From 72724a4ce8e2630c21566ffd435706dc5dde2f7e Mon Sep 17 00:00:00 2001 From: Brandon Hudson Date: Tue, 14 Mar 2017 19:03:28 -0400 Subject: [PATCH 1/3] Deprecate all mysql_ commands. --- api/entity.php | 32 ++++++++++++++-------------- api/generate.php | 6 +++--- api/schedule.php | 46 ++++++++++++++++++++-------------------- api/search.php | 6 +++--- api/status.php | 4 ++-- inc/databaseConn.php | 44 ++++++++++++++++++++++---------------- tools/processDump.php | 10 +++++---- tools/pruneSchedules.php | 6 +++--- 8 files changed, 82 insertions(+), 72 deletions(-) diff --git a/api/entity.php b/api/entity.php index bfb6574..2afdc31 100644 --- a/api/entity.php +++ b/api/entity.php @@ -45,14 +45,14 @@ AND s.status != 'X' GROUP BY c.id ORDER BY course"; - $result = mysql_query($query); + $result = $dbConn->query($query); if(!$result) { - die(json_encode(array("error" => "mysql", "msg" => mysql_error()))); + die(json_encode(array("error" => "mysql", "msg" => $dbConn->error))); } // Collect the courses and turn it into a json $courses = array(); - while($course = mysql_fetch_assoc($result)) { + while($course = $result->fetch_assoc()) { $courses[] = array( "id" => $course['id'], "course" => $course['course'], @@ -98,14 +98,14 @@ AND number IS NOT NULL ORDER BY id"; } - $result = mysql_query($query); + $result = $db->query($query); if(!$result) { - die(json_encode(array("error" => "mysql", "msg" => mysql_error()))); + die(json_encode(array("error" => "mysql", "msg" => $db->error))); } // Collect the departments and turn it into a json $departments = array(); - while($department = mysql_fetch_assoc($result)) { + while($department = $result->fetch_assoc()) { $departments[] = array( "id" => $department['id'], "title" => $department['title'], @@ -122,14 +122,14 @@ // REQUEST FOR LIST OF SCHOOLS ///////////////////////////////////// // Query for the schools $query = "SELECT `id`, `number`, `code`, `title` FROM schools"; - $result = mysql_query($query); + $result = $dbConn->query($query); if(!$result) { die(json_encode(array("error" => "database", "msg" => "The list of schools could not be retrieved at this time."))); } // Build an array of schools $schools = array(); - while($school = mysql_fetch_assoc($result)) { + while($school = $result->fetch_assoc()) { $schools[] = $school; } @@ -154,14 +154,14 @@ $query = "SELECT id, number AS code, title FROM schools WHERE number IS NOT NULL ORDER BY number"; } // Query for the schools - $result = mysql_query($query); + $result = $dbConn->query($query); if(!$result) { die(json_encode(array("error" => "database", "msg" => "The list of schools could not be retrieved at this time."))); } // Build an array of schools $schools = array(); - while($school = mysql_fetch_assoc($result)) { + while($school = $result->fetch_assoc()) { $schools[] = $school; } @@ -186,14 +186,14 @@ WHERE s.course = '{$_POST['course']}' AND s.status != 'X' ORDER BY c.course, s.section"; - $sectionResult = mysql_query($query); + $sectionResult = $dbConn->query($query); if(!$sectionResult) { - die(json_encode(array("error" => "mysql", "msg" => mysql_error()))); + die(json_encode(array("error" => "mysql", "msg" => $dbConn->error))); } // Collect the sections and their times, modify the section inline $sections = array(); - while($section = mysql_fetch_assoc($sectionResult)) { + while($section = $sectionResult->fetch_assoc()) { $section['times'] = array(); // Set the course title depending on its section title @@ -216,12 +216,12 @@ JOIN buildings AS b ON b.number=t.building WHERE t.section = '{$section['id']}' ORDER BY day, start"; - $timeResult = mysql_query($query); + $timeResult = $dbConn->query($query); if(!$timeResult) { - die(json_encode(array("error" => "mysql", "msg" => mysql_error()))); + die(json_encode(array("error" => "mysql", "msg" => $dbConn->error))); } - while($time = mysql_fetch_assoc($timeResult)) { + while($time = $timeResult->fetch_assoc()) { $timeOutput = array( 'start' => $time['start'], 'end' => $time['end'], diff --git a/api/generate.php b/api/generate.php index 6fea987..a9f5245 100644 --- a/api/generate.php +++ b/api/generate.php @@ -353,14 +353,14 @@ function pruneSpecialCourses($schedules, $courseGroups) { // Close it up and provide order $query .= " ORDER BY c.course, s.section"; - $result = mysql_query($query); + $result = $dbConn->query($query); if(!$result) { die(json_encode(array("error" => "mysql", "msg" => "A database error occurred while searching for {$course}"))); } - if(mysql_num_rows($result) == 0) { continue; } + if($result->num_rows == 0) { continue; } // Fetch all the results and append them to the list - while($row = mysql_fetch_assoc($result)) { + while($row = $result->fetch_assoc()) { $courseOptions[] = getCourseBySectionId($row['id']); } } diff --git a/api/schedule.php b/api/schedule.php index 36601e6..5f81baa 100644 --- a/api/schedule.php +++ b/api/schedule.php @@ -30,13 +30,13 @@ function icalFormatTime($time) { function generateIcal($schedule) { // Globals - global $HTTPROOTADDRESS; + global $HTTPROOTADDRESS, $dbConn; // We need to lookup the information about the quarter - $term = mysql_real_escape_string($schedule['term']); + $term = $dbConn->real_escape_string($schedule['term']); $query = "SELECT start, end, breakstart, breakend FROM quarters WHERE quarter='{$term}'"; - $result = mysql_query($query); - $term = mysql_fetch_assoc($result); + $result = $dbConn->query($query); + $term = $result->fetch_assoc(); $termStart = strtotime($term['start']); $termEnd = date("Ymd", strtotime($term['end'])); @@ -106,15 +106,15 @@ function getScheduleFromId($id) { // Query to see if the id exists, if we can update the last accessed time, // then the id most definitely exists. $query = "UPDATE schedules SET datelastaccessed = NOW() WHERE id={$id}"; - $result = mysql_query($query); + $result = $dbConn->query($query); $query = "SELECT startday, endday, starttime, endtime, building, `quarter`, CAST(`image` AS unsigned int) AS `image` FROM schedules WHERE id={$id}"; - $result = mysql_query($query); + $result = $dbConn->query($query); if(!$result) { return NULL; } - $scheduleInfo = mysql_fetch_assoc($result); + $scheduleInfo = $result->fetch_assoc(); if(!$scheduleInfo) { return NULL; } @@ -133,18 +133,18 @@ function getScheduleFromId($id) { // It exists, so grab all the courses that exist for this schedule $query = "SELECT section FROM schedulecourses WHERE schedule = {$id}"; - $result = mysql_query($query); - while($course = mysql_fetch_assoc($result)) { + $result = $dbConn->query($query); + while($course = $result->fetch_assoc()) { $schedule[] = getCourseBySectionId($course['section']); } // Grab all the non courses that exist for this schedule $query = "SELECT * FROM schedulenoncourses WHERE schedule = $id"; - $result = mysql_query($query); + $result = $dbConn->query($query); if(!$result) { - echo mysql_error(); + echo $dbConn->error(); } - while($nonCourseInfo = mysql_fetch_assoc($result)) { + while($nonCourseInfo = $result->fetch_assoc()) { $schedule[] = array( "title" => $nonCourseInfo['title'], "courseNum" => "non", @@ -171,11 +171,11 @@ function getScheduleFromId($id) { function getScheduleFromOldId($id) { $query = "SELECT id FROM schedules WHERE oldid = '{$id}'"; - $result = mysql_query($query); - if(!$result || mysql_num_rows($result) != 1) { + $result = $dbConn->query($query); + if(!$result || $result->num_rows != 1) { return NULL; } else { - $newId = mysql_fetch_assoc($result); + $newId = $result->fetch_assoc(); $newId = $newId['id']; $schedule = getScheduleFromId($newId); $schedule['id'] = $newId; @@ -337,19 +337,19 @@ function renderSvg($svg, $id) { $query = "INSERT INTO schedules (oldid, startday, endday, starttime, endtime, building, quarter)" . " VALUES('', '{$json['startday']}', '{$json['endday']}', '{$json['starttime']}', '{$json['endtime']}', '{$json['building']}', " . " '{$json['term']}')"; - $result = mysql_query($query); + $result = $dbConn->query($query); if(!$result) { - die(json_encode(array("error" => "mysql", "msg" => "Failed to store the schedule: " . mysql_error($dbConn)))); + die(json_encode(array("error" => "mysql", "msg" => "Failed to store the schedule: " . $dbConn->error))); } // Grab the latest id for the schedule - $schedId = mysql_insert_id(); + $schedId = $dbConn->insert_id; // Optionally process the svg for the schedule $image = false; if(!empty($_POST['svg']) && renderSvg($_POST['svg'], $schedId)) { $query = "UPDATE schedules SET image = ((1)) WHERE id = '{$schedId}'"; - mysql_query($query); // We don't particularly care if this fails + $dbConn->query($query); // We don't particularly care if this fails } // Now iterate through the schedule @@ -360,18 +360,18 @@ function renderSvg($svg, $id) { foreach($item['times'] as $time) { $query = "INSERT INTO schedulenoncourses (title, day, start, end, schedule)" . " VALUES('{$item['title']}', '{$time['day']}', '{$time['start']}', '{$time['end']}', '{$schedId}')"; - $result = mysql_query($query); + $result = $dbConn->query($query); if(!$result) { - die(json_encode(array("error" => "mysql", "msg" => "Storing non-course item '{$item['title']}' failed: " . mysql_error($dbConn)))); + die(json_encode(array("error" => "mysql", "msg" => "Storing non-course item '{$item['title']}' failed: " . $dbConn->error))); } } } else { // Process each course. It's crazy simple now. $query = "INSERT INTO schedulecourses (schedule, section)" . " VALUES('{$schedId}', '{$item['id']}')"; - $result = mysql_query($query); + $result = $dbConn->query($query); if(!$result) { - die(json_encode(array("error" => "mysql", "msg" => "Storing a course '{$item['courseNum']}' failed: " . mysql_error($dbConn)))); + die(json_encode(array("error" => "mysql", "msg" => "Storing a course '{$item['courseNum']}' failed: " . $dbConn->erorr))); } } } diff --git a/api/search.php b/api/search.php index f233219..7841702 100644 --- a/api/search.php +++ b/api/search.php @@ -144,19 +144,19 @@ function assertNumeric($var, $name) { } // Run it! - $result = mysql_query($query); + $result = $dbConn->query($query); if(!$result) { echo json_encode(array("error" => "mysql", "msg" => "An error occurred while searching the database.")); break; } - if(mysql_num_rows($result) == 0) { + if($result->num_rows == 0) { echo json_encode(array("error" => "result", "msg" => "No courses matched your criteria")); break; } // Now we build an array of the results $courses = array(); - while($row = mysql_fetch_assoc($result)) { + while($row = $result->fetch_assoc()) { $courses[] = $row['id']; } // @todo: store this in session to avoid lengthy and costly queries diff --git a/api/status.php b/api/status.php index d773f29..d0f11c5 100644 --- a/api/status.php +++ b/api/status.php @@ -49,9 +49,9 @@ function timeElapsed($time) { // MAIN EXECUTION ////////////////////////////////////////////////////////// // Look up the last 20 scrape reports and store into an array $query = "SELECT * FROM scrapelog ORDER BY timeStarted DESC LIMIT 20"; -$result = mysql_query($query); +$result = $dbConn->query($query); $lastLogs = array(); -while($row = mysql_fetch_assoc($result)) { +while($row = $result->fetch_assoc()) { $lastLogs[] = $row; } echo json_encode($lastLogs); \ No newline at end of file diff --git a/inc/databaseConn.php b/inc/databaseConn.php index 8a0640e..b7d4362 100644 --- a/inc/databaseConn.php +++ b/inc/databaseConn.php @@ -24,12 +24,12 @@ // Make a connection to the database global $DATABASE_SERVER, $DATABASE_USER, $DATABASE_PASS, $DATABASE_DB; -$dbConn = mysql_connect($DATABASE_SERVER, $DATABASE_USER, $DATABASE_PASS); -mysql_select_db($DATABASE_DB, $dbConn); + +$dbConn = new mysqli($DATABASE_SERVER, $DATABASE_USER, $DATABASE_PASS, $DATABASE_DB); // Error check if(!$dbConn) { - die("Could not connect to database: " . mysql_error()); + die("Could not connect to database: " . $dbConn->connect_error); } //////////////////////////////////////////////////////////////////////////// @@ -54,8 +54,9 @@ function isSpecialSection($courseInfo) { * @return array A course array with all the information about the course */ function getMeetingInfo($sectionData) { - // Store the course information + global $dbConn; + // Store the course information $course = array( "title" => $sectionData['title'], "instructor" => $sectionData['instructor'], @@ -82,11 +83,11 @@ function getMeetingInfo($sectionData) { $query = "SELECT b.code, b.number, b.off_campus, t.room, t.day, t.start, t.end "; $query .= "FROM times AS t JOIN buildings AS b ON b.number=t.building "; $query .= "WHERE section = {$sectionData['id']}"; - $result = mysql_query($query); + $result = $dbConn->query($query); if(!$result) { - throw new Exception("mysql:" . mysql_error()); + throw new Exception("mysql:" . $dbConn->error); } - while($row = mysql_fetch_assoc($result)) { + while($row = $result->fetch_assoc()) { $course["times"][] = array( "bldg" => array("code"=>$row['code'], "number"=>$row['number']), "room" => $row['room'], @@ -108,6 +109,8 @@ function getMeetingInfo($sectionData) { * @return array The information about the section */ function getCourseBySectionId($id, $withDescription = false) { + global $dbConn; + // Sanity check for the section id if($id == "" || !is_numeric($id)) { trigger_error("A valid section id was not provided"); @@ -127,9 +130,9 @@ function getCourseBySectionId($id, $withDescription = false) { WHERE s.id = '{$id}'"; // Actually run the query - $result = mysql_query($query); + $result = $dbConn->query($query); // @TODO: Error handling - $row = mysql_fetch_assoc($result); + $row = $result->fetch_assoc(); if($row['quarter'] > 20130) { $row['department'] = $row['code']; } else { @@ -153,6 +156,8 @@ function getCourseBySectionId($id, $withDescription = false) { * @return array Course formatted into array as described above */ function getCourse($term, $dept, $courseNum, $sectNum) { + global $dbConn; + // Build the query if($term > 20130) { $query = "SELECT s.id, @@ -177,16 +182,16 @@ function getCourse($term, $dept, $courseNum, $sectNum) { } // Execute the query and error check - $result = mysql_query($query); + $result = $dbConn->query($query); if(!$result) { - throw new Exception("mysql:" . mysql_error()); - } elseif(mysql_num_rows($result) > 1) { + throw new Exception("mysql:" . $db->error); + } elseif($result->num_rows > 1) { throw new Exception("ambiguous:{$term}-{$dept}-{$courseNum}-{$sectNum}"); - } elseif(mysql_num_rows($result) == 0) { + } elseif($result->num_rows == 0) { throw new Exception("objnotfound:{$term}-{$dept}-{$courseNum}-{$sectNum}"); } - return getMeetingInfo(mysql_fetch_assoc($result)); + return getMeetingInfo($result->fetch_assoc()); } /** @@ -195,18 +200,19 @@ function getCourse($term, $dept, $courseNum, $sectNum) { * @return the array of terms */ function getTerms() { - + global $dbConn; + $terms = array(); // Query the database for the quarters $query = "SELECT quarter FROM quarters ORDER BY quarter DESC"; - $result = mysql_query($query); + $result = $dbConn->query($query); // Output the quarters as options $curYear = 0; $termGroupName = ""; - while($row = mysql_fetch_assoc($result)) { + while($row = $result->fetch_assoc()) { $term = $row['quarter']; // Parse it into a year-quarter thingy @@ -254,6 +260,8 @@ function getTerms() { * @return mixed The item after it has been sanitized */ function sanitize($item) { + global $dbConn; + if(is_array($item)) { // If it's an array, then recursively call it on the item foreach($item as $key => $value) { @@ -263,6 +271,6 @@ function sanitize($item) { } else { // Base case, return the sanitized item $item = htmlentities($item, ENT_QUOTES); - return mysql_real_escape_string($item); + return $dbConn->real_escape_string($item); } } diff --git a/tools/processDump.php b/tools/processDump.php index 784a635..d618b49 100644 --- a/tools/processDump.php +++ b/tools/processDump.php @@ -330,11 +330,13 @@ function fileToTempTable($tableName, $file, $fields, $fileSize, $procFunc=NULL) // Process the class file function procClassArray($lineSplit) { + global $dbConn; + // Escape class title, description, and course number (since it needs to be trimmed) - $lineSplit[6] = mysql_real_escape_string(trim($lineSplit[6])); - $lineSplit[7] = mysql_real_escape_string($lineSplit[7]); - $lineSplit[8] = mysql_real_escape_string(trim($lineSplit[8])); - $lineSplit[23] = mysql_real_escape_string($lineSplit[23]); + $lineSplit[6] = $dbConn->real_escape_string(trim($lineSplit[6])); + $lineSplit[7] = $dbConn->real_escape_string($lineSplit[7]); + $lineSplit[8] = $dbConn->real_escape_string(trim($lineSplit[8])); + $lineSplit[23] = $dbConn->real_escape_string($lineSplit[23]); // Grab the integer credit count (they give it to us as a decimal) preg_match('/(\d)+\.\d\d/', $lineSplit[11], $match); diff --git a/tools/pruneSchedules.php b/tools/pruneSchedules.php index cd5bc9a..7527af8 100644 --- a/tools/pruneSchedules.php +++ b/tools/pruneSchedules.php @@ -23,12 +23,12 @@ // 90 days $ninetyDaysAgo = date("Y-m-d H:i:s", strtotime("-90 days")); $query = "DELETE FROM schedules WHERE datelastaccessed < '{$ninetyDaysAgo}'"; -$result = mysql_query($query, $dbConn); +$result = $dbConn->query($query); if(!$result) { echo("*** Failed to run pruning query:\n"); - echo(mysql_error() . "\n"); + echo($dbConn->error . "\n"); } else { - echo("... " . mysql_affected_rows($dbConn) . " schedules deleted\n"); + echo("... " . $dbConn->affected_rows . " schedules deleted\n"); } ?> From c67b26bc5a71371887b6fcfa5dc46dcc0b618a36 Mon Sep 17 00:00:00 2001 From: Brandon Hudson Date: Mon, 20 Mar 2017 12:48:36 -0400 Subject: [PATCH 2/3] Add global reference to db connection object. --- api/schedule.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/api/schedule.php b/api/schedule.php index 5f81baa..1abf188 100644 --- a/api/schedule.php +++ b/api/schedule.php @@ -103,6 +103,8 @@ function generateIcal($schedule) { } function getScheduleFromId($id) { + global $dbConn; + // Query to see if the id exists, if we can update the last accessed time, // then the id most definitely exists. $query = "UPDATE schedules SET datelastaccessed = NOW() WHERE id={$id}"; @@ -170,6 +172,8 @@ function getScheduleFromId($id) { } function getScheduleFromOldId($id) { + global $dbConn; + $query = "SELECT id FROM schedules WHERE oldid = '{$id}'"; $result = $dbConn->query($query); if(!$result || $result->num_rows != 1) { From f207781803a34025b4ec65937fa5ad01f4bb667f Mon Sep 17 00:00:00 2001 From: Brandon Hudson Date: Mon, 20 Mar 2017 21:31:05 -0400 Subject: [PATCH 3/3] Fix two variable references. --- api/entity.php | 4 ++-- inc/databaseConn.php | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/api/entity.php b/api/entity.php index 2afdc31..d6c409c 100644 --- a/api/entity.php +++ b/api/entity.php @@ -98,9 +98,9 @@ AND number IS NOT NULL ORDER BY id"; } - $result = $db->query($query); + $result = $dbConn->query($query); if(!$result) { - die(json_encode(array("error" => "mysql", "msg" => $db->error))); + die(json_encode(array("error" => "mysql", "msg" => $dbConn->error))); } // Collect the departments and turn it into a json diff --git a/inc/databaseConn.php b/inc/databaseConn.php index b7d4362..684f651 100644 --- a/inc/databaseConn.php +++ b/inc/databaseConn.php @@ -184,7 +184,7 @@ function getCourse($term, $dept, $courseNum, $sectNum) { // Execute the query and error check $result = $dbConn->query($query); if(!$result) { - throw new Exception("mysql:" . $db->error); + throw new Exception("mysql:" . $dbConn->error); } elseif($result->num_rows > 1) { throw new Exception("ambiguous:{$term}-{$dept}-{$courseNum}-{$sectNum}"); } elseif($result->num_rows == 0) {