search

anvc / scalar

Born-digital, open source, media-rich scholarly publishing that’s as easy as blogging.
Other
231 stars 73 forks source link

Update codeigniter.php #31

Closed paulshannon closed 8 years ago

paulshannon commented 8 years ago

Remove DEPRECATED php warnings (mysqli and other are throwing them in recent php installs)

craigdietrich commented 8 years ago

Ah, so you're using the mysqli driver but there's a mysql_escape_string() slipping through? I think I noticed that before (it's a backup when something else doesn't exist). I'll take a look and report back.

craigdietrich commented 8 years ago

Hi @paulshannon,

Sorry it took me so long to circle back to this. As to the deprecation warning, CodeIgniter should only get to 'mysql_escape_string' in the event that mysqli_real_escape_string() doesn't exist (this is from system/database/drivers/mysqli/mysqli_driver.php):

if (function_exists('mysqli_real_escape_string') AND is_object($this->conn_id))
{
  $str = mysqli_real_escape_string($this->conn_id, $str);
}
elseif (function_exists('mysql_escape_string'))
{
  $str = mysql_escape_string($str);
}
else
{
  $str = addslashes($str);
}

Odd thing is, why would your system have mysqli operating, but the function 'mysqli_real_escape_string' not exist?

Here's some simple PHP that I ran on scalar.usc.edu, it returned "1",

echo 'mysqli_real_escape_string exists? ';
echo function_exists('mysqli_real_escape_string');

Curious your thoughts?

rust-lucas commented 8 years ago

Hey guys, just wanted to throw my two cents into the ring - I've run into this a bunch, and just to break down the way CodeIgniter decides which PDO to use:

  1. If we have a valid MySQL connection, and mysqli_real_escape_string exists, use mysqli
  2. Otherwise, if mysql_real_escape_string exists, use mysql - note: there is no check to make sure the DB object exists and can connect here!

So, if your server is able to use mySQLi (and it should be, if your PHP version is throwing deprecated errors), the only reason we would move to 2 would be if the DB connection had trouble connecting to the MySQL server (and thus, we would get DEPRECATED warnings.) So, in a nutshell - could you check to make sure that your DB connection settings are correct, and that you don't have any errors in either your apache, codeigniter, or mysql logs? Lucas

On Sat, Jun 25, 2016 at 7:23 PM, Craig Dietrich notifications@github.com wrote:

Hi @paulshannon https://github.com/paulshannon,

Sorry it took me so long to circle back to this. As to the deprecation warning, CodeIgniter should only get to 'mysql_escape_string' in the event that mysqli_real_escape_string() doesn't exist (this is from system/database/drivers/mysqli/mysqli_driver.php):

if (function_exists('mysqli_real_escape_string') AND is_object($this->conn_id)) { $str = mysqli_real_escape_string($this->conn_id, $str); } elseif (function_exists('mysql_escape_string')) { $str = mysql_escape_string($str); } else { $str = addslashes($str); }

Odd thing is, why would your system have mysqli operating, but the function 'mysqli_real_escape_string' not exist?

Here's some simple PHP that I ran on scalar.usc.edu, it returned "1",

echo 'mysqli_real_escape_string exists? '; echo function_exists('mysqli_real_escape_string');

Curious your thoughts?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/anvc/scalar/pull/31#issuecomment-228580629, or mute the thread https://github.com/notifications/unsubscribe/ABWWCHmflzo9KSxOCFtqOaqsEM9UMLGzks5qPeKHgaJpZM4HhAS8 .

paulshannon commented 8 years ago

No particular thoughts on this @craigdietrich; I'm at a new job and don't use PHP much,

craigdietrich commented 8 years ago

@paulshannon Ah, okay, no worries. Are you still working with Scalar?

paulshannon commented 8 years ago

Nope.