TwoTalesDev/4WDCSA.co.za
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove: Deprecated MySQLi functions - convert to OOP prepared statements

Browse Source 
- create_bar_tab.php: Replaced mysqli_real_escape_string() and procedural mysqli_query/mysqli_num_rows/mysqli_error with OOP prepared statements
- submit_order.php: Replaced mysqli_real_escape_string() and procedural mysqli_query/mysqli_error with OOP prepared statements
- fetch_drinks.php: Replaced mysqli_real_escape_string() and procedural mysqli_query/mysqli_fetch_assoc with OOP prepared statements
- comment_box.php: Removed mysqli_real_escape_string(), added CSRF token validation for comment submission

All files now use consistent OOP MySQLi approach with proper parameter binding. Fixes PHP 8.1+ compatibility and improves security against multi-byte character injection.
This commit is contained in:
twotalesanimation
2025-12-03 19:52:54 +02:00
parent 4c839d02c0
commit 45523720ea
4 changed files with 43 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
fetch_drinks.php
View File

@@ -1,16 +1,23 @@
<?php
require_once("connection.php");
if (isset($_GET['tab_id'])) {
$tab_id = mysqli_real_escape_string($conn, $_GET['tab_id']);
$tab_id = (int) $_GET['tab_id']; // Convert to integer
if ($tab_id <= 0) {
echo json_encode(['status' => 'error', 'message' => 'Invalid tab ID.']);
exit();
}
// Fetch drinks available for this tab
$sql = "SELECT * FROM bar_items"; // Customize as needed
$result = mysqli_query($conn, $sql);
$stmt = $conn->prepare("SELECT * FROM bar_items");
$stmt->execute();
$result = $stmt->get_result();
$drinks = [];
while ($row = mysqli_fetch_assoc($result)) {
while ($row = $result->fetch_assoc()) {
$drinks[] = $row;
}