|
I’m using a wordpress theme which has not received updates for 2 years, and they’re not giving any support for that theme but I love this theme.
After upgrading my server’s PHP version from 7.4 to 8.1 I’m getting an error_log.
PHP Warning: Attempt to read property "post_content" on null in /some-path/wp-content/themes/boldr-lite/functions.php on line 267
PHP Warning: Attempt to read property "post_content" on null in /some-path/wp-content/themes/boldr-lite/functions.php on line 268
I checked the functions.php and line number 267 and 268 as given below:
preg_match( '/<!--more(.*?)?-->/', $post->post_content )
|| preg_match( '/<!--nextpage-->/', $post->post_content )
And the full function including the above two lines as given below:
function boldr_trim_excerpt( $text = '' ) {
global $post;
$raw_excerpt = $text;
if ( '' === $text ) {
$text = get_the_content( '' );
$text = strip_shortcodes( $text );
$text = apply_filters( 'the_content', $text );
$text = str_replace( ']]>', ']]>', $text );
$excerpt_length = apply_filters( 'excerpt_length', 55 );
$excerpt_more = apply_filters( 'excerpt_more', ' [...]' );
$text = wp_trim_words( $text, $excerpt_length, $excerpt_more );
if (
(
preg_match( '/<!--more(.*?)?-->/', $post->post_content )
|| preg_match( '/<!--nextpage-->/', $post->post_content )
)
&& strpos( $text, $excerpt_more ) === false
) :
$text .= $excerpt_more;
endif;
}
return apply_filters( 'boldr_trim_excerpt', $text, $raw_excerpt );
}
remove_filter( 'get_the_excerpt', 'wp_trim_excerpt' );
add_filter( 'get_the_excerpt', 'boldr_trim_excerpt' );
Please suggest a solution to fix the issue
|
|
|
|
|
As with all such questions, the problem is that $post has not been initialised. Whenever a system complains about some action being attempted on null , or a NullPointerException is thrown, you need to look at the object that the message refers back to.
|
|
|
|
|
Following code has not been written using proper parameterised queries for database access.
I was unable to rewrite it as I'm not an experienced programmer.
I am grateful, if anyone can rewrite following code using proper parameterised queries to compatible with PHP 8.1 with MariaDB 10.3
<?php
if(isset($_GET['id']) && $_GET['id'] != "")
{
$query = "SELECT * FROM ".C_MYSQL_MESSAGES." WHERE (sender_id =".$_SESSION['m']." AND receiver_id=". (int)$_GET['id'].") OR (sender_id =".(int)$_GET['id']." AND receiver_id=".$_SESSION['m'].") ORDER BY `date_added` ASC";
$result = mysqli_query($conn,$query) or die();
while($j = mysqli_fetch_array($result))
{
$c = mysqli_query($conn,"UPDATE ".C_MYSQL_MESSAGES." SET status=1 WHERE id=".$j['id']);
$class = "";
$date_class = "";
if($j['sender_id'] == $_SESSION['m'])
{
$class = "right";
$date_class = "date_left";
}
else
{
$class = "left";
$date_class = "date_right";
}
echo '<p class="msgtext '.$class.'">'.$j['date_added'].''.$j['message'].'</p>';
}
}
?>
|
|
|
|
|
You're right. This code is not parameterized and would be prone to SQL injection attacks.
However, the parameterization of the queries is not that difficult; easier than string concatenation. You escape the parameter areas and then provide the values for the parameters.
$query = $db->prepare('SELECT * FROM users WHERE uid = ?');
$query->execute([$userId]); As you see, the string concatenation is removed and instead a simple escaped character is used. Try to rewrite the query, and if that doesn't work, we can help.
Read more:
PHP: Prepared Statements - Manual
MySQLi: Bind in Execute - PHP 8.1 • PHP.Watch
The sh*t I complain about
It's like there ain't a cloud in the sky and it's raining out - Eminem
~! Firewall !~
|
|
|
|
|
After your supportive reply, I rewrote the code after studying the Manual, but it gives an error_log:
[12-Apr-2023 04:15:21 UTC] PHP Fatal error: Uncaught TypeError: mysqli::prepare(): Argument #1 ($query) must be of type string, mysqli_stmt given in /home/student/public_html/friendsphp8/message.php:8
Stack trace:
#0 /home/student/public_html/friendsphp8/message.php(8): mysqli->prepare(Object(mysqli_stmt))
#1 {main}
thrown in /home/student/public_html/friendsphp8/message.php on line 8
My code is as follows:
Please suggest me corrections
<?php
if(isset($_GET['id']) && $_GET['id'] != "")
{
$query = $conn->prepare("SELECT * FROM ".C_MYSQL_MESSAGES." WHERE (sender_id =? AND receiver_id=?) OR (sender_id =? AND receiver_id=?) ORDER BY `date_added` ASC");
$stmt = $conn->prepare($query);
$stmt->bind_param("ssss", $_SESSION['m'],(int)$_GET['id'],(int)$_GET['id'],$_SESSION['m']);
$stmt->execute();
$result = $stmt->get_result();
while($j = mysqli_fetch_array($result))
{
$c = mysqli_query($conn,"UPDATE ".C_MYSQL_MESSAGES." SET status=1 WHERE id=".$j['id']);
$class = "";
$date_class = "";
if($j['sender_id'] == $_SESSION['m'])
{
$class = "right";
$date_class = "date_left";
}
else
{
$class = "left";
$date_class = "date_right";
}
echo '<p class="msgtext '.$class.'">'.$j['date_added'].''.$j['message'].'</p>';
}
}
?>
OLD CODE IS AS FOLLOWS:
<?php
if(isset($_GET['id']) && $_GET['id'] != "")
{
$query = "SELECT * FROM ".C_MYSQL_MESSAGES." WHERE (sender_id =".$_SESSION['m']." AND receiver_id=". (int)$_GET['id'].") OR (sender_id =".(int)$_GET['id']." AND receiver_id=".$_SESSION['m'].") ORDER BY `date_added` ASC";
$result = mysqli_query($conn,$query) or die();
while($j = mysqli_fetch_array($result))
{
$c = mysqli_query($conn,"UPDATE ".C_MYSQL_MESSAGES." SET status=1 WHERE id=".$j['id']);
$class = "";
$date_class = "";
if($j['sender_id'] == $_SESSION['m'])
{
$class = "right";
$date_class = "date_left";
}
else
{
$class = "left";
$date_class = "date_right";
}
echo '<p class="msgtext '.$class.'">'.$j['date_added'].''.$j['message'].'</p>';
}
}
?>
|
|
|
|
|
The bind_param("ssss" statement declares all four parameter values to be strings ...
$stmt->bind_param("ssss", $_SESSION['m'],(int)$_GET['id'],(int)$_GET['id'],$_SESSION['m']);
... but you then cast the two id values to be integers so there is a mismatch. The parameter specification string should be "siis" , meaning "string, integer, integer, string" . See PHP: mysqli_stmt::bind_param - Manual[^].
|
|
|
|
|
I changed ssss into siis, again it makes an error_log:
[12-Apr-2023 08:04:27 UTC] PHP Fatal error: Uncaught TypeError: mysqli::prepare(): Argument #1 ($query) must be of type string, mysqli_stmt given in /home/student/public_html/friendsphp8/message.php:6
Stack trace:
#0 /home/student/public_html/friendsphp8/message.php(6): mysqli->prepare(Object(mysqli_stmt))
#1 {main}
thrown in /home/student/public_html/friendsphp8/message.php on line 6
|
|
|
|
|
The error message is clear, parameter number 1 is not a string. So you need to look more closely at exactly what type each of these items is. You cannot make guesses or assumptions when working in this environment, you must be accurate and stick to the rules. So when you get an error message, first look at what the line in question is trying to do and examine why it is failing.
|
|
|
|
|
Finally I was able to solve the code.
Here what I did,
Old code line:
$query = $conn->prepare("SELECT * FROM ".C_MYSQL_MESSAGES." WHERE (sender_id =? AND receiver_id=?) OR (sender_id =? AND receiver_id=?) ORDER BY `date_added` ASC");
New code line:
$query = "SELECT * FROM ".C_MYSQL_MESSAGES." WHERE (sender_id =? AND receiver_id=?) OR (sender_id =? AND receiver_id=?) ORDER BY `date_added` ASC";
Old code line:
$stmt->bind_param("siis", $_SESSION['m'],(int)$_GET['id'],(int)$_GET['id'],$_SESSION['m']);
New code line:
$stmt->bind_param("siis",$_SESSION['m'],$_GET['id'],$_GET['id'],$_SESSION['m']);
Final Code:
<?php
if(isset($_GET['id']) && $_GET['id'] != "")
{
$query = "SELECT * FROM ".C_MYSQL_MESSAGES." WHERE (sender_id =? AND receiver_id=?) OR (sender_id =? AND receiver_id=?) ORDER BY `date_added` ASC";
$stmt = $conn->prepare($query);
$stmt->bind_param("siis",$_SESSION['m'],$_GET['id'],$_GET['id'],$_SESSION['m']);
$stmt->execute();
$result = $stmt->get_result();
while($j = mysqli_fetch_array($result))
{
$c = mysqli_query($conn,"UPDATE ".C_MYSQL_MESSAGES." SET status=1 WHERE id=".$j['id']);
$class = "";
$date_class = "";
if($j['sender_id'] == $_SESSION['m'])
{
$class = "right";
$date_class = "date_left";
}
else
{
$class = "left";
$date_class = "date_right";
}
echo '<p class="msgtext '.$class.'">'.$j['date_added'].''.$j['message'].'</p>';
}
}
?>
Thanks for your valuable suggestions to fix this issue
|
|
|
|
|
I was using a PHP script for a simple message service without any issue upto PHP 7.4, but when I upgrade the PHP version into 8.1, it gives following error_log when trying to send a new message containing "'" eg: I'm ok brother
PHP Fatal error: Uncaught mysqli_sql_exception: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'm ok brother
')' at line 1 in send_message.php:9
Full code of send_message.php
<?php
include_once 'include/config.inc.php';
include_once 'include/options.inc.php';
include_once 'include/security.inc.php';
include_once 'include/functions.inc.php';
include_once 'templates/'.C_TEMP.'/config.php';
if( isset($_POST['message']) && isset($_POST['sender_id']) && isset($_POST['receiver_id']) && $_POST['message'] != "" && $_POST['sender_id'] != "" && $_POST['receiver_id'] != "")
{
mysqli_query($conn,"INSERT INTO ".C_MYSQL_MESSAGES."(`sender_id`,`receiver_id`,`message`) VALUES (".$_POST['sender_id'].",".$_POST['receiver_id'].",'".$_POST['message']."')");
echo 1;
}
else
{
echo 0;
}
?>
Please suggest me a solution
|
|
|
|
|
Add some code to print out the full statement when it is built. But a far better solution would be to use proper parameterised queries for database access. It has the advantage that you can quickly diagnose issues like this, but more importantly it protects you from SQL injection attacks.
|
|
|
|
|
Actually did you see anything wrong in that code?
When trying to store simple text message with ' character (I'm ok brother), it stops processing further and make above mentioned error_log.
mysqli_query($conn,"INSERT INTO ".C_MYSQL_MESSAGES."(`sender_id`,`receiver_id`,`message`) VALUES (".$_POST['sender_id'].",".$_POST['receiver_id'].",'".$_POST['message']."')");
I think
$_POST['message'] part or near has some issue
Can you help me to resolve?
|
|
|
|
|
Udaya Arunakantha wrote: Can you help me to resolve? Yes, but you need to do what I suggested above. Whatever is causing the problem can only be discovered by displaying the complete message that MySQL is trying to process.
|
|
|
|
|
According to your tips, I was able to fix this issue by adding the following code line:
$_POST['message'] = mysqli_real_escape_string($conn, $_POST['message']);
|
|
|
|
|
That may work for now, but your code is still vulnerable to SQL injection attacks. You really should change to using proper parameterized queries for all SQL.
|
|
|
|
|
Yes I will have to check whole script, this is an old PHP script.
|
|
|
|
|
I decided to remove this post as it's not appropriate to ask huge support for free.
Sorry..
modified 11-Apr-23 12:39pm.
|
|
|
|
|
Sorry, I do not do private support. If you have a technical issue then post it in the forum. If you want one-to-one consultancy then you need to advertise on freelancer.com or similar.
|
|
|
|
|
|
Hello,
I got this array:
````
$test = array('id','date_and_time','kw_1','kw_1_point','kw_2','kw_2_point','kw_3','kw_3_point','kw_4','kw_4_point');
````
Now how to echo all values that does not conatin '_point'.
|
|
|
|
|
|
<pre>Hiya,
I need to learn the SQL query that counts all the points from more than one column and orders the matching rows based on most points in descending order.
EXAMPLE 1:
I do a keyword search for "mobile phone tutorial apps". Note 4 words.
Sql should find all the rows that contain any of these 4 keywords.
That means, since I searched for 4 keywords, sql should even pull-up those rows that just have even 1 or 2 or 3 of these 4 keywords in them.
Say, my mysql table looks like this:
id | kw1 | kw1_point | kw2 | kw2_point | kw3 | kw3_point | kw4 | kw4_point
--------------------------------------------------------------------------
0 | mobile | 3 | phone | 3 | apps | 2 | tutorial | 2
--------------------------------------------------------------------------
1 | mobile | 1 | phone | 1 | apps | 3 | tutorial | 3
--------------------------------------------------------------------------
2 | tutorial | 3 | apps | 3 | mobile | 2 | phone | 3
-------------------------------------------------------------------------
3 | mobile | 5 | tutorial | 5 | apps | 5 | usa | 5
NOTE: All 4 keywords exists on the first 3 matching rows. However, only 3 words exist in the final matching row.
And the final matching row's keywords are not in the order of my keyword search.
Here in Q1, this should not matter. Sql should ignore in which order the keywords are in each column when comparing the order of my searched keywords. All it should do, is:
A). Find matching rows, regardless of how many of my searched keywords exist on each row;
B). Count the totals of each points, (count more than one column in this case), in each row; And
C) List the rows in the point's descending order.
As you can see, from my example, the following are the keyword points of each row after calculating ALL their keyword points (all point columns):
id 0 = 10 point
id 1 = 8 point
id 2 = 11 point
id 3 = 20 point
So, in this case, the SQL query should present rows in this descending order:
id 3 = 20
id 2 = 11 points
id 0 = 10 points
id 1 = 8 points
So, in this case, the SQL query should present rows in this descending order:
id | kw1 | kw1_point | kw2 | kw2_point | kw3 | kw3_point | kw4 | kw4_point
----------------------------------------------------------------------------------------------
3 | mobile | 5 | tutorial | 5 | apps | 5 | usa | 5
----------------------------------------------------------------------------------------------
2 | tutorial | 3 | apps | 3 | mobile | 2 | phone | 3
----------------------------------------------------------------------------------------------
0 | mobile | 3 | phone | 3 | apps | 2 | tutorial | 2
----------------------------------------------------------------------------------------------
1 | mobile | 1 | phone | 1 | apps | 3 | tutorial | 3
----------------------------------------------------------------------------------------------
Had there been only a single "keyword point" (kw1_point) to calculate, then I would have written the SQL like this using prepared statements:
````
$sql = "SELECT * from keywords WHERE kw1 = ? OR kw2 = ? OR kw3 = ? OR kw4 = ? order by kw1_point desc LIMIT 100";
````
kw stands for "keyword_1". So, it is a column.
"kw_1_point" is another column.
"kw_2" is another column.
"kw_2_point" is another column.
"kw_3" is another column.
"kw_3_point" is another column.
"kw_4" is another column.
"kw_4_point" is another column.
</pre>
-- modified 9-Apr-23 16:34pm.
|
|
|
|
|
I have no idea why this forum says (includes) 'MySQL', but there is a different database specific forum which this post would be better in.
|
|
|
|
|
Oh! Which place ? If you moderator then why you not transfer it there then ?
|
|
|
|
|
|