Why shouldn't I use mysql_* functions in PHP?
The MySQL extension:
- Is not under active development
- Is officially deprecated as of PHP 5.5 (released June 2013).
- Has been removed entirely as of PHP 7.0 (released December 2015)
- This means that as of 31 Dec 2018 it does not exist in any supported version of PHP. If you are using a version of PHP which supports it, you are using a version which doesn't get security problems fixed.
- Lacks an OO interface
- Doesn't support:
- Non-blocking, asynchronous queries
- Prepared statements or parameterized queries
- Stored procedures
- Multiple Statements
- Transactions
- The "new" password authentication method (on by default in MySQL 5.6; required in 5.7)
- Any of the new functionality in MySQL 5.1 or later
Since it is deprecated, using it makes your code less future proof.
Lack of support for prepared statements is particularly important as they provide a clearer, less error-prone method of escaping and quoting external data than manually escaping it with a separate function call.
See the comparison of SQL extensions.
Why are PHP's mysql_ functions deprecated?
The mysql extension is ancient and has been around since PHP 2.0, released 15 years ago (!!); which is a decidedly different beast than the modern PHP which tries to shed the bad practices of its past. The mysql extension is a very raw, low-level connector to MySQL which lacks many convenience features and is thereby hard to apply correctly in a secure fashion; it's therefore bad for noobs. Many developers do not understand SQL injection and the mysql API is fragile enough to make it hard to prevent it, even if you're aware of it. It is full of global state (implicit connection passing for instance), which makes it easy to write code that is hard to maintain. Since it's old, it may be unreasonably hard to maintain at the PHP core level.
The mysqli extension is a lot newer and fixes all the above problems. PDO is also rather new and fixes all those problems too, plus more.
Due to these reasons* the mysql extension will be removed sometime in the future. It did its job in its heyday, rather badly, but it did it. Time has moved on, best practices have evolved, applications have gotten more complex and require a more modern API. mysql is being retired, live with it.
Given all this, there's no reason to keep using it except for inertia.
* These are my common sense summary reasons; for the whole official story, look here: https://wiki.php.net/rfc/mysql_deprecation
Choice quotes from that document follow:
The documentation team is discussing the database security situation,
and educating users to move away from the commonly used ext/mysql
extension is part of this.
Moving away from ext/mysql is not only about security but also about
having access to all features of the MySQL database.
ext/mysql is hard to maintain code. It is not not getting new
features. Keeping it up to date for working with new versions of
libmysql or mysqlnd versions is work, we probably could spend that
time better.
MySQL Functions Do Not Work
Most hosting providers do not allow external access to the databases they include with their plans. Not only that, most of them use localhost as a database server so as to force a socket connection (so that they can even disable network connections to their DBs altogether).
To test your script and site locally you will need to download a dump of your database and create a local version of it on your own.
Other issues with your code
As mentioned in comments you are:
- You should be using the MySQL Improved Extension, instead of the old (and deprecated) MySQL extension
- You are not sanitizing data you use for your queries (use prepared statements)
- MD5 is not secure for passwords, you should be using the new
password_hash
instead
Why is it unsafe to pass a value to a PHP function to then escape it and return it back
There's nothing unsafe per se, but using prepared statements/binding values is preferred over escaping inputs explicitly. The latter is potentially unsafe for a couple reasons:
- You may forget to escape an input
- You may accidentally escape the same input twice
Can't use Database Variable in Functions PHP
With php
, you need to use global
to access a variable outside the function:
function getModelCountByManuid($manu_id){
global $db;
$sql = 'SELECT COUNT(id) as counti FROM tire_model WHERE cat_id_manufacturer = ' . $manu_id;
$result = $db->rawQuery($sql, Array(10));
}
Сall a function inside a request MySQL PHP
You can do it by creating a variable ($value
) to hold the value, then using that in your SQL statement:
$value = SumSquares($value);
$MySQL->query("INSERT INTO `your_table` (`id`, `val`) VALUES ($id, $value);");
I don't understand why this php function is not working
You defined $multy
variable outside of the function, so you need to pass it as a second parameter. So your code will be like this :
$multy = [
[
'staff' => 'ben', 'job' => 'cooking', 'salary' => 1500,
],
[
'staff' => 'cy', 'job' => 'chef', 'salary' => 2000,
],
[
'staff' => 'sylva', 'job' => 'software engineer', 'salary' => 15000,
],
];
function checkingList($name, $multy){
foreach($multy as $mult){
if($mult['staff'] === $name){
echo $mult['staff'] .', You are hired. Your job is ' . $mult['job'].' and your salary is '. $mult['salary'];
}
}
}
checkingList('cy', $multy);
// cy, You are hired. Your job is chef and your salary is 2000
Above code tested here
Related Topics
Difference Between Single-Quoted and Double-Quoted Strings in PHP
Why Does This Pdo Statement Silently Fail
Remove/Hide Woocommerce Added to Cart Message But Keep/Display Coupon Applied Message
How to Block Direct Access to My JavaScript Files
How to Convert Ereg Expressions to Preg in PHP
PHP - Failed to Open Stream: No Such File or Directory
How to Do Multilevel Menu the Correct Way With MySQL PHP
How to Get Values of Multiple Selected (Dynamic) Checkbox in PHP
How to Remove Accents from Characters in a PHP String
Mongodb Updating Fields in Nested Array
(Php, Mysql) Result Could Not Be Converted to String
How to Fix "Headers Already Sent" Error in PHP
How to Deal With MySQLi Problems - MySQLi_Fetch_Array(): Argument #1 Must Be of Type MySQLi_Result
My Routes Are Returning a 404, How to Fix Them
Get All Hrefs from String But Then Replace Via Another Method