PHP code warning SQL

Question

I'm trying to run a php file and I get two warnings, which I can't seem to place. The warnings:

• PHP Warning: Directive 'safe_mode' is deprecated in PHP 5.3 and greater in Unknown on line 0

• PHP Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /etc/baseconetrial2.php on line 19

The code:

<?php


//connectie database


mysql_connect('localhost','heregoestheusername','heregoesthepass');

@mysql_select_db('admin_subscriptions') or die( "Unable to select database");


$type = "proefabonnement";


$checksql = "SELECT * FROM subscriptions where (type_abonnement = '$type' AND  DATE(timestamp) = DATE_SUB( CURDATE( ) , INTERVAL 26))";

$checkresult = mysql_query($checksql);

while ($check = mysql_fetch_array($checkresult)) {





$mail_ontv = "email@emailadress.com"; 

$_POST['onderwerp'] = "Verlopen Trial Account";

    // set datum 
    $datum = date("d.m.Y H:i"); 

    // set ip 
    $ip = $_SERVER['REMOTE_ADDR']; 

    $inhoud_mail .= $_SERVER['SCRIPT_URI'] . "\n\n";

    $inhoud_mail .= "Binnenkort verloopt er een trail account!\n\n\n";  
    $inhoud_mail .= "Bedrijfsnaam: " . $check['bedrijfsnaam'] . "\n\n"; 
    $inhoud_mail .= "Telefoonnummer: " . $check['telefoonnummer'] . "\n\n"; 
    $inhoud_mail .= "E-mail adres: " . $check['email'] . "\n\n"; 
    $inhoud_mail .= "Telefoonnummer contactpersoon: " . $check['telefoonnummercontact'] . "\n\n"; 
    $inhoud_mail .= "E-mail adres contactpersoon: " . $check['emailcontact'] . "\n\n"; 
    $inhoud_mail .= "Hieronder de link voor de klant:\n\n\n";
    $inhoud_mail .= "http://www.basecone.nl/upgrade1?key=".$check['unique']."\n\n"; 

    $inhoud_mail .= "Verstuurd op " . $datum . " via het ip " . $ip . "\n\n"; 

    $headers = "From: BaseconeWizard < wizard@basecone.nl >";

    $headers = stripslashes($headers);
    $headers = str_replace("\n", "", $headers); // Verwijder \n 
    $headers = str_replace("\r", "", $headers); // Verwijder \r 
    $headers = str_replace("\"", "\\\"", str_replace("\\", "\\\\", $headers)); // Slashes van quotes 



    $_POST['onderwerp'] = str_replace("\n", "", $_POST['onderwerp']); // Verwijder \n 
    $_POST['onderwerp'] = str_replace("\r", "", $_POST['onderwerp']); // Verwijder \r 
    $_POST['onderwerp'] = str_replace("\"", "\\\"", str_replace("\\", "\\\\", $_POST['onderwerp'])); // Slashes van quotes 

    mail($mail_ontv, $_POST['onderwerp'], $inhoud_mail, $headers); 







}


?>

Thanks guys!

Answer 1

for

PHP Warning: Directive 'safe_mode' is deprecated in PHP 5.3 and greater in Unknown on line 0

Remove or comment

safe_mode = "On/Off" from your php.ini

For PHP Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /etc/baseconetrial2.php on line 19

Please Use

if (!$checksql) die(mysql_error()); 

it will show the problem in query

Answer 2

PHP Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /etc/baseconetrial2.php on line 19

$checksql = "SELECT * FROM subscriptions where (type_abonnement = '$type' AND  DATE(timestamp) = DATE_SUB( CURDATE( ) , INTERVAL 26 DAY))";

note the DAY parametre of DATE_SUB mysql function

I would also suggest to use mysql_real_escape_string() function to sanitize the "$type" variable

Answer 3

Some part of your code or your host is using safe_mode which has been deprecated.

The PHP safe mode is an attempt to solve the shared-server security problem. It is architecturally incorrect to try to solve this problem at the PHP level, but since the alternatives at the web server and OS levels aren't very realistic, many people, especially ISP's, use safe mode for now.

Please do not use @ to suppress errors. Use error handlers or enable full error reporting.

mysql_fetch_array() expects parameter 1 to be resource

Your query failed and is thus passing a boolean result to mysql_fetch_array. But since you're not catching errors, you won't know.

$checkresult = mysql_query($checksql) or die(mysql_error());