homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / Databases
Forum Library, Charter, Moderators: physics

Databases Forum

mysql real escape string deprecated?

 6:06 pm on Jun 17, 2012 (gmt 0)

This is a bummer. I have a lot of references to this in my code.

The deprecation notice gives alternatives: [php.net...]

I will admit, I don't fully understand the options offered (I don't have a lot of experience with MySQL outside of coding php applications -- everything was set up on my dedicated server by cpanel/the host). Can anyone offer any tips for how I can update the server/codes to use non-deprecated functions for MySQL?



 2:52 pm on Jun 20, 2012 (gmt 0)

The simplest migration would be to switch to the MySQL improved extension [php.net]. Assuming you have that extension, you can just swap out all your mysql_* functions with mysqli_* and everything should just work. (See Example #1 on this page [us2.php.net].)

Of course, there is more to the MySQL improved extension that just an extra letter in the function names and learning more about it may improve your coding and/or the performance of your scripts. :)


 10:12 pm on Jun 20, 2012 (gmt 0)

I went through and changed a bit of my code to start using mysqli_*
However, this finnicky bit won't go away:

This works (currently):
return mysql_fetch_assoc($db_query);

Changing to:
return mysqli_fetch_assoc($db_query);

PHP Warning: mysqli_fetch_assoc() expects parameter 1 to be mysqli_result, null given in /*/database.php on line 103
PHP Warning: mysqli_query() expects parameter 1 to be mysqli, null given in /*/database.php on line 48

Line 48:
$result = mysqli_query($$link, $query);

Line 103:
return mysqli_fetch_assoc($db_query);

Any tips on what I'm doing wrong?


 2:09 pm on Jun 21, 2012 (gmt 0)

Does the double $$ in your mysqli_query exist in your actual code?

If so, I'm thinking that's a typo and not an intentional use of variable variables [php.net].


 5:57 pm on Jun 22, 2012 (gmt 0)

Yes it does:
function tep_db_connect($server = DB_SERVER, $username = DB_SERVER_USERNAME, $password = DB_SERVER_PASSWORD, $database = DB_DATABASE, $link = 'db_link') {
global $$link;

if (USE_PCONNECT == 'true') {
$$link = mysql_pconnect($server, $username, $password);
} else {
$$link = mysql_connect($server, $username, $password);

if ($$link) mysql_select_db($database);

return $$link;

I did not write this portion (it's an opensource script) so I can't be certain as to why they used the $$.
I will try to rewrite the bits without, and see if there's any success.

Update: Changing $$link to $link didn't do anything, the same errors still surface.


 9:02 pm on Jun 22, 2012 (gmt 0)

Interesting use of variable variables...

In that code, if you are using the mysqli extension, you'd want to change all of those mysql_* functions to use mysqli_* equivalents.

Otherwise, you are passing the wrong kind of connection to the later functions.


 9:26 pm on Jun 22, 2012 (gmt 0)

Already done. :)
I pasted that info out of the backup file (the original version of the script).

It looks like my connection variable isn't passing, I tried this:
if (!$connectdb) {
die('Connect Error (' . mysqli_connect_errno() . ') '
. mysqli_connect_error());

Result: Connect Error (0)

$connectdb is what the $$link variable used to be.
Adding global $connectdb right above the $result query didn't do anything.
Any ideas what I'm missing?


 9:21 am on Jul 17, 2012 (gmt 0)

I'd tried installing a mysql-based addon for the script involved; it had identical errors. Is this a common issue for mysqli - maybe error_reporting is too high?

At this point, the script seems to function fine, other than the errors (haven't tested in a live environment, though).


 8:40 pm on Jul 31, 2012 (gmt 0)

Your $$ bits were likely intentional by the original coders and plugins may rely on this code. Your MySQL wrapper seems to allow you to pass a connection handle to the connection function.

By default, your handle variable is $db_link and $link is set to 'db_link', so your connection does live at $$link. They could have done this other ways, but I see what they had going there.

It looks like you also need to change mysql_pconnect and mysql_connect to use the mysqli_ extension.

If your text editor has a search function, find all mysql_ and change them to mysqli_

As always, be sure to back everything up.


 10:48 pm on Sep 21, 2012 (gmt 0)

The connections are setup as follows:
$$link = mysqli_connect($server, $username, $password, $database);

Everything seems to work, except these errors keep showing up in error-log:
[21-Sep-2012 22:42:05 UTC] PHP Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, null given in /home/**/public_html/**/database-mysqli.php on line 138
[21-Sep-2012 22:42:08 UTC] PHP Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, null given in /home/**/public_html/**/database-mysqli.php on line 138

1 error for each click I do.

Line 138:
return mysqli_fetch_array($db_query, $type);

The full function:
function tep_db_fetch_array($db_query, $type=MYSQLI_ASSOC) {
return mysqli_fetch_array($db_query, $type);

So, I tried this and I don't appear to be getting anymore errors - is this a proper way to handle this?
function tep_db_fetch_array($db_query, $type=MYSQLI_ASSOC) {
if ($db_query){
return mysqli_fetch_array($db_query, $type);

Global Options:
 top home search open messages active posts  

Home / Forums Index / Code, Content, and Presentation / Databases
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved