Error Help needed (Please) "Deprecated: mysql_connect()..."

[leadmana]

I have the following message displayed at the top of my published website, and have no idea what it means, or how to remove it/rectify this problem.

I have contacted the developer of script that I used to build the website 3 times by email, twice on their facebook page and once by twitter.. and had no reply from any contact. I'm not sure they care, or know what the issue is, or even how to fix it.. or they are just ignorant.

The message is

Deprecated: mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in /home/leadmana/public_html/CarDealerV3/engine/initengine.php on line 13

 

[caftpx10]

mysql_*() functions aren't really the safest thing to use these days.
The warning is basically saying that it's now unsupported and so it will be removed in a future PHP version (in this case, PHP7).

Now, there's a few things you can do.
1. The best way of doing things is to either use MySQLi or PDO instead for handling the database stuff.
2. If you don't have enough time to update the all the affected code yourself right away, although not recommended, you can suppress the warnings by placing this just before mysql_connect() or in the very top of the initengine.php file:

error_reporting(E_ALL ^ E_DEPRECATED);

Note that suppressing important warnings like this won't make it any safer (apart from the fact that a potential attacker won't be able to identify that you're using ext/mysql right away), and so this second one should be classed as a temporary solution.

 

[essellar]

It's probably worth pointing out that the alternative APIs (MySQLi and PDO) have been around since 2004 and that the deprecation of ext/mysql in PHP 5.5 was announced nearly three years ago (in December 2012). It may have been the case that your script was developed with an eye to hosting it on ancient PHP servers (that is occasionally, but rarely, the case), but it's far more likely that the script is simply old (if you picked it up "off the shelf", so to speak) or that the person/people who wrote it either (a) weren't keeping up with the times, or (b) only ever learned enough programming (out of a book or from web tutorials) to make something that more-or-less works.

Either way, it would probably be a good idea, if you can, to get the code audited by a competent developer, especially if there is a log-in component. It's not just about your own site. Between SQL injection vulnerabilities and old password storage schemes that can be cracked on low-cost hardware at a rate of 180,000,000,000 guesses per second these days (or worse, plain text passwords), you could be leaving your users open to all kinds of damage. Once somebody has your email address and that password you use everywhere, it's game over, even if the site the information came from is just a 100-person forum discussing organic hamster treats. And most users really do only use one or two passwords everywhere. You do not want to be legally or financially responsible for any of the possible consequences.

 

[leadmana]

Hmm, so it seems that I have been duped into buying a script that is old, no longer supported and could leave my website open for anyone to attack.. grrr..
I am looking for a quick fix, but apart from suppressing the error, I guess a quick fix is not a possibility.

I am not a coder/programmer and have probably opened a can of worms that is totally beyond me.

The website is for a car dealership that only has 3 people ( me being one of them) that would log in to list or update vehicles for sale/sold..
There are no email addresses, and I insist on using caps and lower case, numbers and punctuation in passwords. Does that make a difference?

 

[essellar]

Not having a public login (that is, not having responsibility for customer data) mitigates a lot of potential problems, and having a very small number of people actually logging in means that fixing any potential remaining problems is a relatively lightweight task (modifying a large database table with limited resources - as in Free Hosting - can be hairy). I'd be glad to take a boo to give you some idea of the scope of the problems you may be facing; it may be something that's easily fixable with very little work, or there may be deep and fundamental problems with the code that may mean moving to another solution and rebuilding the site is the economical solution even in the short term.