|
PHP - I Am Working On A Project From A Text Book And I Get This Error -- Deprecated: Mysql_real_escape_string():
I am working on a project at the end of a text book called Beginning PHP MySQL Development which is published by Pawprints Learning Technologies. I am developing the files in NetBeans and using WAMP server. I get this error from the process_insert.php file "Deprecated: MySQL_real_escape_string():..."
I can't copy and paste so I attached my files. Can anyone help?
Attached Files
Add Product_php.htm 1.94KB
1 downloads
index.php 1.24KB
0 downloads
add_product.php 1.33KB
0 downloads
process_insert.php 1.19KB
0 downloads
db.connect.php 185bytes
0 downloads
Similar TutorialsWould anyone have the answer to solve this error message? Deprecated: Function split() is deprecated in /includes/modules/shipping/table.php on line 57 Here is the code. Line 57 is in Bold. Preg_split is suppose to work. Tried preg_explode but that didn't work. Appreciate any help! $table_cost = preg_split("/[:,]/" , MODULE_SHIPPING_TABLE_COST); $size = sizeof($table_cost); for ($i=0, $n=$size; $i<$n; $i+=2) { if ($order_total <= $table_cost[$i]) { $shipping = $table_cost[$i+1]; break; } } This topic has been moved to PHP Regex. http://www.phpfreaks.com/forums/index.php?topic=358821.0 the mysql_real_escape_string does not add slashes when it enter my db y Code: [Select] if(isset($_POST['submitbtn'])){ //will open up the db connection require_once"../includes/connect.php"; $errors = ""; $welcometitle = mysql_real_escape_string($_POST['welcometitle']); $welcomesection = mysql_real_escape_string($_POST['welcomesection']); $infotitle = mysql_real_escape_string($_POST['infotitle']); $infosection = mysql_real_escape_string($_POST['infosection']); $videotitle = mysql_real_escape_string($_POST['videotitle']); $videosection = mysql_real_escape_string($_POST['videosection']); if(isset($welcometitle, $welcomesection) && !empty($welcometitle) && !empty($welcomesection)){ if(isset($infotitle, $infosection) && !empty($infotitle) && !empty($infosection)){ if(isset($videotitle, $videosection) && !empty($videotitle) && !empty($videosection)){ //adding them to the db //adding them to the db $query = mysql_query("UPDATE `home` SET `welcometitle`= '$welcometitle', `welcomesection`= '$welcomesection', `infotitle`='$infotitle', `infosection`= '$infosection',`videotitle`= '$videotitle',`videosection`= '$videosection'") or die(mysql_error()); header("location: http://www.website.org/control/edithome"); }else{ $errors = "Please fill in the Video Section"; } }else{ $errors = "Please fill in the Info Section"; } }else{ $errors = "Please fill in the Welcome Section"; } mysql_close();//will close the inlcude db connection } ?> I keep getting the following error: Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established With this code: <?php $level = $_POST[level]; $first = $_POST[first]; $second = $_POST[second]; $third = $_POST[third]; $fourth = $_POST[fourth]; $mysqli = new mysqli("*****", "*****", "******", "********"); if ($mysqli === false) { die("ERROR: Could not connect to database. " . mysqli_connect_error()); } $vidlink=mysql_real_escape_string($_POST[vidlink]); $title=mysql_real_escape_string($_POST[title]); $des=mysql_real_escape_string($_POST[des]); $website=mysql_real_escape_string($_POST[website]); $cat= mysql_real_escape_string($first . $second . $third . $fourth); why won't it work? Hello all, I'm attempting to secure a script to prevent against SQL Injections. But for some reason the code I'm using is not correctly escaping malicious characters. Here's a section of the code I'm using (the beginning) that first pulls the data from the database: Code: [Select] include 'include/dbconnect.php'; include 'include/funcs.php'; if (isset($_GET['gid'])) { $galleryid = cleanvar($_GET['gid']); $sql = "select * from galleries where id = $galleryid"; $result = mysql_query($sql) or die(mysql_error()); if ($row = mysql_fetch_assoc($result)) { $galleryid = $row['id']; $gallerytitle = $row['title']; the cleanvar function is located in funcs.php, and this is what it looks like: Code: [Select] function cleanvar ($var) { return stripslashes(mysql_real_escape_string($var)); } magic_quotes_gpc is on, so that is why I added stripslashes, but for some reason whenever I go to the script and attempt to inject into it with a single or double quote, I still get a syntax error, enabling me to successfully inject. Any ideas? Thanks in advance! does anyone know why I am getting the error: Deprecated: Function ereg() is deprecated on line 75 ? here is line 75 (line 3, the seond if statement): if($form_cc_type == 'visa') { if(!ereg('^4[0-9]{12}([0-9]{3})?$', $form_cc_number)) { $form_error = "Invalid number"; } } I am assuming I would get a simular error on all the ereg lines... if($form_cc_type == 'visa') { if(!ereg('^4[0-9]{12}([0-9]{3})?$', $form_cc_number)) { $form_error = "Invalid number"; } } elseif($form_cc_type == 'mastercard') { if(!ereg('^5[1-5][0-9]{14}$', $form_cc_number)) { $form_error = "Invalid number"; } } elseif($form_cc_type == 'americanexpress') { if(!ereg('^3[47][0-9]{13}$', $form_cc_number)) { $form_error = "Invalid number"; } } elseif($form_cc_type == 'diners') { if(!ereg('^3(0[0-5]|[68][0-9])[0-9]{11}$', $form_cc_number)) { $form_error = "Invalid number"; } } elseif($form_cc_type == 'discover') { if(!ereg('^6011[0-9]{12}$', $form_cc_number)) { $form_error = "Invalid number"; } } Could someone tell what's wrong here? $abc =sprintf("INSERT INTO my_db1 (username, password, firstname, company, email) VALUES ('%s', '%s', '%s', '%s', '%s'", mysql_real_escape_string($username), mysql_real_escape_string($password, mysql_real_escape_string($surname, mysql_real_escape_string($firstname, mysql_real_escape_string($company, mysql_real_escape_string($email))); $resultg = mysql_query($abc); Thanks! Im new to php and Im working on a script that I purchased. I'm getting this error when I try to setup my script. I did some research and understand that I "eregi" is old code and not being used anymore. So I tried to use preg_match but I'm stuck. If anyone can look at the code and help with some notes. I would like to understand what im doing wrong not just a fix. Deprecated: Function eregi() Code: [Select] if (eregi($file,$_SERVER["HTTP_ACCEPT_LANGUAGE"]) && !$use_lang) $use_lang = $file; This is what I get when using preg_match. preg_match() [function.preg-match]: Delimiter must not be alphanumeric or backslash Code: [Select] if (preg_match($file,$_SERVER["HTTP_ACCEPT_LANGUAGE"]) && !$use_lang) $use_lang = $file; I have configure Xampp my site is fully functional except for the error Deprecated: Function split() is deprecated in C:\Images_Database\imagesdb\htdocs\jpserver\system\frameworks\read_site_info.php on line 15 Line 15 code shown Below $sub_folders = split("/", $_SERVER["SCRIPT_NAME"]); how to split in a proper way can any one help me God Blessings Hi guys new to this site and need some help. Im using PHP 5 in easy steps by Mike McGrath, currently creating the register and login scripts for my website. Ive manged to do the register script fine, it drops new user details into the MySQL database fine, however the login script gives the following error when loggin in: Parse error: syntax error, unexpected T_VARIABLE in /hermes/bosweb25a/b109/ipg.removalspacecom/removal space.com/loginscript.php on line 15 I copied the script word-for-word, letter-for-letter, checked and re-checked. I would like to ask you guys if you see something i dont? Here is the script: Code: [Select] <?php $username = $_POST['username']; $password = $_POST['password']; $self = $_SERVER['PHP_SELF']; $referer = $_SERVER['HTTP_REFERER']; #if either form field is empty return to the log-in page if( ( !$username ) or (!$paswword ) ) { header( "Location:$referer" ); exit(); } #connect to MySQL $conn = @mysql_connect ( "removalspacecom.ipagemysql.com", "removal", "123" ) or die("Could not connect" ); #select the specified database $rs = @mysql_select_db( "removal1", $conn ) or die( "Could not select database" ) #create sql query $sql="select * from users where user_name=\"$username\" and password = password( \"$password\" )"; #execute query $rs = myslq_query( $sql, $conn ) or die( "Could not execute query" ); #get number of rows that match username and password $num = mysql_numrows( $rs ); #if there is a match the log-in is authenticated if( $num != 0 ) { $msg = "Welcome $username - your log-in was sucessfull!"; } else #or return to the log-in page { header( "location:$referer" ); exit(); } ?> <html> <head><title>Log-in Authenticated</title></head> <body> <?php echo( $msg ); ?> </body> </html> the error is coming from line 15, the sql query line? why would there be an error from the advisory book? please help me as im stuck on this one. Thanks a lot for any help i get. MOD EDIT: code tags added. This topic has been moved to PHP Regex. http://www.phpfreaks.com/forums/index.php?topic=359592.0 How to solve this error out PHP Deprecated: Function ereg_replace() is deprecated in using this code Code: [Select] $shoutcast_on_off =''; $scsuccs = ''; $listenlink = ''.$scdef.''; $scfp = fsockopen("$scip", $scport, &$errno, &$errstr, 30); if(!$scfp) { $scsuccs=1; } $page = ''; if($scsuccs!=1){ fputs($scfp,"GET /admin.cgi?pass=$scpass&mode=viewxml HTTP/1.0\r\nUser-Agent: SHOUTcast Song Status (Mozilla Compatible)\r\n\r\n"); while(!feof($scfp)) { $page .= fgets($scfp, 1000); } $loop = array("STREAMSTATUS"); $y=0; while($loop[$y]!=''){ $pageed = ereg_replace(".*<$loop[$y]>", "", $page); $scphp = strtolower($loop[$y]); $$scphp = ereg_replace("</$loop[$y]>.*", "", $pageed); $y++; } fclose($scfp); } $online1 = ''; if ($streamstatus == "1") { $online1 = '<center><img src="'.$BASEURL.'/styles/'.$theme.'/theme_images/DJ.png" border="0" height="150"></center><br> <center><a href="'.$BASEURL.':'.$scport.'/listen.pls"><img src="'.$BASEURL.'/styles/'.$theme.'/theme_images/klausom.png" width="150px" height="auto"></a></center>'; } else { $online2 = ''; $online2 = '<center><img src="'.$BASEURL.'/styles/'.$theme.'/theme_images/off.png" border="0" height="150"></center>'; } // BEGIN Plugin: shoutcast_on_off $shoutcast_on_off = $online1.$online2; // END Plugin: shoutcast_on_off eval("\$shoutcast = \"".$TSUE['TSUE_Template']->LoadTemplate('shoutcast')."\";"); return $shoutcast; Continue from mysql_num_rows() thread which was fixed. I am having a problem with my log in script. Especially with this one below. Please help me in this one. I got this " Deprecated: Function session_register() is deprecated in... " by using this code: Quote " <?php session_start(); if(!session_is_registered($uname)) { header("location: mainpage.php"); } ?> <html> <head> </head> <body> Log in Successful </body> </html> " Any suggestions please, on how to fix it? Thanks in advance. Hi, My host upgrade PHP yesterday and broke some code on my site. My developer is not avail... ERROR MSSG: Deprecated: Function session_is_registered() is deprecated in...followed by directory Here's the live of code that contains the error. if(!isset($_POST[$param_name]) && !isset($_GET[$param_name]) && session_is_registered($param_name)) Im assuming it has to do with "session_is_registered". Any ideas? thanks. Hi, I wonder if someone could help me, Just moved to a new server running PHP5 and getting the "Deprecated: Function sql_regcase() is deprecated" error, I don't want to disable the messages in php.ini, I would prefer to get the coding right. The error relates to the anti-injection function posted below:- Code: [Select] function anti_injection($sql) { // removes words that contain sql syntax $s = array("`","~","!","@","#","$","%","^","&","*","(",")","+","=","[","]",";","<",">","http","//","www"); $sql = str_replace($s, "", $sql); $sql = preg_replace(sql_regcase("/(from|truncate|expalin|select|insert|delete|where|update|empty|drop table|limit|show tables|#|\*|--|\\\\)/"),"",$sql); $sql = trim($sql); // strip whitespace $sql = strip_tags($sql); // strip HTML and PHP tags $sql = addslashes($sql); // quote string with slashes return $sql; } If anyone can help recode the snippet it would be greatly appreciated. Thanks Ian Can anyone help me with this - I don't normally do coding.
I've just moved an old site onto new hosting and I'm getting this message: Deprecated: Function ereg_replace() is deprecated
The code looks like this:
if( preg_match( '/sl/i', $sOption ) )
$sContent = addslashes( $sContent );
else
$sContent = stripslashes( $sContent );
$sContent = ereg_replace( "\r", '', $sContent );
if( preg_match( '/len/i', $sOption ) )
$sContent = checkLengthOfTxt( $sContent );
I changed it to look like this:
if( preg_match( '/sl/i', $sOption ) )
$sContent = addslashes( $sContent );
else
$sContent = stripslashes( $sContent );
$sContent = preg_replace( "\r", '', $sContent );
if( preg_match( '/len/i', $sOption ) )
$sContent = checkLengthOfTxt( $sContent );
But now get this warning message:
Warning: preg_replace() [function.preg-replace]: Empty regular expression
I didn't build the site so I don't even know what the script is trying to do - forgive my ignorance!
Can anyone help me fix this problem: Deprecated: Function session_is_registered() is deprecated in/includes/functions/sessions.php on line 81 The code is: function tep_session_is_registered($variable) { return session_is_registered($variable); } function tep_session_unregister($variable) { return session_unregister($variable); } Fairly new to PHP and would greatly appreciate any help! Fatal error: Method name must be a string in C:\xampp\htdocs\cmsv2room\model\getTimeTableClass.php on line 216 i am using setters ang getters for arrays while setting an array in a array i get this error the line in which i got the error is below $gettimetableObject->$setFacnameArray($FacnameArrayR); actually iam storing arrays in an array $FacnameArrayR is an array storing in a array with help of object(concept of setters) Hi All I have been working on a project in PHP for about three months. I have been happily working away with a WAMP server locally all that time. The problem arose today when I uploaded the project to a web server. I uploaded all the files by FTP and imported a mysql database on the new web server. When I went to view my home page I got the following error: Parse error: syntax error, unexpected T_STRING in /home/priestbr/public_html/output_fns.php on line 1 My index page references an include to a page which stores my functions: <?php error_reporting(E_ALL ^ E_NOTICE); session_start(); include('priest_br_fns.php'); The priest_br_fns.php then includes a further 3 includes as below: <?php include_once('db_fns.php'); include_once('output_fns.php'); include_once('general_fns.php'); ?> PHP seems to parse the db_fns.php page OK and fails at output_fns.php (as per the parse error msg). But here's the thing....during some investigation I deleted the contents of db_fns.php and pasted in the contents of output_fns.php and then the page got parsed OK! Anyone have any idea why it's failing? Is it something to do with how I have the includes set up? I really need all the includes working obviously for the site to run. For info my local server where the site works perfectly is set up as below: PHP 5.2.6, MySQL 5.0.51a, Apache 2.2.8 The web server is set up like this: PHP 5.2.1.14, MySQL 5.0.91, Apache 2.2.16. Thanks in advance, Craig |
|||||||