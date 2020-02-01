($db would have had no bearing on it at all, given that if $db wern’t defined in the function’s scope already, it would have thrown PHP errors left right and center. $db is already in the global space, by deduction.)
Php7 query mystery
A little off-topic, but worth pointing out at this stage:-
Now you have that problem out of the way, a suggestion.
If you are going to refactor your old code, how about doing right, instead of doing it twice?
I seriously recommend looking at PDO over mysqli, it’s more advanced, but easier to use.
Also I would insist that you look into using prepared statments where you have variables as values in your queries.
It may be tempting to make the quick-fix to “get it working”, but in the long term, this really should be done to bring your code right up to date and not fall so far behind again.
Can you expand just a little on the best approach to get started with PDO.
From memory I had problems with having to choose between using PDO classes and PDO functions or am I getting confused with Mysqli functions and PDO does not have functions, only methods?
PDO is just a class. MySQLi is the one that has functions and/or OO.
PDO is a big wrapper/abstraction layer, to avoid having to write database-engine-specific code for every database (though it doesn’t quite work that way.)
$pdo->query(); vs
if($db == 'mysql') {
$res = mysqli_query(....)
} elseif ($db == 'sqls') {
$res = sqlsrv_query(...)
} elseif
As far as getting started with PDO, i’d say its the same as getting started with your specific db engine’s functions. Start with the connection, make a query.
As far as getting started with prepared statements, which is a separate thing, essentially it’s a question of thinking like you’re breaking up your code, similar to MVC modelling or even function definitions or such; that the statement provides the structure, and waits to be given specific data to fill it with, in the form of bindings, either ahead of time, or JIT bindings during the execute function.
I will look into all that. My main problem though is that I’m not a coder and a lot of the stuff I see I have a hard time understanding. So I often give up in frustration and just stick with stuff that feels easier to me, even if it’s not perfect.
BTW, here’s something else that puzzles me in php7… in my old code, I sometimes have a bunch of queries in a row, like this for instance:
mysql_db_query("$base","UPDATE tbl_Users SET Name_col = '$name' WHERE UserID = '$uid' ");
mysql_db_query("$base","UPDATE tbl_Users SET Phone_col = '$phone' WHERE UserID = '$uid' ");
mysql_db_query("$base","UPDATE tbl_Users SET Address_col = '$address' WHERE UserID = '$uid' ");
mysql_db_query("$base","UPDATE tbl_Users SET Joined_col = '$joined' WHERE UserID = '$uid' ");
Converting that results in this:
mysqli_select_db($db, $base);
mysqli_query($db, "UPDATE tbl_Users SET Name_col = '$name' WHERE UserID = '$uid' ");
mysqli_select_db($db, $base);
mysqli_query($db, "UPDATE tbl_Users SET Phone_col = '$phone' WHERE UserID = '$uid' ");
mysqli_select_db($db, $base);
mysqli_query($db, "UPDATE tbl_Users SET Address_col = '$address' WHERE UserID = '$uid' ");
mysqli_select_db($db, $base);
mysqli_query($db, "UPDATE tbl_Users SET Joined_col = '$joined' WHERE UserID = '$uid' ");
I fail to see how this is an improvement? It adds more lines and more repetitions. One file I’ve been working on has already near doubled in size and I’m not even done with it yet.
There has to be a better way, to avoid all the repetitiveness?
By the look of it this could all be done in a single query.
There is no need to do a separate query for every field you want to update.
The code was ineficient to start with.
In PDO it would look something like:-
$sql = $db->prepare("UPDATE tbl_Users SET Name_col = ?, Phone_col = ?, Address_col = ?, Joined_col = ? WHERE UserID = ?");
$sql->execute([$name, $phone, $address, $joined, $uid]);
With the bonus of being safer from SQL injection.
Interesting. I’ll definitely have to look into prepared statements. I can see how that one works, so should be able to adopt it.
Thanks!
I really don’t know why the
mysqli_select_db() function is used there at all, let alone why it is repeated for every query.
It’s a while since I used
mysqli but I have no recolection of ever using that function.
Since all the queries deal with the same database, there is no need to repeat it, even if it is even needed at all. Not that you need all the queries anyway, as you have seen.
You would only need that function if dealing with different databases.
Download my PDO Bumpstart Database App. I wrote it specifically to help beginners get going with PDO. It will show you many basic concepts that you need to learn.
Aha! The examples I found might have been misleading then. I will test this, thank you.
Cool. I will look into that
I believe you can select the database when you first make the connection. Even if you don’t do that, once you’ve selected it in your connection, it stays connected until you need to change it. I switched to PDO as well, though, so I may be wrong.
Yes, I think that’s normal practice. I suppose you would use that function if at some point in the script you needed to change to a different one. But it’s not one I’m familiar with.
Here be Dragons.
There is a hell of a lot of examples of bad PHP coding kicking around the internet, so be careful what you look at and learn from. Though as a novice it can be difficult to distingush good from bad.
Though in this particular example, it exhibits one of the unmistakable hallmarks of bad code; repetition.
To your credit, you did spot and question the repetitive nature of the code.
So I have most of my code converted (went quicker than I had feared) but am still running into some seemingly odd behavior… for instance, this:
$base = 'dbname';
$db = mysqli_connect("localhost", "myname", "mypassword");
mysqli_select_db($db, $base);
$data1 = 'test1';
$data2 = 'test2';
$data3 = 'test3';
$data4 = 'test4';
$data5 = 'test5';
$data6 = 'test6';
$data7 = 'test7';
mysqli_query($db, "INSERT INTO tbl1 (Field1, Field2, Field3, Field4, Field5, Field6, Field7)
VALUES ('$data1', '$data2', '$data3', '$data4', '$data5', '$data6', '$data7') ");
$lineid = mysqli_insert_id();
Basically, so far, all my queries have worked so long as they were reading from the database. But when I try to update it with new data, nothing happens. When I look at my base, no new entry has appeared.
Note also that I am getting NO error message.
And $lineid comes back empty (which makes sense if no new entry has been added).
I tried removing the quotes (ie. “VALUES ($data1, $data2, etc.)”) to no avail and checked privileges for my user within MySQL (which does include INSERT and UPDATE on ‘%’), so none of that seems to be the issue…
I also checked permissions on the database files on my system, they are owned by mysql:mysql with read/write access allowed for both owner and group. I also confirmed that my user is a member of the mysql group.
So… is there something else I forgot to check? :o
Oh and I should add that this is part of my main code, I mean by that that it’s NOT inside a function this time.
PS. I just tried an UPDATE statement on an existing field within that same table, and THAT query worked as expected. So it’s just the INSERT that, for some reason, doesn’t seem to work.
You have to explicit set mysql error reporting:
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
Are the column names all correct, and all able to store strings? Are there other columns in the table that are not provided in your INSERT query but are required values? If you try it from phpmyadmin does it work with these values? What does your
mysqli_query() call return?
This appears to be incorrect syntax according to the doc, I don’t use mysqli myself so had to check:
$lineid = mysqli_insert_id();
THANK YOU!
I had been using
error_reporting(E_ALL); ini_set('display_errors', 1); for years but it looks like that only reported php errors, while the command above also reports MySQL errors. This revealed that one of my fields (which I was not using in my query) did not have a default value set for it (guess I missed that one when I set up the table).
It looks like php7 is a lot more demanding than previous versions, since something like this did not break the code previously. On the plus side, it should help clean up my code quite a bit.
Good catch! Another difference with the old mysql syntax. Thanks
I can highly recommend you use an IDE like PhpStorm. It will highlight stuff that is incorrect and tell you what’s wrong. For
mysqli_insert_id() it shows me this:
