Hey Guys, I was having a similar problem and found that my version of Stray Quotes (1.9.9) was still using mysql_real_escape_string which has been removed as of PHP 7.0.0. I have converted the queries to prepared statements and now I am able to edit quotes. I still need to to update the add new scripts, but I assume it will be the same issue. I hope this helps.
Thanks, 5wes13. Can you give us a bit more info on the procedure you used?
Hi Idearius
You will need to read up on prepared statements, but here is an example using the code in the stray_manage.php file in the plugin:
This is a sample code as it stands:
//update the quote
$sql = "UPDATE " . WP_STRAY_QUOTES_TABLE
. " SET quote='" . mysqli_real_escape_string($quote)
. "', author='" . mysqli_real_escape_string($author)
. "', source='" . mysqli_real_escape_string($source)
. "', category='" . mysqli_real_escape_string($category)
. "', visible='" . mysqli_real_escape_string($visible)
. "', user='" . mysqli_real_escape_string($current_user->user_nicename)
. "' WHERE quoteID='" . mysqli_real_escape_string($quoteID) . "'";
$wpdb->get_results($sql);
And this is the same query using prepared statements (I have changed the layout a bit):
//update the quote
$sql =
"UPDATE " . WP_STRAY_QUOTES_TABLE . "
SET
quote= %s,
author=%s,
source=%s,
category=%s,
visible=%s,
user=%s
WHERE
quoteID=%s"
;
$wpdb->get_results(
$wpdb->prepare(
$sql,
$quote,
$author,
$source,
$category,
$visible,
$current_user->user_nicename,
$quoteID
)
);
Change all queries where mysql_real_escape_string is used in stray_manage.php and stray_new.php.
Let me know if you have any further questions.
-
This reply was modified 7 years, 1 month ago by
5wes13.
-
This reply was modified 7 years, 1 month ago by 5wes13.
Hi Idearius are you bale to see my post with the code? It’s not showing up on my side but says it’s posted.
—-
NVM
-
This reply was modified 7 years, 1 month ago by 5wes13.
Hello all,
While I too would recommend prepared queries as a more elegant and more secure solution, if you are short on time, the quick and easy way would be to replace all occurrences of mysql_real_escape_string with esc_sql in stray_manage.php.
Many thanks, @5wes13 and @pbosakov.
And sorry I didn’t answer sooner, @5wes13!
I’ve been ignoring the fact that I’ve been unable to add quotes with Stray Random Quotes for a long time and thinking I would dust off my PHP skills and wade into it when it finally annoyed me enough. In the mean time, I’ve passed on recording a lot of quotes I would have loved to have captured. Today, in a burst of annoyance and laziness, I was about to post an offer for a freelancer to come and analyze and repair the issue for me because I just don’t want to refresh an entire skill-set for one small problem. And then I thought I’ve go and revisit the Random Story Quotes support area one last time. And I found this thread – Yahoo! I’ll try the ideas expressed here in the next few days to see if they sort my problem; which I hope they do. Many thanks to @5wes13 and the others here. I actually think that someone with good plugin/PHP chops could just go around looking for loose-end problems like these and selling the fixes back to wanna-be programer types like me.
SUCCESS!
So, if this problem has been bugging you, I can testify that substituting esc_sql for mysql_real_escape_string works. I went in and made the substitutions on both stray_manage.php and stray_new.php and after that, random_stray_quotes worked again as it used to.
Big thanks to 5west13 and pbosakov!
I second the Big Thanks to 5west13 and pbosakov. I was also able to get back up and quoting with the simple esc_sql substitution.
Thanks, all!
