opencats · anonymoususer72041 · May 2, 2026 · May 2, 2026 · May 2, 2026 · May 2, 2026
diff --git a/modules/install/OptionalComponents.php b/modules/install/OptionalComponents.php
@@ -39,9 +39,9 @@
     CATSUtility::changeConfigSetting(\'US_ZIPS_ENABLED\', "false");
 ';
 $optionalComponents['usZipCodes']['detectCode'] = '
-    $rs = MySQLQuery(\'SELECT * FROM zipcodes\');
+    $recordSet = MySQLGetAssoc(\'SELECT zipcode FROM zipcodes LIMIT 1\');
 
-    if ($rs && mysqli_fetch_row($rs))
+    if (!empty($recordSet))
     {
         return true;
     }

diff --git a/modules/install/Schema.php b/modules/install/Schema.php
@@ -722,7 +722,7 @@ public static function get()
                         "UPDATE
                             dashboard_component
                         SET
-                            module_parameters = \'" . mysql_real_escape_string($serializedValue) . "\'
+                            module_parameters = " . $db->makeQueryString($serializedValue) . "
                         WHERE
                             dashboard_component_id = " . $row[\'dashboard_component_id\']
                     );
@@ -849,9 +849,9 @@ public static function get()
                 UPDATE system SET disable_version_check = 1;
             ',
             '253' => 'PHP:
-                $rs = $db->query(\'SELECT * FROM zipcodes\');
+                $rs = $db->getAssoc(\'SELECT zipcode FROM zipcodes LIMIT 1\');
 
-                if ($rs && mysql_fetch_row($rs))
+                if (!empty($rs))
                 {
                     $db->query(\'DELETE FROM zipcodes\');
                     $schemaZipcodes = @file_get_contents(\'db/upgrade-zipcodes.sql\');
@@ -1233,7 +1233,7 @@ public static function get()
                 $lists = $db->getAllAssoc("SELECT * FROM saved_list");
                 foreach($lists as $list)
                 {
-                    $db->query(sprintf("UPDATE saved_list SET description = \"%s\" WHERE saved_list_id = %s", mysql_real_escape_string(urldecode($list[\'description\'])), $list[\'saved_list_id\']));
+                    $db->query(sprintf("UPDATE saved_list SET description = %s WHERE saved_list_id = %s", $db->makeQueryString(urldecode($list[\'description\'])), $list[\'saved_list_id\']));
                 }
             ',
             '343' => '

diff --git a/modules/install/ajax/ui.php b/modules/install/ajax/ui.php
@@ -182,9 +182,11 @@
         $mailFromAddress = '';
         if (isset($tables['settings']))
         {
-            $rs = MySQLQuery('SELECT value FROM settings WHERE setting = "fromAddress" LIMIT 1');
-            if (mysqli_num_rows($rs) > 0)
-                $mailFromAddress = mysqli_fetch_row($rs);
+            $recordSet = MySQLGetAssoc('SELECT value FROM settings WHERE setting = "fromAddress" LIMIT 1');
+            if (!empty($recordSet))
+            {
+                $mailFromAddress = array($recordSet['value']);
+            }
         }
 
         echo '
@@ -473,15 +475,7 @@
         echo '<script type="text/javascript">';
 
         /* Detect date format preferences. */
-        $rs = MySQLQuery('SELECT date_format_ddmmyy FROM site', true);
-        if ($rs)
-        {
-            $record = mysqli_fetch_assoc($rs);
-        }
-        else
-        {
-            $record = array();
-        }
+        $record = MySQLGetAssoc('SELECT date_format_ddmmyy FROM site LIMIT 1', true);
 
         if (!isset($record['date_format_ddmmyy']) || $record['date_format_ddmmyy'] == 0)
         {
@@ -610,15 +604,7 @@
             die();
         }
 
-        $rs = MySQLQuery('SELECT * FROM candidate', true);
-        $fields = array();
-        while ($meta = @mysqli_fetch_field($rs))
-        {
-            if ($meta)
-            {
-                $fields[$meta->name] = true;
-            }
-        }
+        $fields = getInstalledTableFields('candidate');
 
         $catsVersion = '';
 
@@ -798,10 +784,11 @@
 
         //Check if we need to update from 0.6.0 to 0.7.0
         $tables = array();
-        $result = MySQLQuery(sprintf("SHOW TABLES FROM `%s`", DATABASE_NAME));
-        while ($row = mysqli_fetch_array($result, MYSQLI_NUM))
+        $resultSet = MySQLGetAllAssoc(sprintf("SHOW TABLES FROM `%s`", DATABASE_NAME));
+        foreach ($resultSet as $row)
         {
-            $tables[$row[0]] = true;
+            $tableName = reset($row);
+            $tables[$tableName] = true;
         }
 
         if (!isset($tables['history']))
@@ -890,12 +877,7 @@
         }
 
         $revision = 0;
-        $rs = MySQLQuery('SELECT * FROM candidate', true);
-        $fields = array();
-        while ($meta = mysqli_fetch_field($rs))
-        {
-            $fields[$meta->name] = true;
-        }
+        $fields = getInstalledTableFields('candidate');
 
         /* Look for more versions here. */
         if (!isset($fields['date_available']))
@@ -1019,18 +1001,18 @@
         $fromAddress = $_SESSION['fromAddressInstaller'];
 
         // If this is an existing database, just set all the fromAddress settings to new
-        MySQLQuery(sprintf('UPDATE settings SET value = "%s" WHERE setting = "fromAddress"', $fromAddress));
+        $db->query(sprintf('UPDATE settings SET value = %s WHERE setting = "fromAddress"', $db->makeQueryString($fromAddress)));
         // This is a new install, insert a settings value for each site in the database
-        if(mysqli_affected_rows($mySQLConnection) == 0)
+        if ($db->getAffectedRows() == 0)
         {
             // Insert a "fromAddress" = $fromAddress for each site
-            MySQLQuery(sprintf(
+            $db->query(sprintf(
                 'INSERT INTO settings (setting, value, site_id, settings_type) '
-                . 'SELECT "fromAddress", "%s", site_id, 1 FROM site',
-                $fromAddress
+                . 'SELECT "fromAddress", %s, site_id, 1 FROM site',
+                $db->makeQueryString($fromAddress)
             ));
             // Insert a "configured" = 1 setting for each site
-            MySQLQuery(
+            $db->query(
                 'INSERT INTO settings (setting, value, site_id, settings_type) '
                 . 'SELECT "configured", "1", site_id, 1 FROM site'
             );
@@ -1093,8 +1075,10 @@
         MySQLConnect();
 
         /* Determine if a default user is set. */
-        $rs = MySQLQuery("SELECT * FROM user WHERE user_name = 'admin' AND password = md5('cats')");
-        if ($rs && mysqli_fetch_row($rs))
+        $record = MySQLGetAssoc(
+            "SELECT user_id FROM user WHERE user_name = 'admin' AND password = md5('cats') LIMIT 1"
+        );
+        if (!empty($record))
         {
             //Default user set
             echo '<script type="text/javascript">document.location.href="index.php?defaultlogin=true";</script>';
@@ -1112,7 +1096,7 @@
 
 function MySQLConnect()
 {
-    global $tables, $mySQLConnection;
+    global $tables, $mySQLConnection, $db;
 
     $mySQLConnection = @mysqli_connect(
         DATABASE_HOST, DATABASE_USER, DATABASE_PASS
@@ -1132,12 +1116,16 @@
     }
 
 
+    include_once(LEGACY_ROOT . '/lib/DatabaseConnection.php');
+    $db = getInstallerDatabaseConnection();
+
     /* Create an array of all tables in the database. */
     $tables = array();
-    $result = MySQLQuery(sprintf("SHOW TABLES FROM `%s`", DATABASE_NAME));
-    while ($row = mysqli_fetch_row($result))
+    $resultSet = MySQLGetAllAssoc(sprintf("SHOW TABLES FROM `%s`", DATABASE_NAME));
+    foreach ($resultSet as $row)
     {
-        $tables[$row[0]] = true;
+        $tableName = reset($row);
+        $tables[$tableName] = true;
     }
 
     /* Select CATS database. */
@@ -1156,6 +1144,18 @@
     }
 }
 
+function getInstallerDatabaseConnection()
+{
+    global $db;
+
+    if (is_object($db) && method_exists($db, 'query'))
+    {
+        return $db;
+    }
+
+    return DatabaseConnection::getInstance();
+}
+
 function MySQLQuery($query, $ignoreErrors = false)
 {
     global $mySQLConnection;
@@ -1179,6 +1179,44 @@
     return $queryResult;
 }
 
+function getInstalledTableFields($table)
+{
+    $fields = array();
+    $fieldMeta = MySQLGetAllAssoc(sprintf('SHOW COLUMNS FROM %s', $table), true);
+    foreach ($fieldMeta as $meta)
+    {
+        if (isset($meta['Field']))
+        {
+            $fields[$meta['Field']] = true;
+        }
+    }
+    return $fields;
+}
+
+function MySQLGetAssoc($query, $ignoreErrors = false)
+{
+    global $db;
+
+    if (!$db->query($query, $ignoreErrors))
+    {
+        return array();
+    }
+
+    return $db->getAssoc();
+}
+
+function MySQLGetAllAssoc($query, $ignoreErrors = false)
+{
+    global $db;
+
+    if (!$db->query($query, $ignoreErrors))
+    {
+        return array();
+    }
+
+    return $db->getAllAssoc();
+}
+
 function MySQLQueryMultiple($SQLData, $delimiter = ';')
 {
     $SQLStatments = explode($delimiter, $SQLData);

diff --git a/modules/install/backupDB.php b/modules/install/backupDB.php
@@ -75,16 +75,12 @@ function dumpDB($db, $file, $useStatus = false, $splitFiles = true, $siteID = -1
     $len = 0;
     $fileNumber = 0;
 
-    $connection = $db->getConnection();
-
     $text = '';
 
-    $result = mysqli_query($connection,
-        sprintf("SHOW TABLES FROM `%s`", DATABASE_NAME)
-    );
-    while ($row = mysqli_fetch_array($result, MYSQLI_NUM))
+    $resultSet = $db->getAllAssoc(sprintf("SHOW TABLES FROM `%s`", DATABASE_NAME));
+    foreach ($resultSet as $row)
     {
-        $tables[] = $row[0];
+        $tables[] = reset($row);
     }
 
     if ($splitFiles) $fh = fopen($file . '.' . $fileNumber, 'w');
@@ -107,13 +103,10 @@ function dumpDB($db, $file, $useStatus = false, $splitFiles = true, $siteID = -1
 
         $text .= 'DROP TABLE IF EXISTS `' . $table . '`((ENDOFQUERY))'."\n";
         $sql = 'SHOW CREATE TABLE ' . $table;
-        $rs = mysqli_query($connection, $sql);
-        if ($rs)
+        $row = $db->getAssoc($sql);
+        if (!empty($row))
         {
-            if ($row = mysqli_fetch_assoc($rs))
-            {
-                $text .= $row['Create Table'] . "((ENDOFQUERY))\n\n";
-            }
+            $text .= $row['Create Table'] . "((ENDOFQUERY))\n\n";
         }
 
         if ($table == 'word_verification') continue;
@@ -131,14 +124,14 @@ function dumpDB($db, $file, $useStatus = false, $splitFiles = true, $siteID = -1
 
         $isSiteIdColumn = false;
         $sql = sprintf("SHOW COLUMNS FROM %s", $table);
-        $rs = mysqli_query($connection, $sql);
-        while ($recordSet = mysqli_fetch_assoc($rs))    
+        $columnRecordSet = $db->getAllAssoc($sql);
+        foreach ($columnRecordSet as $recordSet)
         {
             if ($recordSet['Field'] == 'site_id')
             {
                 $isSiteIdColumn = true;
             }
-        }    
+        }
 
         if ($isSiteIdColumn)
         {
@@ -149,10 +142,16 @@ function dumpDB($db, $file, $useStatus = false, $splitFiles = true, $siteID = -1
             $sql = 'SELECT * FROM ' . $table . '';
         }
 
-        $rs = mysqli_query($sql, $connection);
         $index = 0;
-        while ($recordSet = mysqli_fetch_assoc($rs))
+        $db->query($sql);
+        while (true)
         {
+            $recordSet = $db->getAssoc();
+            if (empty($recordSet))
+            {
+                break;
+            }
+
             $continue = true;
 
             if (isset($recordSet['site_id']))
@@ -227,7 +226,7 @@ function dumpDB($db, $file, $useStatus = false, $splitFiles = true, $siteID = -1
                 $i = 0;
                 foreach ($recordSet as $field)
                 {
-                    $text .= "'".mysqli_real_escape_string($connection, $field)."'";
+                    $text .= $db->makeQueryString($field);
                     $i++;
                     if ($i != count($recordSet))
                     {

diff --git a/modules/settings/ajax/backup.php b/modules/settings/ajax/backup.php
@@ -245,13 +245,19 @@ function setStatusBackup($status, $progress)
             site_id = %s",
         $siteID
     );
-    $queryResult = mysqli_query($db, $sql);
-    $totalAttachments = mysqli_num_rows($queryResult);
+    $db->query($sql);
+    $totalAttachments = $db->getNumRows();
 
     /* Add each attachment to the zip file. */
     $attachmentCount = 0;
-    while ($row = mysqli_fetch_assoc($queryResult))
+    while (true)
     {
+        $row = $db->getAssoc();
+        if (empty($row))
+        {
+            break;
+        }
+
         ++$attachmentCount;
         $relativePath = sprintf(
             'attachments/%s/%s',

diff --git a/scripts/makeBackup.php b/scripts/makeBackup.php
@@ -243,12 +243,18 @@ function dumpAttachments($db, $directory, $siteID)
         $siteID
     );
 
-    $queryResult = mysqli_query($db, $sql);
-    $totalAttachments = mysqli_num_rows($queryResult);
+    $db->query($sql);
+    $totalAttachments = $db->getNumRows();
 
     /* Add each attachment to the zip file. */
-    while ($row = mysqli_fetch_assoc($queryResult))
+    while (true)
     {
+        $row = $db->getAssoc();
+        if (empty($row))
+        {
+            break;
+        }
+
         $relativePath = sprintf(
             'attachments/%s/%s',
             $row['directory_name'],