spiros 0 Posted February 9 (edited) I tried to Enter something in a legacy Extension and I got: Warning: mysql_real_escape_string(): Access denied for user ''@'localhost' (using password: NO) Then I changed all instances to mysqli_real_escape_string And retried. At that point I got: mysqli_real_escape_string() expects exactly 2 parameters, 1 given on line 235 Here is the function: function Lookup_addLookup ($url, $name, $group) { $dbw = wfGetDB(DB_MASTER); $groupOrder = Lookup_getGroupOrder($group); $dbw->query ("INSERT INTO ".Lookup_prefix()."lookups (lu_name, lu_url, lu_group, lu_order, lu_group_order) VALUES ('".mysqli_real_escape_string($name)."', '".mysqli_real_escape_string($url)."', '".mysqli_real_escape_string($group)."', 1, $groupOrder)"); Lookup_reOrderGroups(); return true; } Edited February 9 by spiros (see edit history) Share this post Link to post Share on other sites
0 HSRobinson 0 Posted February 10 See http://php.net/manual/en/mysqli.real-escape-string.php You must add the mysqli_connect link object. Share this post Link to post Share on other sites
0 Skizzerz 18 Posted February 11 Never use the raw query() function, use the insert() wrapper instead which properly escapes everything, handles db prefixes, etc. for you. (or the select() wrapper for SELECT queries, or the update() wrapper for UPDATE queries, etc.) Share this post Link to post Share on other sites
0 spiros 0 Posted February 12 Right, thanks to both of you. How should that snippet be edited so that it is compatible with the most recent php versions? Pardon my ignorance. Share this post Link to post Share on other sites
0 Skizzerz 18 Posted February 13 It'd look like $dbw->insert( 'lookups', [ 'lu_name' => $name, 'lu_url' => $url, 'lu_group' => $group, 'lu_order' => 1, 'lu_group_order' => $groupOrder ] ); Share this post Link to post Share on other sites
0 spiros 0 Posted Wednesday at 02:22 PM (edited) Thank you so much. That gave me: Quote Notice: Use of undefined constant - assumed '' in... on line 234 Notice: Undefined variable: dbw in... on line 234 Fatal error: Call to undefined function insert() in... on line 234 Line 234 is where the snippet provided starts ($dbw - >insert...): function Lookup_addLookup ($url, $name, $group) { $dbw = wfGetDB(DB_MASTER); $dbw->insert( 'lookups', [ 'lu_name' => $name, 'lu_url' => $url, 'lu_group' => $group, 'lu_order' => 1, 'lu_group_order' => $groupOrder ] ); Lookup_reOrderGroups(); return true; } Edited Wednesday at 02:27 PM by spiros (see edit history) Share this post Link to post Share on other sites
I tried to Enter something in a legacy Extension and I got:
Warning: mysql_real_escape_string(): Access denied for user ''@'localhost' (using password: NO)Then I changed all instances to
mysqli_real_escape_stringAnd retried. At that point I got:
mysqli_real_escape_string() expects exactly 2 parameters, 1 given on line 235Here is the function:
function Lookup_addLookup ($url, $name, $group) { $dbw = wfGetDB(DB_MASTER); $groupOrder = Lookup_getGroupOrder($group); $dbw->query ("INSERT INTO ".Lookup_prefix()."lookups (lu_name, lu_url, lu_group, lu_order, lu_group_order) VALUES ('".mysqli_real_escape_string($name)."', '".mysqli_real_escape_string($url)."', '".mysqli_real_escape_string($group)."', 1, $groupOrder)"); Lookup_reOrderGroups(); return true; }
Edited by spiros (see edit history)Share this post
Link to post
Share on other sites