Page 1 of 1
Deprecation and when code dies for real
Posted: Thu Jan 08, 2015 11:32 am
by cecilchampenois
We made a second website server using later versions of Ubuntu (14.04.xx) and PHP (5.5.9) to make sure we could get our website up and running again with later versions of the servers, in the case that our current older server ever had a hardware failure.
Our second website was working just fine yesterday until I did an update to it. Once that was done, that killed it from working. Now, the mysql_real_escape_string() function doesn't work at all. It worked before yesterday's update.
How many of these functions wot' work? All mysql_ functions?
Re: Deprecation and when code dies for real
Posted: Thu Jan 08, 2015 1:20 pm
by requinix
The mysql extension is deprecated. It works, but you'll get warnings. Start switching to PDO or mysqli.
If it's not working then the extension probably isn't loaded. What update did you do?
Re: Deprecation and when code dies for real
Posted: Thu Jan 08, 2015 1:49 pm
by cecilchampenois
I am not sure how to determine what update I did without having recorded it at the time. I'll see if I can determine how to get the update number. This is an Ubuntu Server, 14.04.1 LTS (GNU/Linux 3.13.0-32-generic x86_64). It is PHP 5.5.9. I am not sure what update. MySQL is version 5.5.38.
Do I need to LOAD mysqli extensions and if so, how do you LOAD them? Do you mean I should alter the PHP.INI file in /etc/php5/php.ini? If so, I put in the following command into the PHP.INI file:
This file---> /etc/php5/apache2/php.ini
[text]
extension=mysqli.dll
[/text]
Re: Deprecation and when code dies for real
Posted: Thu Jan 08, 2015 2:03 pm
by Celauran
cecilchampenois wrote:I am not sure how to determine what update I did without having recorded it at the time.
You should be able to see that in your history. Barring that, you can check your apt log (/var/log/apt/)
cecilchampenois wrote:Do I need to LOAD mysqli extensions and if so, how do you LOAD them? Do you mean I should alter the PHP.INI file in /etc/php5/php.ini?
You shouldn't need to load anything, no.
Re: Deprecation and when code dies for real
Posted: Thu Jan 08, 2015 2:21 pm
by Christopher
cecilchampenois wrote:Our second website was working just fine yesterday until I did an update to it. Once that was done, that killed it from working. Now, the mysql_real_escape_string() function doesn't work at all. It worked before yesterday's update.
How many of these functions wot' work? All mysql_ functions?
PHP just deprecated these in future releases, they are not gone. You need to check to see what packages are installed. My guess is that something else is causing the problem related to the upgrade. The fact that you say the mysql_real_escape_string() function doesn't work, instead of it not being found indicates that the problem elsewhere - probably with the MySQL connection.
Re: Deprecation and when code dies for real
Posted: Thu Jan 08, 2015 2:25 pm
by Celauran
cecilchampenois wrote:If so, I put in the following command into the PHP.INI file:
This file---> /etc/php5/apache2/php.ini
[text]
extension=mysqli.dll
[/text]
That would try to load a Windows DLL file on a Linux system. For sure that won't work.
Re: Deprecation and when code dies for real
Posted: Thu Jan 08, 2015 2:46 pm
by cecilchampenois
Yeah, I wondered about that. Ha! Good one!
There is more code, of course, but I stopped copying the code at the point where it stops reflectign the values of the variables.
I also added the following line to the php.ini file:
[text]
extension=mysqli.so
[/text]
Code: Select all
<?php
include ("dbConnect.php");
$mosConfig_locale_debug = 0;
$mosConfig_locale_use_gettext = 0;
$table_name='logins';
// Define $myusername and $mypassword
print("<br/>");
print("This is the User's Name: '" . $_POST['myusername'] . "' <br/>which is picked up from the Login_page.php file.");
print("<br/>");
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
print("<br/>");
print("This is the user name: " . $myusername);
print("<br/>");
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
print("<br/>");
print("MyUserName after stripslashes(): " . $myusername);
print("<br/>");
$mypassword = stripslashes($mypassword);
// 01/08/2015 Cecil Champenois.
//$myusername = mysql_real_escape_string($myusername);
$myusername = mysqli_real_escape_string($conn, $myusername);
print("$conn");
print("<br/>");
print("MyUserName after mysqli_real_escape_string(): " . $myusername);
print("<br/>");
// mysqli_real_escape_string() does not seem to work:
// 01/08/2015 Cecil Champenois. Using mysqli_real_escape_string() function now.
//$mypassword = mysql_real_escape_string($mypassword);
$mypassword = mysqli_real_escape_string($conn, $mypassword);
print("<br/>");
print("$mypassword after mysqli_real_escape_string() function: " . $mypassword);
print("<br/>");
$sql = "SELECT client_no, access_level, logo_file, main_page, last_login, audit_year, active_client,
email_address FROM $table_name WHERE login_id='$myusername' and
login_password=aes_encrypt('$mypassword', 'fakepassword')";
print("<br/>");
print($sql);
print("<br/>");
// mysqli_query() does not seem to work:
// 01/08/2015 Cecil Champenois. Using mysqli_query() function.
//$result = mysql_query($sql);
$result = mysqli_query($conn, $sql);
Re: Deprecation and when code dies for real
Posted: Thu Jan 08, 2015 3:20 pm
by Celauran
What's the output of all this? Is the username still being lost after mysqli_real_escape_string? What are the contents of dbConnect?
Re: Deprecation and when code dies for real
Posted: Thu Jan 08, 2015 4:24 pm
by Weirdan
$conn is likely an undefined variable, so escape function returns null (and throws warnings). What's your error_reporting and display_errors configuration?