From old to new php

General PHP Help
#1

hi
I have an old website with a database which works ok online
now I want to test it on a lokal server
I have installed XAMPP and it is running fine
and moved a databasetabel to the local mysql
I Can not get asking the tabel from my website to work
I have:

<?php
# register_1.php;
header('Content-type: text/html; charset=utf-8'); /* HURRA DET VIRKER ! denne linie indsat allerførst :-) */
$connection=mysql_connect("localhost","nogndk_site","XXXXXXX");
if (!$connection) { echo "Could not connect to MySQL server!"; exit;}
$db=mysql_select_db("nogndk_site",$connection);
mysql_set_charset('utf8'); /* HURRA  -  og denne linie efter "select connection" :-)  */
if (!$db) { echo "Could not change into the database"; exit;}

$pnr = $_POST['protokol']; $sota1 = $_POST['sort_1']; $sota2 = $_POST['sort_2']; $sota3 = $_POST['sort_3'];
echo "<center>Register for skifteprotokol nr $pnr </center>";

$sql="SELECT Folio_Nr, Skiftedato, Sognet, Efternavn, Fornavn 
	FROM hirtzholm
	WHERE Protokol_Nr LIKE '$pnr' 
	ORDER BY $sota1, $sota2, $sota3";

$mysql_result=mysql_query($sql,$connection);
$num_rows=mysql_num_rows($mysql_result);
if  ( $num_rows == 0 ) {
echo "Sorry there is no information";
} else {
echo "<TABLE ALIGN=\"CENTER\"  BORDER=\"4\">";
echo "<TR><TH>Folio_Nr</TH><TH>Skiftedato</TH><TH>Sognet</TH><TH>Fornavn</TH><TH>Efternavn</TH></TR>";
while ($row=mysql_fetch_array($mysql_result))
{
$fol=$row["Folio_Nr"];
$dato=$row["Skiftedato"];
$sort_1=$row["Sognet"];
$sort_2=$row["Fornavn"];
$sort_3=$row["Efternavn"];
echo "<TR><TD>&nbsp;$fol&nbsp;</TD><TD>&nbsp;$dato&nbsp;</TD><TD>&nbsp;$sort_1&nbsp;</TD><TD>&nbsp;$sort_2&nbsp;</TD><TD>&nbsp;$sort_3&nbsp;</TD></TR>";
}
} 
mysql_close($connection);
?>

I know it is old - how do I get it to work on the local server
yours
erik
denmark

#2

The mysql_* functions are no longer supported in current versions of PHP; you need to learn the new process. PDO is generally considered the best approach.

#3

Hi:

Are you seeing any specific error message?

#4

So first thing, this is going to be using PDO. It’s great, easy, and easier to secure. It’s worth the time to learn, not long though.
https://www.php.net/manual/en/pdo.setup.php

First file will be the connection process, so that it can be easily used across multiple scripts. Just make sure to always declare the $dbName variable, or if the database is always the the same, simply add/ammend the code of the connection script.

Also be aware that some best practises and normal optimizations are left out, so as to make it easier to use/read/learn.

Connection file ‘mysql_pdo_conn.php’:

<?php

/**** $dbName Should be set in the page you are including this connection in. ****/

$dbInfo = [
	'username' => 'nogndk_site',
	'password' => 'XXXXXXX', // Obviously
	'host' => 'localhost',
	'port' => 3306,
];
$dbConnOptions = [ // https://www.php.net/manual/en/pdo.setattribute.php
	PDO::ATTR_EMULATE_PREPARES => false,
	PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
];

try {
	if( !isset( $dbName )){
		Throw New PDOException( '$dbName needs to be declared and set to the Database Name you wish to use.');
	}
	$dbconn = new PDO( 
			'mysql:host=' . $dbInfo['host'] . ';dbname=' . $dbName . ';charset=utf8',
			$dbInfo['username'],
			$dbInfo['password'],
			$dbConnOptions
		);
	
}catch ( PDOException $e ){
	echo 'PDO Connection Error: ' . $e->getMessage();
	exit;
}

Then your specific code will look something like:

<?php


$dbName = 'nogndk_site';

require 'mysql_pdo_conn.php';

$pnr = $_POST['protokol'];
$sota1 = $_POST['sort_1'];
$sota2 = $_POST['sort_2'];
$sota3 = $_POST['sort_3'];


try {
	$stmt = $dbconn->prepare("SELECT Folio_Nr, Skiftedato, Sognet, Efternavn, Fornavn 
		FROM hirtzholm
		WHERE Protokol_Nr LIKE ':pnr' 
		ORDER BY :sota1, :sota2, :sota3");
	$qValues = [
		':pnr' => $pnr, // Probably needs '%' . $pnr . '%', but didn't want to assume
		':sota1' => $sota1,
		':sota2' => $sota2,
		':sota3' => $sota3,
	];
	$stmt->execute( $qValues );
}catch (PDOException $e ){
	echo pathinfo($e->getFile(), PATHINFO_BASENAME)  . ' [' . $e->getLine() . ']<br>' . PHP_EOL;
	echo '<h3>Error trying to run query</h3>' . PHP_EOL;
	echo 'Message:<br>' . PHP_EOL;
	echo $e->getMessage();
	exit;
}



echo "<center>Register for skifteprotokol nr $pnr </center>"; // Obviously this needs to be updated.

if( $stmt->rowCount() > 0){ // rowCount() will not work with some other Database types like SqLite, so this is not best practise, but for readabilty

	// Obviously this HTML needs to be updated
	echo '<TABLE ALIGN="CENTER"  BORDER="4">';
	echo "<TR>
			<TH>Folio_Nr</TH>
			<TH>Skiftedato</TH>
			<TH>Sognet</TH>
			<TH>Fornavn</TH>
			<TH>Efternavn</TH>
		</TR>";


	while( $row = $stmt->fetch( PDO::FETCH_ASSOC )){
		echo '<tr>';
		foreach( ['Folio_Nr', 'Skiftedato', 'Sognet', 'Fornavn', 'Efternavn'] as $prop){
			echo '<td> ' . $row[$prop] . ' </td>';
		}
		echo '</tr>';
	
	echo '</TABLE>';
		
	}
}else{
	echo 'Sorry there is no information';
}

Cheers

#5

@GiTLEZ, your attempted solution doesn’t work. You cannot supply columns (the ORDER BY term) via prepared query place-holders and single-quotes are not used around place-holders in the query. Also, don’t unconditionally output the database statement errors onto a live web page, as this just gives hackers useful information when they intentionally trigger errors (a connection error contains the database host/ip address, the username, if you are using a password or not, and web server path information.) A connection error can be triggered by consuming too many database connections, such as when making a large number of requests to a site.

The only time you should catch a database exception in your code is if the visitor to your site can recover from the error, such as when inserting/updating duplicate or out of range values. In all other cases, just let php catch the exception, where php will then use its error related settings to control what happen with the actual error information (database statement errors will ‘automatically’ get displayed/logged the same as php errors.) You should also set the default fetch mode when you make the connection, so that you don’t need to specify it in each fetch statement.

Sponsor our Newsletter | Privacy Policy | Terms of Service