Fix: PHP v7 database connection on legacy HeadZ website

headz/README.md

+# HeadZ
+
+## Changes to make the website display on a PHP v7 configuration
+Some updates are made to make the website usable/visible on PHP version 7. I've tried to change as little as possible because I still want it to show how my code looked back then, and I don't want to spend time updating something that's (for me) completely useless:
+
+/conn.php:
+- Change mysql connection to PDO.
+- Remove mysql_real_escape_string().
+
+/filer.php, /hem.php, /matcher_info.php, /matcher.php, /medlemmar_info.php, /medlemmar.php, /nyheter_info.php, /nyheter.php:
+- Change mysql functions to PDO.

headz/conn.php

 <?php
 
 // Mysql config
-$host     = "localhost";	   //mysql host
-$database = "database_name"; //databas namn
-$username = "username";		   //database login
-$password = "password";		   //databas lösenord
+$host     = 'localhost'; //mysql host
+$database = 'database'; //databas namn
+$username = 'username'; //database login
+$password = 'password'; //databas lösenord
 
 // Main connection
-$conn = mysql_connect($host, $username, $password);
-mysql_select_db($database, $conn);
+$conn = new PDO(
+  "mysql:host=$host;dbname=$database",
+  $username,
+  $password,
+  [
+    PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
+    PDO::MYSQL_ATTR_FOUND_ROWS   => true,
+    PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8'
+  ]
+);
 
 // En funktion att användas när magic_quotes_gpc inte är satt. För att förhindra SQL-injections, eller i lidrigare fall MySQl-fel.
 function db_escape ($post)
@@ -17,7 +25,7 @@ function db_escape ($post)
      if (get_magic_quotes_gpc()) {
         $post = stripslashes($post);
      }
-     return mysql_real_escape_string($post);
+     return $post;
    }
 
    foreach ($post as $key => $val) {
@@ -32,4 +40,3 @@ function db_escape ($post)
    Se till att det inte finns några dolda tecken, typ radbyte
    eller mellanslag, efter den avslutande PHP-taggen !!!
 */
-?>

headz/filer.php

@@ -44,8 +44,10 @@ echo"<table width='100%' cellspacing='0' cellpadding='0' border='0'>
 // Define $color=1
 $color = "1";
 
-$resultat = mysql_query("SELECT * FROM legacy_headz_demos ORDER BY id DESC") or die (mysql_error());
-while($row = mysql_fetch_array($resultat)) {
+$sql = "SELECT * FROM legacy_headz_demos ORDER BY id DESC";
+$stmt = $conn->prepare($sql);
+$stmt->execute();
+while ($row = $stmt->fetch()) {
 $id = $row['id'];
 $game = $row['game'];
 $opponent = $row['opponent'];
@@ -248,8 +250,10 @@ echo"<table width='100%' cellspacing='0' cellpadding='0' border='0'>
 // Define $color=1
 $color = "1";
 
-$resultat = mysql_query("SELECT * FROM legacy_headz_configs ORDER BY id DESC") or die (mysql_error());
-while($row = mysql_fetch_array($resultat)) {
+$sql = "SELECT * FROM legacy_headz_configs ORDER BY id DESC";
+$stmt = $conn->prepare($sql);
+$stmt->execute();
+while ($row = $stmt->fetch()) {
 $id = $row['id'];
 $game = $row['game'];
 $profile = $row['profile'];

headz/hem.php

@@ -30,8 +30,11 @@ pageTracker._trackPageview();
 
 <?php
 
-$resultat = mysql_query("SELECT * FROM legacy_headz_nyheter ORDER BY id DESC LIMIT 4") or die (mysql_error());
-while($row = mysql_fetch_array($resultat)) {
+
+$sql = "SELECT * FROM legacy_headz_nyheter ORDER BY id DESC LIMIT 4";
+$stmt = $conn->prepare($sql);
+$stmt->execute();
+while ($row = $stmt->fetch()) {
 $id = $row['id'];
 $title = $row['title'];
 $profile = $row['profile'];

headz/matcher.php

@@ -49,8 +49,10 @@ echo"<table width='100%' cellspacing='0' cellpadding='0' border='0'>
 $color = "1";
 
 
-$aresultat = mysql_query("SELECT * FROM legacy_headz_matcher ORDER BY id DESC") or die (mysql_error());
-while($row = mysql_fetch_array($aresultat)) {
+$sql = "SELECT * FROM legacy_headz_matcher ORDER BY id DESC";
+$stmt = $conn->prepare($sql);
+$stmt->execute();
+while ($row = $stmt->fetch()) {
 $id = $row['id'];
 $game = $row['game'];
 $on = $row['on'];
@@ -134,8 +136,10 @@ echo"<table width='100%' cellspacing='0' cellpadding='0' border='0'>
 $color = "1";
 
 
-$bresultat = mysql_query("SELECT * FROM legacy_headz_matcher ORDER BY id DESC") or die (mysql_error());
-while($row = mysql_fetch_array($bresultat)) {
+$sql = "SELECT * FROM legacy_headz_matcher ORDER BY id DESC";
+$stmt = $conn->prepare($sql);
+$stmt->execute();
+while ($row = $stmt->fetch()) {
 $id = $row['id'];
 $game = $row['game'];
 $on = $row['on'];
@@ -221,8 +225,10 @@ echo"<table width='100%' cellspacing='0' cellpadding='0' border='0'>
 $color = "1";
 
 
-$cresultat = mysql_query("SELECT * FROM legacy_headz_matcher ORDER BY id DESC") or die (mysql_error());
-while($row = mysql_fetch_array($cresultat)) {
+$sql = "SELECT * FROM legacy_headz_matcher ORDER BY id DESC";
+$stmt = $conn->prepare($sql);
+$stmt->execute();
+while ($row = $stmt->fetch()) {
 $id = $row['id'];
 $game = $row['game'];
 $on = $row['on'];
@@ -307,8 +313,10 @@ echo"<table width='100%' cellspacing='0' cellpadding='0' border='0'>
 $color = "1";
 
 
-$dresultat = mysql_query("SELECT * FROM legacy_headz_demos ORDER BY id DESC") or die (mysql_error());
-while($row = mysql_fetch_array($dresultat)) {
+$sql = "SELECT * FROM legacy_headz_demos ORDER BY id DESC";
+$stmt = $conn->prepare($sql);
+$stmt->execute();
+while ($row = $stmt->fetch()) {
 $id = $row['id'];
 $game = $row['game'];
 $profile = $row['profile'];

headz/matcher_info.php

@@ -38,8 +38,11 @@ else
   /* Använd intval() för att undvika s.k. SQL INJECTIONS,
      dvs. att folk kan typ radera din databas... */
 }
-$resultat = mysql_query("SELECT * FROM legacy_headz_matcher WHERE id = $match LIMIT 1") or die (mysql_error());
-if($row = mysql_fetch_array($resultat)) {
+
+$sql = "SELECT * FROM legacy_headz_matcher WHERE id = $match LIMIT 1";
+$stmt = $conn->prepare($sql);
+$stmt->execute();
+if ($row = $stmt->fetch()) {
 $id = $row['id'];
 $game = $row['game'];
 $opponent = $row['opponent'];

headz/medlemmar.php

@@ -38,8 +38,10 @@ echo	"<table width='100%' cellspacing='0' cellpadding='0' border='0'>";
 echo	"<tr><td height='50' colspan='9'></td></tr>";
 echo	"<tr><td width='50%'></td><td>";
 
-$aresultat = mysql_query("SELECT id, nick FROM legacy_headz_medlem WHERE id IN ('1','2','18,','19','20','21') ORDER BY id ASC") or die (mysql_error());
-while($arow = mysql_fetch_array($aresultat)) {
+$sql = "SELECT id, nick FROM legacy_headz_medlem WHERE id IN ('1','2','18,','19','20','21') ORDER BY id ASC";
+$stmt = $conn->prepare($sql);
+$stmt->execute();
+while ($arow = $stmt->fetch()) {
 $id = $arow['id'];
 $nick = $arow['nick'];
 
@@ -123,8 +125,10 @@ echo	"</td><td width='50%'></td></tr>";
 echo	"<tr><td height='50' colspan='9'></td></tr>";
 echo	"<tr><td width='5%'></td><td>";
 
-$aresultat = mysql_query("SELECT id, nick FROM legacy_headz_medlem WHERE id IN ('22','23','24','25','26','27') ORDER BY id ASC") or die (mysql_error());
-while($arow = mysql_fetch_array($aresultat)) {
+$sql = "SELECT id, nick FROM legacy_headz_medlem WHERE id IN ('22','23','24','25','26','27') ORDER BY id ASC";
+$stmt = $conn->prepare($sql);
+$stmt->execute();
+while ($arow = $stmt->fetch()) {
 $id = $arow['id'];
 $nick = $arow['nick'];
 
@@ -215,8 +219,10 @@ echo	"<table width='100%' cellspacing='0' cellpadding='0' border='0'>";
 echo	"<tr><td height='50' colspan='9'></td></tr>";
 echo	"<tr><td width='50%'></td><td>";
 
-$bresultat = mysql_query("SELECT id, nick FROM legacy_headz_medlem WHERE id IN ('1','9','10','11,') ORDER BY id ASC") or die (mysql_error());
-while($brow = mysql_fetch_array($bresultat)) {
+$sql = "SELECT id, nick FROM legacy_headz_medlem WHERE id IN ('1','9','10','11,') ORDER BY id ASC";
+$stmt = $conn->prepare($sql);
+$stmt->execute();
+while ($brow = $stmt->fetch()) {
 $id = $brow['id'];
 $nick = $brow['nick'];
 
@@ -301,9 +307,10 @@ echo	"</td><td width='50%'></td></tr>";
 echo	"<tr><td height='50' colspan='9'></td></tr>";
 echo	"<tr><td width='5%'></td><td>";
 
-
-$bresultat = mysql_query("SELECT id, nick FROM legacy_headz_medlem WHERE id IN ('15','16','17') ORDER BY id ASC") or die (mysql_error());
-while($brow = mysql_fetch_array($bresultat)) {
+$sql = "SELECT id, nick FROM legacy_headz_medlem WHERE id IN ('15','16','17') ORDER BY id ASC";
+$stmt = $conn->prepare($sql);
+$stmt->execute();
+while ($brow = $stmt->fetch()) {
 $id = $brow['id'];
 $nick = $brow['nick'];
 
@@ -394,8 +401,10 @@ echo	"<table width='100%' cellspacing='0' cellpadding='0' border='0'>";
 echo	"<tr><td height='50' colspan='9'></td></tr>";
 echo	"<tr><td width='50%'></td><td>";
 
-$cresultat = mysql_query("SELECT id, nick FROM legacy_headz_medlem WHERE id IN ('1','9','10,') ORDER BY id ASC") or die (mysql_error());
-while($crow = mysql_fetch_array($cresultat)) {
+$sql = "SELECT id, nick FROM legacy_headz_medlem WHERE id IN ('1','9','10,') ORDER BY id ASC";
+$stmt = $conn->prepare($sql);
+$stmt->execute();
+while ($crow = $stmt->fetch()) {
 $id = $crow['id'];
 $nick = $crow['nick'];
 
@@ -576,8 +585,10 @@ echo	"<table width='100%' cellspacing='0' cellpadding='0' border='0'>";
 echo	"<tr><td height='50' colspan='9'></td></tr>";
 echo	"<tr><td width='50%'></td><td>";
 
-$dresultat = mysql_query("SELECT id, nick FROM legacy_headz_medlem WHERE id IN ('1','9','10,') ORDER BY id ASC") or die (mysql_error());
-while($drow = mysql_fetch_array($dresultat)) {
+$sql = "SELECT id, nick FROM legacy_headz_medlem WHERE id IN ('1','9','10,') ORDER BY id ASC";
+$stmt = $conn->prepare($sql);
+$stmt->execute();
+while ($drow = $stmt->fetch()) {
 $id = $drow['id'];
 $nick = $drow['nick'];
 

headz/medlemmar_info.php

@@ -40,8 +40,12 @@ else
   /* Använd intval() för att undvika s.k. SQL INJECTIONS,
      dvs. att folk kan typ radera din databas... */
 }
-$resultat = mysql_query("SELECT * FROM legacy_headz_medlem WHERE id = $medlem LIMIT 1") or die (mysql_error());
-if($row = mysql_fetch_array($resultat)) {
+
+$sql = "SELECT * FROM legacy_headz_medlem WHERE id = :id LIMIT 1";
+$stmt = $conn->prepare($sql);
+$stmt->bindParam(':id', $medlem, PDO::PARAM_INT);
+$stmt->execute();
+if ($row = $stmt->fetch()) {
 $id = $row['id'];
 $nick = $row['nick'];
 $name = $row['name'];

headz/nyheter.php

@@ -46,9 +46,11 @@ pageTracker._trackPageview();
 
 // Nu bestämmer vi antal per sida och kollar vi upp totala antalet
 $limit = 20; // Antal per sida
-$result = @mysql_query("SELECT count(*) as count FROM legacy_headz_nyheter") or die("Error fetching number in DB<br>".mysql_error());
-$row = @mysql_fetch_array($result);
-$numrows = $row['count']; // Antal i databasen
+
+$sql = "SELECT count(*) as count FROM legacy_headz_nyheter";
+$stmt = $conn->prepare($sql);
+$stmt->execute();
+$numrows = $stmt->fetchColumn();
 
 // Sedan kollar vi om startvariabeln är satt
 if (!isset($_GET['start']) || $_GET['start'] == "")
@@ -109,8 +111,11 @@ echo $numlink;
 
 <?php
 
-$resultat = mysql_query("SELECT * FROM legacy_headz_nyheter ORDER BY id ASC LIMIT ".$start.",".$limit."") or die (mysql_error());
-while($row = mysql_fetch_array($resultat)) {
+
+$sql = "SELECT * FROM legacy_headz_nyheter ORDER BY id ASC LIMIT $start, $limit";
+$stmt = $conn->prepare($sql);
+$stmt->execute();
+while ($row = $stmt->fetch()) {
 $id = $row['id'];
 $title = $row['title'];
 $profile = $row['profile'];

headz/nyheter_info.php

@@ -39,8 +39,12 @@ else
   /* Använd intval() för att undvika s.k. SQL INJECTIONS,
      dvs. att folk kan typ radera din databas... */
 }
-$resultat = mysql_query("SELECT * FROM legacy_headz_nyheter WHERE id = $nyhet LIMIT 1") or die (mysql_error());
-if($row = mysql_fetch_array($resultat)) {
+
+$sql = "SELECT * FROM legacy_headz_nyheter WHERE id = :id LIMIT 1";
+$stmt = $conn->prepare($sql);
+$stmt->bindParam(':id', $nyhet, PDO::PARAM_INT);
+$stmt->execute();
+if ($row = $stmt->fetch()) {
 $id = $row['id'];
 $title = $row['title'];
 $profile = $row['profile'];