Wierd and Annoying error: Call to undefined function mysql_query() [duplicate]

China☆狼群 提交于 2019-11-28 13:44:53

PHP 7 has gotten rid of mysql_query() because it's problematic in a variety of ways! The API does not encourage good practices, the official line is that it's unmaintained, and NO PREPARED STATEMENTS!?! It essentially is the biggest problem in PHP that encourages bad practices leading to sql injection, and that's a major big bad situation.

However, I do work with legacy codebases, so I have to deal with the same situation as you in some cases. If you have a small codebase, just update your db connection method. If you have a large codebase, here is what I recommend:

  • Rollback your php version for this codebase to php 5.6, it will be supported for a bit more of 2016.
  • Take your time to update to PDO (you can create a wrapper around PDO to make it less verbose and still allow prepared queries).
  • Ignore mysqli. If it takes you 5 minutes to upgrade from mysql_*, you are probably doing it wrong, and leaving yourself open to sql-injection. Just go for PDO and start using prepared queries so you can sleep at night.
  • If you still want to use php 7 in more modern projects, spin up a container instance with the older php 5.6 legacy codebases on it.
Xorifelse

The answer is simple and this information has been available long before the release of PHP 7. It has been removed and they suggest to move over to mysqli or PDO. For a complete list of changes you need to know about for migration see this guide.


Your options:

  • Adjust your code to mysqli, which is quite the same just a little different. This wouldn't take long to adjust your code to.
  • Switch over to PDO, quite different but more flexible and has my preference.
  • The mysql_* have been removed, meaning they are open to be redefined. You can create wrapper functions that refer to MySqli or PDO instead.
  • Switch back to version 6 of PHP.

Why has it been removed?

  • It's not under development.
  • The mysql_* functions provide just a piece of functionality of what MySQL really has to offer. (think about transactions, prepared statements, asynchronous queries, etc)
  • People are still writing (even today) insecure code with those functions.

I'm not saying that using MySqli or PDO will magically prevent MySQL injections but at least they provide native support against those kind of attacks. The rest is up to you; the programmer, to make sure to point data where it needs to go.

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!