($_GET['id']).'" LIMIT 1');
OR

Code: Select all

$sql = "DELETE FROM user WHERE userid = "'.intval($_GET['id']).'" LIMIT 1";
	db::query($sql);


And I am using this function to clean the input data

Code: Select all

function sanitize(&$val){
	$val = trim($val);
	$val = stripslashes($val);
	$val = addslashes($val);
	return $val;
}
Sample Usage

Code: Select all

if($_POST){
		$post = $_POST;
		array_walk_recursive($post, 'sanitize');
		//insert query
		
		}
I know mysql is now depecrated. How can I change mysql_ to mysqli_ using procedural approach? Thank you for any help.

chorn
php-forum Fan User
php-forum Fan User
Posts: 560
Joined: Fri Apr 01, 2016 2:18 am

Tue Aug 14, 2018 3:25 am

Lookup every use of any mysql_* function, read the documentation at php.net to the according mysqli_* function, replace the old ones with the new ones, run your tests.

xkevin
New php-forum User
New php-forum User
Posts: 5
Joined: Wed Nov 22, 2017 4:42 pm

Tue Aug 14, 2018 4:13 am

chorn wrote:
Tue Aug 14, 2018 3:25 am
Lookup every use of any mysql_* function, read the documentation at php.net to the according mysqli_* function, replace the old ones with the new ones, run your tests.
Do you think I can keep all the class here? I will just change all the mysql_* function to mysqli_
Because I have a lot of pages using this class. Can you give me as well a guide or tutorial on how to do it using procedural approach?

chorn
php-forum Fan User
php-forum Fan User
Posts: 560
Joined: Fri Apr 01, 2016 2:18 am

Tue Aug 14, 2018 5:03 am

I think you can. But the class you provided doesn't seem to make use of Prepared Statements (seperating the statement from the variables to prevent SQL Injection) [just lookup those terms] - that's the major problem and implies much refactoring.

xkevin
New php-forum User
New php-forum User
Posts: 5
Joined: Wed Nov 22, 2017 4:42 pm

Tue Aug 14, 2018 6:02 am

chorn wrote:
Tue Aug 14, 2018 5:03 am
I think you can. But the class you provided doesn't seem to make use of Prepared Statements (seperating the statement from the variables to prevent SQL Injection) [just lookup those terms] - that's the major problem and implies much refactoring.
Thank you for that.
Can you give me a sample from my class that has prepared statement and with mysqli_ function?

Post Reply