Commit b50e613d by Saucy

Fix: PHP v7 database connection on legacy HeadZ website

parent 7a1b6a5b
# HeadZ
## Changes to make the website display on a PHP v7 configuration
Some updates are made to make the website usable/visible on PHP version 7. I've tried to change as little as possible because I still want it to show how my code looked back then, and I don't want to spend time updating something that's (for me) completely useless:
/conn.php:
- Change mysql connection to PDO.
- Remove mysql_real_escape_string().
/filer.php, /hem.php, /matcher_info.php, /matcher.php, /medlemmar_info.php, /medlemmar.php, /nyheter_info.php, /nyheter.php:
- Change mysql functions to PDO.
<?php
// Mysql config
$host = "localhost"; //mysql host
$database = "database_name"; //databas namn
$username = "username"; //database login
$password = "password"; //databas lösenord
$host = 'localhost'; //mysql host
$database = 'database'; //databas namn
$username = 'username'; //database login
$password = 'password'; //databas lösenord
// Main connection
$conn = mysql_connect($host, $username, $password);
mysql_select_db($database, $conn);
$conn = new PDO(
"mysql:host=$host;dbname=$database",
$username,
$password,
[
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
PDO::MYSQL_ATTR_FOUND_ROWS => true,
PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8'
]
);
// En funktion att användas när magic_quotes_gpc inte är satt. För att förhindra SQL-injections, eller i lidrigare fall MySQl-fel.
function db_escape ($post)
......@@ -17,7 +25,7 @@ function db_escape ($post)
if (get_magic_quotes_gpc()) {
$post = stripslashes($post);
}
return mysql_real_escape_string($post);
return $post;
}
foreach ($post as $key => $val) {
......@@ -32,4 +40,3 @@ function db_escape ($post)
Se till att det inte finns några dolda tecken, typ radbyte
eller mellanslag, efter den avslutande PHP-taggen !!!
*/
?>
......@@ -44,8 +44,10 @@ echo"<table width='100%' cellspacing='0' cellpadding='0' border='0'>
// Define $color=1
$color = "1";
$resultat = mysql_query("SELECT * FROM legacy_headz_demos ORDER BY id DESC") or die (mysql_error());
while($row = mysql_fetch_array($resultat)) {
$sql = "SELECT * FROM legacy_headz_demos ORDER BY id DESC";
$stmt = $conn->prepare($sql);
$stmt->execute();
while ($row = $stmt->fetch()) {
$id = $row['id'];
$game = $row['game'];
$opponent = $row['opponent'];
......@@ -248,8 +250,10 @@ echo"<table width='100%' cellspacing='0' cellpadding='0' border='0'>
// Define $color=1
$color = "1";
$resultat = mysql_query("SELECT * FROM legacy_headz_configs ORDER BY id DESC") or die (mysql_error());
while($row = mysql_fetch_array($resultat)) {
$sql = "SELECT * FROM legacy_headz_configs ORDER BY id DESC";
$stmt = $conn->prepare($sql);
$stmt->execute();
while ($row = $stmt->fetch()) {
$id = $row['id'];
$game = $row['game'];
$profile = $row['profile'];
......
......@@ -30,8 +30,11 @@ pageTracker._trackPageview();
<?php
$resultat = mysql_query("SELECT * FROM legacy_headz_nyheter ORDER BY id DESC LIMIT 4") or die (mysql_error());
while($row = mysql_fetch_array($resultat)) {
$sql = "SELECT * FROM legacy_headz_nyheter ORDER BY id DESC LIMIT 4";
$stmt = $conn->prepare($sql);
$stmt->execute();
while ($row = $stmt->fetch()) {
$id = $row['id'];
$title = $row['title'];
$profile = $row['profile'];
......
......@@ -49,8 +49,10 @@ echo"<table width='100%' cellspacing='0' cellpadding='0' border='0'>
$color = "1";
$aresultat = mysql_query("SELECT * FROM legacy_headz_matcher ORDER BY id DESC") or die (mysql_error());
while($row = mysql_fetch_array($aresultat)) {
$sql = "SELECT * FROM legacy_headz_matcher ORDER BY id DESC";
$stmt = $conn->prepare($sql);
$stmt->execute();
while ($row = $stmt->fetch()) {
$id = $row['id'];
$game = $row['game'];
$on = $row['on'];
......@@ -134,8 +136,10 @@ echo"<table width='100%' cellspacing='0' cellpadding='0' border='0'>
$color = "1";
$bresultat = mysql_query("SELECT * FROM legacy_headz_matcher ORDER BY id DESC") or die (mysql_error());
while($row = mysql_fetch_array($bresultat)) {
$sql = "SELECT * FROM legacy_headz_matcher ORDER BY id DESC";
$stmt = $conn->prepare($sql);
$stmt->execute();
while ($row = $stmt->fetch()) {
$id = $row['id'];
$game = $row['game'];
$on = $row['on'];
......@@ -221,8 +225,10 @@ echo"<table width='100%' cellspacing='0' cellpadding='0' border='0'>
$color = "1";
$cresultat = mysql_query("SELECT * FROM legacy_headz_matcher ORDER BY id DESC") or die (mysql_error());
while($row = mysql_fetch_array($cresultat)) {
$sql = "SELECT * FROM legacy_headz_matcher ORDER BY id DESC";
$stmt = $conn->prepare($sql);
$stmt->execute();
while ($row = $stmt->fetch()) {
$id = $row['id'];
$game = $row['game'];
$on = $row['on'];
......@@ -307,8 +313,10 @@ echo"<table width='100%' cellspacing='0' cellpadding='0' border='0'>
$color = "1";
$dresultat = mysql_query("SELECT * FROM legacy_headz_demos ORDER BY id DESC") or die (mysql_error());
while($row = mysql_fetch_array($dresultat)) {
$sql = "SELECT * FROM legacy_headz_demos ORDER BY id DESC";
$stmt = $conn->prepare($sql);
$stmt->execute();
while ($row = $stmt->fetch()) {
$id = $row['id'];
$game = $row['game'];
$profile = $row['profile'];
......
......@@ -38,8 +38,11 @@ else
/* Använd intval() för att undvika s.k. SQL INJECTIONS,
dvs. att folk kan typ radera din databas... */
}
$resultat = mysql_query("SELECT * FROM legacy_headz_matcher WHERE id = $match LIMIT 1") or die (mysql_error());
if($row = mysql_fetch_array($resultat)) {
$sql = "SELECT * FROM legacy_headz_matcher WHERE id = $match LIMIT 1";
$stmt = $conn->prepare($sql);
$stmt->execute();
if ($row = $stmt->fetch()) {
$id = $row['id'];
$game = $row['game'];
$opponent = $row['opponent'];
......
......@@ -38,8 +38,10 @@ echo "<table width='100%' cellspacing='0' cellpadding='0' border='0'>";
echo "<tr><td height='50' colspan='9'></td></tr>";
echo "<tr><td width='50%'></td><td>";
$aresultat = mysql_query("SELECT id, nick FROM legacy_headz_medlem WHERE id IN ('1','2','18,','19','20','21') ORDER BY id ASC") or die (mysql_error());
while($arow = mysql_fetch_array($aresultat)) {
$sql = "SELECT id, nick FROM legacy_headz_medlem WHERE id IN ('1','2','18,','19','20','21') ORDER BY id ASC";
$stmt = $conn->prepare($sql);
$stmt->execute();
while ($arow = $stmt->fetch()) {
$id = $arow['id'];
$nick = $arow['nick'];
......@@ -123,8 +125,10 @@ echo "</td><td width='50%'></td></tr>";
echo "<tr><td height='50' colspan='9'></td></tr>";
echo "<tr><td width='5%'></td><td>";
$aresultat = mysql_query("SELECT id, nick FROM legacy_headz_medlem WHERE id IN ('22','23','24','25','26','27') ORDER BY id ASC") or die (mysql_error());
while($arow = mysql_fetch_array($aresultat)) {
$sql = "SELECT id, nick FROM legacy_headz_medlem WHERE id IN ('22','23','24','25','26','27') ORDER BY id ASC";
$stmt = $conn->prepare($sql);
$stmt->execute();
while ($arow = $stmt->fetch()) {
$id = $arow['id'];
$nick = $arow['nick'];
......@@ -215,8 +219,10 @@ echo "<table width='100%' cellspacing='0' cellpadding='0' border='0'>";
echo "<tr><td height='50' colspan='9'></td></tr>";
echo "<tr><td width='50%'></td><td>";
$bresultat = mysql_query("SELECT id, nick FROM legacy_headz_medlem WHERE id IN ('1','9','10','11,') ORDER BY id ASC") or die (mysql_error());
while($brow = mysql_fetch_array($bresultat)) {
$sql = "SELECT id, nick FROM legacy_headz_medlem WHERE id IN ('1','9','10','11,') ORDER BY id ASC";
$stmt = $conn->prepare($sql);
$stmt->execute();
while ($brow = $stmt->fetch()) {
$id = $brow['id'];
$nick = $brow['nick'];
......@@ -301,9 +307,10 @@ echo "</td><td width='50%'></td></tr>";
echo "<tr><td height='50' colspan='9'></td></tr>";
echo "<tr><td width='5%'></td><td>";
$bresultat = mysql_query("SELECT id, nick FROM legacy_headz_medlem WHERE id IN ('15','16','17') ORDER BY id ASC") or die (mysql_error());
while($brow = mysql_fetch_array($bresultat)) {
$sql = "SELECT id, nick FROM legacy_headz_medlem WHERE id IN ('15','16','17') ORDER BY id ASC";
$stmt = $conn->prepare($sql);
$stmt->execute();
while ($brow = $stmt->fetch()) {
$id = $brow['id'];
$nick = $brow['nick'];
......@@ -394,8 +401,10 @@ echo "<table width='100%' cellspacing='0' cellpadding='0' border='0'>";
echo "<tr><td height='50' colspan='9'></td></tr>";
echo "<tr><td width='50%'></td><td>";
$cresultat = mysql_query("SELECT id, nick FROM legacy_headz_medlem WHERE id IN ('1','9','10,') ORDER BY id ASC") or die (mysql_error());
while($crow = mysql_fetch_array($cresultat)) {
$sql = "SELECT id, nick FROM legacy_headz_medlem WHERE id IN ('1','9','10,') ORDER BY id ASC";
$stmt = $conn->prepare($sql);
$stmt->execute();
while ($crow = $stmt->fetch()) {
$id = $crow['id'];
$nick = $crow['nick'];
......@@ -576,8 +585,10 @@ echo "<table width='100%' cellspacing='0' cellpadding='0' border='0'>";
echo "<tr><td height='50' colspan='9'></td></tr>";
echo "<tr><td width='50%'></td><td>";
$dresultat = mysql_query("SELECT id, nick FROM legacy_headz_medlem WHERE id IN ('1','9','10,') ORDER BY id ASC") or die (mysql_error());
while($drow = mysql_fetch_array($dresultat)) {
$sql = "SELECT id, nick FROM legacy_headz_medlem WHERE id IN ('1','9','10,') ORDER BY id ASC";
$stmt = $conn->prepare($sql);
$stmt->execute();
while ($drow = $stmt->fetch()) {
$id = $drow['id'];
$nick = $drow['nick'];
......
......@@ -40,8 +40,12 @@ else
/* Använd intval() för att undvika s.k. SQL INJECTIONS,
dvs. att folk kan typ radera din databas... */
}
$resultat = mysql_query("SELECT * FROM legacy_headz_medlem WHERE id = $medlem LIMIT 1") or die (mysql_error());
if($row = mysql_fetch_array($resultat)) {
$sql = "SELECT * FROM legacy_headz_medlem WHERE id = :id LIMIT 1";
$stmt = $conn->prepare($sql);
$stmt->bindParam(':id', $medlem, PDO::PARAM_INT);
$stmt->execute();
if ($row = $stmt->fetch()) {
$id = $row['id'];
$nick = $row['nick'];
$name = $row['name'];
......
......@@ -46,9 +46,11 @@ pageTracker._trackPageview();
// Nu bestämmer vi antal per sida och kollar vi upp totala antalet
$limit = 20; // Antal per sida
$result = @mysql_query("SELECT count(*) as count FROM legacy_headz_nyheter") or die("Error fetching number in DB<br>".mysql_error());
$row = @mysql_fetch_array($result);
$numrows = $row['count']; // Antal i databasen
$sql = "SELECT count(*) as count FROM legacy_headz_nyheter";
$stmt = $conn->prepare($sql);
$stmt->execute();
$numrows = $stmt->fetchColumn();
// Sedan kollar vi om startvariabeln är satt
if (!isset($_GET['start']) || $_GET['start'] == "")
......@@ -109,8 +111,11 @@ echo $numlink;
<?php
$resultat = mysql_query("SELECT * FROM legacy_headz_nyheter ORDER BY id ASC LIMIT ".$start.",".$limit."") or die (mysql_error());
while($row = mysql_fetch_array($resultat)) {
$sql = "SELECT * FROM legacy_headz_nyheter ORDER BY id ASC LIMIT $start, $limit";
$stmt = $conn->prepare($sql);
$stmt->execute();
while ($row = $stmt->fetch()) {
$id = $row['id'];
$title = $row['title'];
$profile = $row['profile'];
......
......@@ -39,8 +39,12 @@ else
/* Använd intval() för att undvika s.k. SQL INJECTIONS,
dvs. att folk kan typ radera din databas... */
}
$resultat = mysql_query("SELECT * FROM legacy_headz_nyheter WHERE id = $nyhet LIMIT 1") or die (mysql_error());
if($row = mysql_fetch_array($resultat)) {
$sql = "SELECT * FROM legacy_headz_nyheter WHERE id = :id LIMIT 1";
$stmt = $conn->prepare($sql);
$stmt->bindParam(':id', $nyhet, PDO::PARAM_INT);
$stmt->execute();
if ($row = $stmt->fetch()) {
$id = $row['id'];
$title = $row['title'];
$profile = $row['profile'];
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment