Small plug and play MySQLi update

[KyleMassacre]

Since PHP 8.2, the MySQLi class has adopted a new method called mysql_execute_query which does all of the preparing and binding under the one call.

in the class/class_db_mysqli.php file just look for the query method (line 113 unmodified file) and change from:

 

public function query($query): mysqli_result|bool
    {
        $this->last_query = $query;
        $this->queries[]  = $query;
        $this->num_queries++;
        $this->result =
            mysqli_query($this->connection_id, $this->last_query);
        if ($this->result === false) {
            error_critical(mysqli_errno($this->connection_id) . ': '
                . mysqli_error($this->connection_id),
                'Attempted to execute query: ' . nl2br($this->last_query),
                debug_backtrace());
        }
        return $this->result;
    }

To

public function query($query, …$args): mysqli_result|bool
    {
        $this->last_query = $query;
        $this->queries[]  = $query;
        $this->num_queries++;
        $this->result =
            mysqli_execute_query($this->connection_id, $this->last_query, $args);
        if ($this->result === false) {
            error_critical(mysqli_errno($this->connection_id) . ': '
                . mysqli_error($this->connection_id),
                'Attempted to execute query: ' . nl2br($this->last_query),
                debug_backtrace());
        }
        return $this->result;
    }

Then you can update your existing queries from something like: "select * from users where userid = 1" to "select * from users where userid = ?, 1"

It’s a super quick update and won’t break your existing code at all and will provide a bit more security against injections. 

Edited July 9 by KyleMassacre
Added code tags

[rockwood]

Glad to see MySQLi is still in use!

[ags_cs4]

Nice 💯 

I will need some code changes but its worth the time to get better protection