Analysis and Solution for 'Call to undefined function mysql_query()' Error in PHP

Keywords: PHP | MySQL Extension | MySQLi Migration | Database Connection | Security Best Practices

Abstract: This article provides an in-depth analysis of the 'Call to undefined function mysql_query()' fatal error in PHP 7 and above, explaining the technical background of MySQL extension deprecation. Through comprehensive code examples, it demonstrates how to migrate from the outdated MySQL extension to the more secure and modern MySQLi extension, while also covering password security, SQL injection prevention, and other best practices for developers.

Error Background and Cause Analysis

When executing code containing the mysql_query() function in PHP 7.0 and above, a fatal error occurs: "Fatal error: Uncaught Error: Call to undefined function mysql_query()". The root cause of this issue is that the MySQL extension was deprecated in PHP 5.5 and completely removed in PHP 7.0.

Technical Evolution and Security Considerations

The MySQL extension initially provided basic functionality for accessing MySQL databases in PHP. However, as technology advanced, its security and feature completeness became insufficient for modern web applications. MySQLi (MySQL Improved) extension, as an enhanced version, offers better performance, stronger security features, and object-oriented programming support.

Code Migration Practice

From the code in the problem description, it's evident that the developer mixed MySQLi connection with MySQL query functions, which is the primary cause of the error. The correct approach is to consistently use the MySQLi extension:

<?php
// Database connection configuration
$user = 'root';
$password = 'root';
$db = 'inventory';
$host = 'localhost';
$port = 8888;

// Establish MySQLi connection
$link = mysqli_init();
$success = mysqli_real_connect(
   $link,
   $host,
   $user,
   $password,
   $db,
   $port
);

// User authentication logic
$username = $_POST['username'];
$password = $_POST['password'];

// Replace MySQL queries with MySQLi queries
$sql = mysqli_query($link, "SELECT * FROM login WHERE username = '".mysqli_real_escape_string($link, $_POST['username'])."' and password = '".md5($_POST['password'])."'");
$row = mysqli_num_rows($sql);

if($row > 0)
{
  session_start();
  $_SESSION['username'] = $_POST['username'];
  $_SESSION['password'] = $_POST['password'];
  echo "login done";
}else {
  echo "fail login ";
}
?>

Security Enhancement Recommendations

During the migration process, the following security improvements should be considered:

Use prepared statements to prevent SQL injection attacks
Adopt more secure password hashing algorithms (such as password_hash()) instead of MD5
Implement input validation and output escaping

Alternative Solutions Comparison

In addition to MySQLi, developers can consider PDO (PHP Data Objects) as a database abstraction layer. PDO supports multiple database systems and provides a unified API interface, making it suitable for projects requiring database portability.

Version Compatibility Considerations

For legacy systems still using PHP 5.6, while the MySQL extension may still function, it is strongly recommended to upgrade to supported PHP versions and migrate to MySQLi or PDO as soon as possible to ensure system security and maintainability.

Copyright Notice: All rights in this article are reserved by the operators of DevGex. Reasonable sharing and citation are welcome; any reproduction, excerpting, or re-publication without prior permission is prohibited.