I just took up a old project and the first thing I needed to do was to migrate from the mysql_*
extension to the mysqli_*
one. I haven't worked with PHP much before... Mosts of the new code works but in the examples below I seems to mess things up...
Old function:
function user_id_from_username($username) {
$username = sanitize($username);
return mysql_result(mysql_query("SELECT `user_id` FROM `users` WHERE `username` = '$username'"), 0, 'user_id');
}
New(none working) function:
function user_id_from_username($username) {
$username = sanitize($username);
$id = mysqli_query(connect(),"SELECT `user_id` FROM `users` WHERE `username` = '$username'");
return $id;
}
Another old one:
function login($username, $password) {
$user_id = user_id_from_username($username);
$username = sanitize($username);
$password = md5($password);
return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username' AND `password` = '$password'"), 0) ==1) ? $user_id : FALSE;
}
And the new one:
function login($username, $password) {
$user_id = user_id_from_username($username);
$username = sanitize($username);
$password = md5($password);
$check = mysqli_query(connect(),"SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username' AND `password` = '$password'");
return $check == $user_id ? TRUE : FALSE;
}
My sanitize Function:
function sanitize($data) {
return htmlentities(strip_tags(mysqli_real_escape_string(connect(), $data)));
}
Ok, so in the first function you are trying to replace
return mysql_result(mysql_query("SELECT `user_id` FROM `users` WHERE `username` = '$username'"), 0, 'user_id');
Let's first make clear what this does:
user_id
Now do this step-by-step with mysqli_
:
//specify query
$result = mysqli_query(connect(),"SELECT `user_id` FROM `users` WHERE `username` = '$username'");
//fetch result
$row = mysqli_fetch_assoc($result);
//get column
return $row['user_id'];
You don't need to specify the row as fetch_assoc
returns only one.
Now for the second function
return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username' AND `password` = '$password'"), 0) ==1) ? $user_id : FALSE;
user_id
, otherwise FALSE
Now with mysqli_
:
//specify query
$result = mysqli_query(connect(),"SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username' AND `password` = '$password'");
//fetch result
$row = mysqli_fetch_row($result);
//if first returned column is equal to 1 return $user_id
//otherwise FALSE
return ($row[0]==1) ? $user_id : FALSE;
But wait - why did I use mysqli_fetch_row
here whereas mysqli_fetch_assoc
was used above? RTM ;)
What have we learned today? Only because you can write your code as short as possible doesn't mean you should. If the original code had been split up a bit more, the transition to MySQLi should have been quite easy, as you could have easily debugged smaller parts instead of a complex expression.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.