Replace mysql with mysqli

deploy/API.Dockerfile

@@ -6,7 +6,7 @@ RUN echo "deb http://archive.debian.org/debian/ stretch main non-free contrib" >
     && echo "deb http://archive.debian.org/debian-security/ stretch/updates main" >> /etc/apt/sources.list \
     && echo "deb-src http://archive.debian.org/debian-security/ stretch/updates main" >> /etc/apt/sources.list
 
-RUN docker-php-ext-install mysqli mysql pdo pdo_mysql && a2enmod rewrite && a2enmod expires && a2enmod headers
+RUN docker-php-ext-install mysqli pdo pdo_mysql && a2enmod rewrite && a2enmod expires && a2enmod headers
 
 RUN apt --fix-broken install
 RUN apt-get update

htdocs/1.0/bill.php

@@ -31,8 +31,8 @@
 connect_to_db();
 
 # LOCALIZE VARIABLES
-$year = mysql_escape_string($_REQUEST['year']);
-$bill = mysql_escape_string($_REQUEST['bill']);
+$year = mysqli_escape_string($GLOBALS['db'], $_REQUEST['year']);
+$bill = mysqli_escape_string($GLOBALS['db'], $_REQUEST['bill']);
 
 # Select the bill data from the database.
 $sql = 'SELECT bills.id, bills.number, bills.current_chamber, bills.status, bills.date_introduced,
@@ -46,24 +46,24 @@
 		LEFT JOIN sessions
 			ON bills.session_id=sessions.id
 		WHERE bills.number = "' . $bill . '" AND sessions.year=' . $year;
-$result = mysql_query($sql);
-if (mysql_num_rows($result) == 0) {
+$result = mysqli_query($GLOBALS['db'], $sql);
+if (mysqli_num_rows($result) == 0) {
     json_error('Richmond Sunlight has no record of bill ' . strtoupper($bill) . ' in ' . $year . '.');
     exit();
 }
 # The MYSQL_ASSOC variable indicates that we want just the associated array, not both associated
 # and indexed arrays.
-$bill = mysql_fetch_array($result, MYSQL_ASSOC);
+$bill = mysqli_fetch_array($result, MYSQL_ASSOC);
 $bill = array_map('stripslashes', $bill);
 
 # Select tags from the database.
 $sql = 'SELECT tag
 		FROM tags
 		WHERE bill_id=' . $bill['id'] . '
 		ORDER BY tag ASC';
-$result = mysql_query($sql);
-if (mysql_num_rows($result) > 0) {
-    while ($tag = mysql_fetch_array($result, MYSQL_ASSOC)) {
+$result = mysqli_query($GLOBALS['db'], $sql);
+if (mysqli_num_rows($result) > 0) {
+    while ($tag = mysqli_fetch_array($result, MYSQL_ASSOC)) {
         $bill['tags'][] = $tag;
     }
 }

htdocs/1.0/bills.php

@@ -28,7 +28,7 @@
 @connect_to_db();
 
 # LOCALIZE VARIABLES
-$year = mysql_escape_string($_REQUEST['year']);
+$year = mysqli_escape_string($GLOBALS['db'], $_REQUEST['year']);
 
 # Select the bill data from the database.
 $sql = 'SELECT bills.number, bills.chamber, bills.date_introduced, bills.status, bills.outcome,
@@ -43,8 +43,8 @@
 		ORDER BY bills.chamber DESC,
 		SUBSTRING(bills.number FROM 1 FOR 2) ASC,
 		CAST(LPAD(SUBSTRING(bills.number FROM 3), 4, "0") AS unsigned) ASC';
-$result = mysql_query($sql);
-if (mysql_num_rows($result) == 0) {
+$result = mysqli_query($GLOBALS['db'], $sql);
+if (mysqli_num_rows($result) == 0) {
     json_error('Richmond Sunlight has no record of bills for ' . $year . '.');
     exit();
 }
@@ -53,7 +53,7 @@
 
 # The MYSQL_ASSOC variable indicates that we want just the associated array, not both associated
 # and indexed arrays.
-while ($bill = mysql_fetch_array($result, MYSQL_ASSOC)) {
+while ($bill = mysqli_fetch_array($result, MYSQL_ASSOC)) {
     $bill = array_map('stripslashes', $bill);
 
     # Assign the patron data to a subelement.

htdocs/1.0/code-section.php

@@ -24,7 +24,7 @@
 @connect_to_db();
 
 # LOCALIZE VARIABLES
-$section = mysql_escape_string(urldecode($_REQUEST['section']));
+$section = mysqli_escape_string($GLOBALS['db'], urldecode($_REQUEST['section']));
 
 # Select the bill data from the database.
 // Use proper bill number sorting
@@ -39,8 +39,8 @@
 			ON bills.chief_patron_id = representatives.id
 		WHERE bills_section_numbers.section_number =  "' . $section . '"
 		ORDER BY year ASC, bills.number ASC';
-$result = mysql_query($sql);
-if (mysql_num_rows($result) == 0) {
+$result = mysqli_query($GLOBALS['db'], $sql);
+if (mysqli_num_rows($result) == 0) {
     header('HTTP/1.0 404 Not Found');
     header('Content-type: application/json');
     $message = array('error' =>
@@ -51,12 +51,12 @@
 }
 # The MYSQL_ASSOC variable indicates that we want just the associated array, not both associated
 # and indexed arrays.
-$bill = mysql_fetch_array($result, MYSQL_ASSOC);
+$bill = mysqli_fetch_array($result, MYSQL_ASSOC);
 
 # Build up a list of all bills.
 # The MYSQL_ASSOC variable indicates that we want just the associated array, not both associated
 # and indexed arrays.
-while ($bill = mysql_fetch_array($result, MYSQL_ASSOC)) {
+while ($bill = mysqli_fetch_array($result, MYSQL_ASSOC)) {
     $bill['url'] = 'http://www.richmondsunlight.com/bill/' . $bill['year'] . '/' . $bill['number'] . '/';
     $bill['number'] = strtoupper($bill['number']);
     $bills[] = array_map('stripslashes', $bill);

htdocs/1.0/legislator.php

@@ -26,7 +26,7 @@
 @connect_to_db();
 
 # LOCALIZE VARIABLES
-$shortname = @mysql_real_escape_string($_GET['shortname']);
+$shortname = mysqli_real_escape_string($GLOBALS['db'], $_GET['shortname']);
 
 # Select general legislator data from the database.
 $sql = 'SELECT representatives.id, representatives.shortname, representatives.name,
@@ -43,13 +43,13 @@
 		LEFT JOIN districts
 			ON representatives.district_id=districts.id
 		WHERE shortname = "' . $shortname . '"';
-$result = @mysql_query($sql);
-if (mysql_num_rows($result) == 0) {
+$result = @mysqli_query($GLOBALS['db'], $sql);
+if (mysqli_num_rows($result) == 0) {
     json_error('Richmond Sunlight has no record of legislator ' . $shortname . '.');
     exit();
 }
 
-$legislator = @mysql_fetch_array($result, MYSQL_ASSOC);
+$legislator = @mysqli_fetch_array($result, MYSQL_ASSOC);
 $legislator = array_map('stripslashes', $legislator);
 
 # Eliminate any useless data.
@@ -82,9 +82,9 @@
 			ON committees.id = committee_members.committee_id
 		WHERE committee_members.representative_id = ' . $legislator['id'] . '
 		AND (date_ended = "0000-00-00" OR date_ended IS NULL)';
-$result = mysql_query($sql);
-if (mysql_num_rows($result) > 0) {
-    while ($committee = mysql_fetch_array($result, MYSQL_ASSOC)) {
+$result = mysqli_query($GLOBALS['db'], $sql);
+if (mysqli_num_rows($result) > 0) {
+    while ($committee = mysqli_fetch_array($result, MYSQL_ASSOC)) {
         $committee = array_map('stripslashes', $committee);
         if (empty($committee['position'])) {
             $committee['position'] = 'member';
@@ -103,9 +103,9 @@
 		ORDER BY sessions.year ASC,
 		SUBSTRING(bills.number FROM 1 FOR 2) ASC,
 		CAST(LPAD(SUBSTRING(bills.number FROM 3), 4, "0") AS unsigned) ASC';
-$result = mysql_query($sql);
-if (mysql_num_rows($result) > 0) {
-    while ($bill = mysql_fetch_array($result, MYSQL_ASSOC)) {
+$result = mysqli_query($GLOBALS['db'], $sql);
+if (mysqli_num_rows($result) > 0) {
+    while ($bill = mysqli_fetch_array($result, MYSQL_ASSOC)) {
         $bill['url'] = 'http://www.richmondsunlight.com/bill/' . $bill['year']
             . '/' . $bill['number'] . '/';
         $bill['number'] = strtoupper($bill['number']);

htdocs/1.0/photosynthesis.php

@@ -27,7 +27,7 @@
 @connect_to_db();
 
 # LOCALIZE VARIABLES
-$hash = mysql_escape_string(urldecode($_REQUEST['hash']));
+$hash = mysqli_escape_string($GLOBALS['db'], urldecode($_REQUEST['hash']));
 
 # Select the bill data from the database.
 $sql = 'SELECT bills.number, sessions.year, dashboard_bills.notes
@@ -45,8 +45,8 @@
 		ORDER BY bills.chamber DESC,
 		SUBSTRING(bills.number FROM 1 FOR 2) ASC,
 		CAST(LPAD(SUBSTRING(bills.number FROM 3), 4, "0") AS unsigned) ASC';
-$result = mysql_query($sql);
-if (mysql_num_rows($result) == 0) {
+$result = mysqli_query($GLOBALS['db'], $sql);
+if (mysqli_num_rows($result) == 0) {
     header('HTTP/1.0 404 Not Found');
     header('Content-type: application/json');
     $message = array('error' =>
@@ -59,7 +59,7 @@
 # Build up a listing of all bills.
 # The MYSQL_ASSOC variable indicates that we want just the associated array, not both associated
 # and indexed arrays.
-while ($bill = mysql_fetch_array($result, MYSQL_ASSOC)) {
+while ($bill = mysqli_fetch_array($result, MYSQL_ASSOC)) {
     $bill['url'] = 'http://www.richmondsunlight.com/bill/' . $bill['year'] . '/' . $bill['number'] . '/';
     $bill['number'] = strtoupper($bill['number']);
     $bills[] = array_map('stripslashes', $bill);

htdocs/1.1/bill.php

@@ -25,8 +25,8 @@
 header('Content-type: application/json');
 
 # LOCALIZE VARIABLES
-$year = mysql_escape_string($_REQUEST['year']);
-$bill = mysql_escape_string(strtolower($_REQUEST['bill']));
+$year = mysqli_escape_string($GLOBALS['db'], $_REQUEST['year']);
+$bill = mysqli_escape_string($GLOBALS['db'], strtolower($_REQUEST['bill']));
 
 $bill2 = new Bill2();
 $bill2->id = $bill2->getid($year, $bill);

htdocs/1.1/bills.php

@@ -28,7 +28,7 @@
 $database->connect_old();
 
 # LOCALIZE VARIABLES
-$year = mysql_escape_string($_REQUEST['year']);
+$year = mysqli_escape_string($GLOBALS['db'], $_REQUEST['year']);
 
 # Select the bill data from the database.
 $sql = 'SELECT bills.number, bills.chamber, bills.date_introduced, bills.status, bills.outcome,
@@ -43,8 +43,8 @@
 		ORDER BY bills.chamber DESC,
 		SUBSTRING(bills.number FROM 1 FOR 2) ASC,
 		CAST(LPAD(SUBSTRING(bills.number FROM 3), 4, "0") AS unsigned) ASC';
-$result = mysql_query($sql);
-if (mysql_num_rows($result) == 0) {
+$result = mysqli_query($GLOBALS['db'], $sql);
+if (mysqli_num_rows($result) == 0) {
     // send this as a JSON-formatted error!
     die('Richmond Sunlight has no record of bills for ' . $year . '.');
 }
@@ -53,7 +53,7 @@
 
 # The MYSQL_ASSOC variable indicates that we want just the associated array, not both associated
 # and indexed arrays.
-while ($bill = mysql_fetch_array($result, MYSQL_ASSOC)) {
+while ($bill = mysqli_fetch_array($result, MYSQL_ASSOC)) {
     $bill = array_map('stripslashes', $bill);
 
     # Assign the patron data to a subelement.

htdocs/1.1/code-section-video.php

@@ -27,7 +27,7 @@
 $database->connect_old();
 
 # LOCALIZE VARIABLES
-$section = mysql_escape_string(urldecode($_REQUEST['section']));
+$section = mysqli_escape_string($GLOBALS['db'], urldecode($_REQUEST['section']));
 
 # Select the bill data from the database.
 $sql = 'SELECT DISTINCT bills.number AS bill_number, sessions.year, files.date, files.chamber,
@@ -44,8 +44,8 @@
 			ON bills.session_id = sessions.id
 		WHERE bills_section_numbers.section_number = "' . $section . '"
 		ORDER BY files.date ASC, video_clips.time_start ASC ';
-$result = mysql_query($sql);
-if (mysql_num_rows($result) == 0) {
+$result = mysqli_query($GLOBALS['db'], $sql);
+if (mysqli_num_rows($result) == 0) {
     header("Status: 404 Not Found");
     $message = array('error' =>
         array('message' => 'No Video Found',
@@ -55,7 +55,7 @@
 }
 
 # Build up a list of all video clips
-while ($clip = mysql_fetch_array($result, MYSQL_ASSOC)) {
+while ($clip = mysqli_fetch_array($result, MYSQL_ASSOC)) {
     $clip['bill_url'] = 'https://www.richmondsunlight.com/bill/' . $clip['year'] . '/'
         . $clip['bill_number'] . '/';
     $clip['bill_number'] = strtoupper($clip['bill_number']);

htdocs/1.1/code-section.php

@@ -27,7 +27,7 @@
 $database->connect_old();
 
 # LOCALIZE VARIABLES
-$section = mysql_escape_string(urldecode($_REQUEST['section']));
+$section = mysqli_escape_string($GLOBALS['db'], urldecode($_REQUEST['section']));
 
 # Select the bill data from the database.
 // Use proper bill number sorting
@@ -42,8 +42,8 @@
 			ON bills.chief_patron_id = representatives.id
 		WHERE bills_section_numbers.section_number =  "' . $section . '"
 		ORDER BY year ASC, bills.number ASC';
-$result = mysql_query($sql);
-if (mysql_num_rows($result) == 0) {
+$result = mysqli_query($GLOBALS['db'], $sql);
+if (mysqli_num_rows($result) == 0) {
     // What error SHOULD this return?
     header("Status: 404 Not Found");
     $message = array('error' =>
@@ -54,12 +54,12 @@
 }
 # The MYSQL_ASSOC variable indicates that we want just the associated array, not both associated
 # and indexed arrays.
-$bill = mysql_fetch_array($result, MYSQL_ASSOC);
+$bill = mysqli_fetch_array($result, MYSQL_ASSOC);
 
 # Build up a listing of all bills.
 # The MYSQL_ASSOC variable indicates that we want just the associated array, not both associated
 # and indexed arrays.
-while ($bill = mysql_fetch_array($result, MYSQL_ASSOC)) {
+while ($bill = mysqli_fetch_array($result, MYSQL_ASSOC)) {
     $bill['url'] = 'https://www.richmondsunlight.com/bill/' . $bill['year'] . '/' . $bill['number'] . '/';
     $bill['number'] = strtoupper($bill['number']);
     $bills[] = array_map('stripslashes', $bill);

htdocs/1.1/legislator.php

@@ -27,7 +27,7 @@
 $database->connect_old();
 
 # LOCALIZE VARIABLES
-$shortname = mysql_real_escape_string($_GET['shortname']);
+$shortname = mysqli_real_escape_string($GLOBALS['db'], $_GET['shortname']);
 
 # Create a new legislator object.
 $leg = new Legislator();
@@ -63,10 +63,10 @@
         ORDER BY sessions.year DESC,
         SUBSTRING(bills.number FROM 1 FOR 2) ASC,
         CAST(LPAD(SUBSTRING(bills.number FROM 3), 4, "0") AS unsigned) ASC';
-$result = mysql_query($sql);
-if (mysql_num_rows($result) > 0) {
+$result = mysqli_query($GLOBALS['db'], $sql);
+if (mysqli_num_rows($result) > 0) {
     $legislator['bills'] = array();
-    while ($bill = mysql_fetch_array($result, MYSQL_ASSOC)) {
+    while ($bill = mysqli_fetch_array($result, MYSQL_ASSOC)) {
         $bill['url'] = 'https://www.richmondsunlight.com/bill/' . $bill['year'] . '/'
             . $bill['number'] . '/';
         $bill['number'] = strtoupper($bill['number']);

htdocs/1.1/legislators.php

@@ -55,11 +55,11 @@
 }
 $sql .= 'ORDER BY representatives.name ASC';
 
-$result = mysql_query($sql);
-if (mysql_num_rows($result) > 0) {
+$result = mysqli_query($GLOBALS['db'], $sql);
+if (mysqli_num_rows($result) > 0) {
     $legislators = array();
 
-    while ($legislator = mysql_fetch_array($result, MYSQL_ASSOC)) {
+    while ($legislator = mysqli_fetch_array($result, MYSQL_ASSOC)) {
         $legislator = array_map('stripslashes', $legislator);
 
         /*

htdocs/1.1/photosynthesis.php

@@ -24,7 +24,7 @@
 $database->connect_old();
 
 # LOCALIZE VARIABLES
-$hash = mysql_escape_string(urldecode($_REQUEST['hash']));
+$hash = mysqli_escape_string($GLOBALS['db'], urldecode($_REQUEST['hash']));
 
 # Get this portfolio's basic data.
 $sql = 'SELECT dashboard_portfolios.id, dashboard_portfolios.hash, dashboard_portfolios.name,
@@ -36,10 +36,10 @@
 		LEFT JOIN dashboard_user_data
 			ON users.id = dashboard_user_data.user_id
 		WHERE dashboard_portfolios.public = "y" AND dashboard_portfolios.hash="' . $hash . '"';
-$result = mysql_query($sql);
+$result = mysqli_query($GLOBALS['db'], $sql);
 
 # If this portfolio doesn't exist or isn't visible.
-if (mysql_num_rows($result) == 0) {
+if (mysqli_num_rows($result) == 0) {
     header($_SERVER['SERVER_PROTOCOL'] . ' 404 Not Found');
     $message = array('error' =>
         array('message' => 'No Portfolio Found',
@@ -49,7 +49,7 @@
 }
 
 
-$portfolio = mysql_fetch_array($result, MYSQL_ASSOC);
+$portfolio = mysqli_fetch_array($result, MYSQL_ASSOC);
 $portfolio = array_map('stripslashes', $portfolio);
 
 # Make the user closer to anonymous.
@@ -93,8 +93,8 @@
 		ORDER BY bills.chamber DESC,
 		SUBSTRING(bills.number FROM 1 FOR 2) ASC,
 		CAST(LPAD(SUBSTRING(bills.number FROM 3), 4, "0") AS unsigned) ASC';
-$result = mysql_query($sql);
-if (mysql_num_rows($result) == 0) {
+$result = mysqli_query($GLOBALS['db'], $sql);
+if (mysqli_num_rows($result) == 0) {
     header("Status: 404 Not Found");
     $message = array('error' =>
         array('message' => 'No Bills Found',
@@ -105,7 +105,7 @@
 
 # Build up a list of all bills.
 $portfolio['bills'] = array();
-while ($bill = mysql_fetch_assoc($result)) {
+while ($bill = mysqli_fetch_assoc($result)) {
     $bill['url'] = 'https://www.richmondsunlight.com/bill/' . $bill['year'] . '/' . $bill['number'] . '/';
     $bill['number'] = strtoupper($bill['number']);
     $portfolio['bills'][] = array_map('stripslashes', $bill);

htdocs/1.1/tag-suggest.php

@@ -19,7 +19,7 @@
 /*
  * Localize variables
  */
-$fragment = mysql_escape_string($_REQUEST['term']);
+$fragment = mysqli_escape_string($GLOBALS['db'], $_REQUEST['term']);
 
 $tags = new Tags();
 $tags->fragment = $fragment;