Updating to mysql to mysqli

Can’t get this to work when upgrading to mysqli

$event_name = ['event_name'];                       
$event_date = ['event_date'];
$event_time = ['event_time'];
$event_location = ['event_location'];
$event_highlights = ['event_highlights'];
$event_details = ['event_details'];                    
                       

 {
    $query = "SELECT  event_name, event_date, event_time, event_location, event_highlights, event_details FROM events WHERE ID='$eventid'";
    $result = mysql_query($query)
         or die ("Couldn't execute query.");
    $row = mysql_fetch_array($result);
    extract($row);
  }
{
$x=0;

$event_name= mysql_result($result, $x, 'event_name'); 
$event_date= mysql_result($result, $x, 'event_date');
$event_time = mysql_result($result, $x, 'event_time');
$event_location = mysql_result($result, $x, 'event_location');
$event_highlights = mysql_result($result, $x, 'event_highlights');
$event_details = mysql_result($result, $x, 'event_details');

echo "<b>$event_name</b><br />";
echo "<b>$event_date</b><br />";
echo "<b>Time:&nbsp;</b>$event_time<br />";
echo "<b>Location:</b>&nbsp;<i>$event_location</i><br />";
echo "<b>Highlights:</b>&nbsp;$event_highlights<br />";
echo "<b>Details:</b>&nbsp;$event_details<br />";

This works fine but when I update to this it does not

function mysqli_result($res,$row=0,$col=0){ 
    $numrows = mysqli_num_rows($res); 
    if ($numrows && $row <= ($numrows-1) && $row >=0){
        mysqli_data_seek($res,$row);
        $resrow = (is_numeric($col)) ? mysqli_fetch_row($res) : mysqli_fetch_assoc($res);
        if (isset($resrow[$col])){
            return $resrow[$col];
        }
    }
    return false;
}

 
     

                       
$event_name = ['event_name'];                       
$event_date = ['event_date'];
$event_time = ['event_time'];
$event_location = ['event_location'];
$event_highlights = ['event_highlights'];
$event_details = ['event_details'];                    
                       


 {

$result = @mysqli_query($conn, 'SELECT `event_name` , `event_date` , `event_time` , `event_location` , `event_highlights` , `event_details` FROM `events` WHERE ID="$eventid"');

    if (!$result) {
die('<br> Error performing query: ' . 
mysqli_error() . '<br>');



}
                       

{
$x=0;
 
$event_name= mysqli_result($result, $x, 'event_name'); 
$event_date= mysqli_result($result, $x, 'event_date');
$event_time = mysqli_result($result, $x, 'event_time');
$event_location = mysqli_result($result, $x, 'event_location');
$event_highlights = mysqli_result($result, $x, 'event_highlights');
$event_details = mysqli_result($result, $x, 'event_details');

print_r ($eventid); *****this does print the $eventid******


echo "<b>$event_name</b><br />";
echo "<b>$event_date</b><br />";
echo "<b>Time:&nbsp;</b>$event_time<br />";
echo "<b>Location:</b>&nbsp;<i>$event_location</i><br />";
echo "<b>Highlights:</b>&nbsp;$event_highlights<br />";
echo "<b>Details:</b>&nbsp;$event_details<br />";

What am I missing?

When you say it doesn’t work, what error messages do you get?

i

mysqli_query($query)

mysqli_fetch_array($result)

no error messages… just not printing anything

OK, that’s me not scrolling down all the way past the mysql bits. :zipper_mouth:

A bit of re-formatting me thinks.

OK I split the two sections of code to make it clear.

1 Like

You didn’t declare $eventid any where in your snippet. Also, appending an i after mysql_* will NOT work as most functions that mysql_* has, mysqli_* doesn’t have. DO NOT ASSUME THAT IT WILL WORK.

Also a side note, you are leaving yourself open to SQL Injections. Deliberately stuffing raw data into the SQL query WILL lead to SQL Injections.

Sorry! it’s declared at the start of the php

<?php
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);

$eventid = $_GET['event_ID']; 

include("includes/config.php");


 
// Create connection
//$conn = new mysqli
$conn = mysqli_connect("$host", "$user", "$password" , "$database");

// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

The thing that I don’t understand is if I replace $eventid with an actual number in the query it brings up the info for that query and also if I use print_r($eventid); it does show the correct #

$_GET and $_POST are Strings.

When you say

Did you put quotation marks around it in the query so it would be a String?

If you var_dump instead of print_r does it show Int?

BTW learning to use prepared statements would be a help to you.

Yes there are quotation marks around it, also var_dump does show int

That’s because the data DOES NOT exist. I’ve gone through this in multiple topics on here. I don’t think you saw it, but the reason why is because you are asking for a string, but your query only accepts int (integers). This means that the query fails. If no proper error handling is done, you will indeed receive a blank page which you are experiencing now. This brings me back to what I have said in multiple topics. “If you don’t check for proper error handling, you will give an empty blank page to your viewers.” This only happens when the requested ID exceeds the ACTUAL amount of data you ACTUALLY have in your database. So this being said, putting a string as the requested ID will result in a false query. Which means the query failed. And since you don’t have anything to tell the user that no such data exists, you get a blank page. Which is why I CANNOT say this enough. CHECK PROPERLY FOR ERRORS. This isn’t directed to you of course since you are still new. Just directed to the people who disagree with “checking properly for errors”.


Also, I cannot help notice that the 2nd snippet on the first post seems to have a starting curly brace for no reason and then it doesn’t end with one. Same with the connection checking. Random curly brace for no reason wrapped around the connection checking.

Fixed your snippet for you. Please use this snippet as it is less prone to SQL Injections. It’s also written in OOP. It also doesn’t have all those random stuff you have in your older snippet which makes no total sense at all.

<?php
define('HOST', 'localhost'); // Host
define('USERNAME', 'root'); // Username
define('PASSWORD', ''); // Password
define('DATABASE', 'test'); // Database

// Activate reporting for OOP mysqli_*
$report = new mysqli_driver();
$report->report_mode = MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT;

// OOP mysqli_* is as is.
// {host, username, password, database}
$mysqli = new mysqli(HOST, USERNAME, PASSWORD, DATABASE);

// Check to see if the database connection failed
if($mysqli->connect_errno) {

    // DO NOT DISPLAY ANY ACTUAL ERROR IN HERE!!!!!!!!!!!
    // YOU LEAVE YOURSELF OPEN TO ATTACKS IF YOU DO!!!!
    die('Something is wrong. Please check your database credentials again. If this problem persists after correcting your credentials, the database engine must be down.');

}

// Type cast the requested ID to only integer. If the requested ID is a string, it'll automatically be turned into the integer 0
$eventid = (int) $_GET['event_ID'];

$sql = "SELECT event_name, event_date, event_time, event_location, event_highlights, event_details FROM events WHERE ID = ? LIMIT 1"; // Your query string
$prepare = $mysqli->prepare($sql); // Prepare your query string
$prepare->bind_param('i', $eventid); // Bind the placeholder with its appropriate variable
$prepare->execute(); // Execute the prepared statement
$prepare->store_result(); // Store the result for later checking

/*

DATA TYPES ARE AS IS

i = integer (only numbers)
s = string (can be anything wild from letters to numbers)
b = blob (never used it before so I can't tell)
d = double (just the same as integers, but allows half numbers such as numbers with decimals)

*/

// Use num_rows to check if the results return anything.
if($prepare->num_rows) {

    // If num_rows return anything, it automatically goes in here. Comparing it like the below is REDUNDANT and has no purpose.




    // num_rows > 0 | num_rows < 1 | num_rows = 0 (incorrect anyways) | num_rows = 1 (incorrect anyways) | num_rows == 0 | num_rows == 1 | num_rows === 0 (no idea why people do this) | num_rows === 1 (still have no clue why people do this) | num_rows >= 0 | num_rows >= 1 | num_rows <= 0 | num_rows <= 1



    // THE ABOVE num_rows COMPARISON HAVE ABSOLUTLY NO REASON TO EXIST. DO NOT USE THESE!!!!!!!!!!!!!!!!!!!!!!!!
    // PHP automatically does this for you. If the result exists or the query returns true, it will AUTOMATICALLY go into this statement.
    // Why would you compare it if PHP does this already?

    // Bind the columns to the variables you want to use.
    $prepare->bind_result($event_name, $event_date, $event_time, $event_location, $event_highlights, $event_details);

    // Create a while loop
    while($prepare->fetch()) {

        // print_r ($eventid);

        // This is where your final results go in. You can put HTML in here as well if you want.

        print('<b>' . $event_name . '</b><br />');
        print('<b>' . $event_date . '</b><br />');
        print('<b>Time:&nbsp;</b>' . $event_time . '<br />');
        print('<b>Location:</b>&nbsp;<i>' . $event_location . '</i><br />');
        print('<b>Highlights:</b>&nbsp;' . $event_highlights . '<br />');
        print('<b>Details:</b>&nbsp;' . $event_details . '<br />');

    }

} else {

    // The data does not exist. Give them a custom error.
    print('Sorry, but the data does not exist.');

}

Your code is rather mutual exclusive.

Given you set the error mode to exceptions, it makes no sense to write whatever connect_errno and die - they simply will be never executed.
On a side note, die should be never used for error reporting as it causes PHP to return a 200 HTTP response code which is quite misleading: in case of error, obviously a 5xx response code should be returned.

Also, remember that you’re not the sole user of your site. Remember that you are talking to a site visitor, not yourself. And telling them to check their database credentials is rather confusing.

Thanks so much!

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.