Hey everyone, I recently updated the PHP on my server from version 5.6 to 7.2 and everything seems to work fine in Wordpress, but one PHP file I made which is separate from my main website now does not work. It's a small file that basically connects to my database and displays a particular row. The page now is just blank..no errors displayed or anything. I tested by switching PHP back to 5.6 on the server and it begins working again. I was hoping someone could help pinpoint where the issue is here and what part of the code is causing it to work on 5.6 but no on 7.2..any help is appreciated!! <?php $regCode = $_GET['regCode']; if (!$link = mysql_connect('localhost', 'my_userhere', 'mypassword')) { echo 'Could not connect to mysql'; exit; } if (!mysql_select_db('mydatabase_here', $link)) { echo 'Could not select database'; exit; } $sql = "SELECT * from details where regCode like '%$regCode%'"; $result = mysql_query($sql, $link); if (!$result) { echo "DB Error, could not query the database\n"; echo 'MySQL Error: ' . mysql_error(); exit; } //And we display the results while($response = mysql_fetch_array( $result )) { echo "Code: " .$response['regCode']; echo "<br> "; } $anymatches = mysql_num_rows($result); if ($anymatches == 0) { echo "False"; } ?> Code (markup):
A few things: If it has anything to do with Wordpress use that database connection for the improved security Add these lines to get some debugging going on ini_set('display_errors',1); ini_set('display_startup_errors',1); error_reporting(E_ALL); PHP: Your host has probably blocked plain mysql_query calls $result = mysql_query($sql, $link); PHP: The quickest way to get back up and running is to use mysqli https://www.php.net/manual/en/mysqli.query.php Be very careful with what you do with regcode, it's a prime target for a SQL injection. If you're lucky it'll just be a kiddy hacker doing it for bragging rights and not somebody out to destroy your business. $regCode = $_GET['regCode']; PHP: While you're making changes these lines: //And we display the results while($response = mysql_fetch_array( $result )) { echo "Code: " .$response['regCode']; echo "<br> "; } $anymatches = mysql_num_rows($result); if ($anymatches == 0){ echo "False"; } PHP: might be better like this //And we display the results $anymatches = mysql_num_rows($result); if ($anymatches == 0){ echo "False"; } else { while($response = mysql_fetch_array( $result )) { echo "Code: " .$response['regCode']; echo "<br> "; } } PHP:
For simple pages you can use mysql to mysqli conversion tools: https://www.seabreezecomputers.com/mysql2mysqli/ This should work: <?php $regCode = $_GET['regCode']; if (!$link = new mysqli('localhost', 'my_userhere', 'mypassword')) { echo 'Could not connect to mysql'; exit; } if (!$link->select_db('mydatabase_here')) { echo 'Could not select database'; exit; } $sql = "SELECT * from details where regCode like '%$regCode%'"; $result = $link->query($sql); if (!$result) { echo "DB Error, could not query the database\n"; echo 'MySQL Error: ' . $link->error; exit; } //And we display the results while($response = $result ->fetch_array()) { echo "Code: " .$response['regCode']; echo "<br> "; } $anymatches = $result->num_rows; if ($anymatches == 0) { echo "False"; } ?> Code (markup): By the way, php7.1 and php7.2 are both EOL. You should use php7.3 or php7.4
Thanks for the responses everyone! I wasn't aware of the mysql to mysqli converter tools out there. I'll try the updated version and see how it does qwikad. If that doesn't work I'll add the debug code Sarah provided and see if I can at least get some errors to show up. I knew 7.1 and 7.2 were nearing EOL, but didn't realize that had already taken place. Excellent info everyone thank you so much for your help! I'll keep you posted on the results.
7.3 goes EOL in December. You might want to keep in mind compatibility with 8.0 at the same time so that when you move over to 8.0 eventually you're not having to fix things again. You should migrate over to using prepared Statements for ALL database calls, even if the data being used is internally from the site, that way you don't risk opening up a security hole if the source of some data is changed to an external source
Yep, it is. https://www.php.net/manual/en/mysqli.prepare.php At the top it has got: which shows what PHP versions that give function is supported in
Thanks for the great info SpacePhoenix and everyone else! I'll be keeping the PHP update to 8 in mind for the future. I notice when switching PHP over to 7.3 Wordpress suddenly starts throwing some errors, so I'm keeping it at 7.2 for the time being. Anyone else notice issues when switching over to PHP 7.3?
The code presented here horrifies me for one simple reason. The lack of sanitation. HELLO SCRIPT INJECTION! It's called prepare/execute, USE IT! This is what happens when you just slop old mysql code into mysqli, and a good deal of why I believe in cutting the cord and going with PDO. <?php $regCode = $_GET['regCode']; try { $db = new PDO( 'mysql:dbname=mydatabasehere;host=localhost', 'my_userhere', 'my_password' ); } catch (PDOException $e) { die('Could not connect to MySQL : ', $e->message); } $stmt = $db->prepare(' SELECT * FROM details WHERE regCode like ? '); if ($stmt->execute([ '%' . $_GET['regCode'] . '%'])) { if ($response = $stmt->fetch()) { do { echo ' Code: ', $response['regCode'], '<br>'; } while ($response = $stmt->fetch()); } else echo 'No Matches Found'; } else echo ' DB Error, could not query the database<br> MySQL Error: ', $stmt->errorInfo(); Code (markup): Might have typos as I'm drive-by posting, but that is a far more sane/rational and safe approach than just dumping $_GET into your query string, a practice we're supposed to have stopped doing SIXTEEN FREAKING YEARS AGO!!! It's more than half the reason the old mysql_ functions went away in the first damned place! Also, when possible avoid double quoted strings and string addition, it's inefficient.