Udara Madushan - 2017-08-28 15:11:35
Will this block SQL Injections & Shell scripts? How to use this in running script ?
Dave Smith - 2017-08-28 16:40:40 - In reply to message 1 from Udara Madushan
It does not automatically prepare statements, it replaces mysql with mysqli when the mysql extension goes away, as it did in php 7.
You simply include the class, and if the mysql extension is not present then it takes over. It should be used as a stop gap to keep scripts running until they can be updated to mysqli or pdo.
Udara Madushan - 2017-08-30 11:10:09 - In reply to message 2 from Dave Smith
Thanks a lot, Is that mean there is no security due to SQL Injunctions or Shell script if we do not adhere prepred statement ? even use mysqli..?
Am I only have to do is,include this library from my 'header.php' file ??? Then it will replace the current mysql_ call to new library format ? isn't it ?
Dave Smith - 2017-08-30 19:18:11 - In reply to message 3 from Udara Madushan
Using prepared statements automatically sanitizes the query, however this class does not create prepared statements for you. If your script using mysql does not properly sanitize then it will still be vulnerable using mysqli.
Assuming that your header.php file is included in all the source files, then yes you would include this class there. It will only replace mysql with mysqli when the mysql extension is no longer present. If you are running on PHP 5 then this class does nothing until you update to PHP 7.
Udara Madushan - 2017-08-31 06:49:04 - In reply to message 4 from Dave Smith
With your informative comment I tested this class in my test room where platform is PHP 7.
I found certain scripts I happened to change limited areas.
Finally I stucked at where i has used
Script gave me error there.. Isn't there any fixed code to rectify that also using your class ?
According to the critical mysql methods I have only used this.. So if i have some solution for this I would be better more..
In update I happened to remove auto_incremental values.. Then it was DONE..
Thanks very much Dave for sharing this kind of element.. Bye
Dave Smith - 2017-09-01 02:44:30 - In reply to message 5 from Udara Madushan
There have been problems with the mysql_result replacement. Some fixes are shown in other threads here. I haven't gotten around to updating the class yet, I will try in the next couple of days.
There is not a replacement in mysqli since it was removed after being the cause of many slow queries.
Udara Madushan - 2017-09-03 15:29:48 - In reply to message 6 from Dave Smith
Thanks a lot.. I'm waiting till you update the class.. Could you please update it soon ???
I think many people may waiting for this..
Thanks a lot. Please update into this thread once you will update it....
Dave Smith - 2017-09-04 04:15:28 - In reply to message 7 from Udara Madushan
Class updated, let me know if you are still having issues.
Udara Madushan - 2017-09-04 04:42:28 - In reply to message 8 from Dave Smith
Thanks a lot and highly appreciate your quick response.Sure I will test this and let you know further issues or not.. But give me couple of day since I will quite busy next 3 to 4 days...
Udara Madushan - 2017-09-04 08:36:38 - In reply to message 8 from Dave Smith
I replaced the current class files and replaced by new files. Then executed the script.. I couldn't find any progress out of this.. But I'm not sure its due to the mysql_result issue or some other issue in my script..
I simply included you class on my scripts. But I found some ajax calls not operating..
I think I have to manually go through the script.