Problem retrieving from database (getting a blank page) / php mysql

[gregory0013]

Hello,

 

Have a strange problem that I hope someone could help with.  I've successfully used the underlying code to retrieve articles from a mysql database.  I've migrated it to another hosting company, changed the respective connection details, and while I could successfully connect, I get a blank page each time a click a link which references the database article.  The page below represents the page which should load the article from the database:

 

<?php

//Connect to the database server

//variable declaration

$database=mydatabase";

$userName="user";

$password="*****";

$mysqlserver="db.ip.address";

 

//establish connection to database

$linkID=mysql_connect($mysqlserver, $userName, $password)

or die("Connection to database failed.");

 

// Select database

if (! @mysql_select_db($database) )

{ 

  echo( "<P>Unable to locate</P>" );

  //exit();

}

?>

 

<?php

//$testimonials_id = $_POST['testimonials_id];

// Request data from table

  $result = mysql_query("SELECT * FROM testimonials WHERE testimonials_id ='$testimonials_id'");

  if (!$result) {   

  echo("<P>Error performing query: " .mysql_error() . "</P>");

  exit();

  }

else

  // Display databse content

  while ( $row = mysql_fetch_array($result) )

  {   

  echo(

  "<br><b>"

  .$row["company"]

  ."</b>"

  .$row["text"]

  ."</p>"

  ."<br>"

  ."<span class='style1'>"

  ."<b><font size='2'>"

  .$row["name"]

  ."</font>"

  ."</b>"

  //."<p align='justify'>"

  ."<br/>"

  .$row["position"]

  ."<br/>"

  ."</span>"

  );

  }

?>

 

Any help would be most appreciated!  (The new hosting company uses php 5)

[teng84]

try adding

error_reporting(E_ALL);

ini_set('display_errors',1);

 

on top of your script im suspecting this is not sql problem but rather php issue

[gregory0013]

Hi,

 

Thanks for your reply - this is the error I got when I used your code:

 

Notice: Undefined variable: testimonials_id in /home/fhlinux135/t/mydomainname.co.uk/user/htdocs/testimonial.php on line 77

 

Line 77 happens to be the line I previously highlighted in red:

$result = mysql_query("SELECT * FROM testimonials WHERE testimonials_id ='$testimonials_id'");

 

testimonials_id should be received from the page where the link is clicked.  Can't understand how it works on one server and not the other.

 

 

[gregory0013]

Here is the code from the page which generates the links:

 

<?php

//Connect to the database server

//variable declaration

$database="dbname";

$userName="username";

$password="*****";

$mysqlserver="db.ip.address";

 

//establish connection to database

$linkID=mysql_connect($mysqlserver, $userName, $password)

or die("Connection to database failed.");

 

// Select database

if (! @mysql_select_db($database) )

{ 

  echo( "<P>Unable to locate</P>" );

  exit();

}

?>

 

 

<?php

// Request data from table

  $result = mysql_query("SELECT * FROM testimonials ORDER BY testimonials_id");

  if (!$result)

  {   

  echo("<P>Error performing query: " .mysql_error() . "</P>");

  exit();

  }

  // Display databse content

  echo"<table>";

  while ( $row = mysql_fetch_array($result) )

  {

  echo("<tr>"."<td>"."<p>"."<b>".$row["company"]."</b>"."<br>".$row["excerpt"]."      "."<a href=testimonial.php?testimonials_id=$row[testimonials_id] target=_parent>".'<strong>'."<span class='style1'><font color=#007e7a><u>".'<font color=#0093d0>'.'Read in full'.'</font></u></font></span>'.'</strong>'."</a>"."</tr>"."<tr><td>"."<p>"."<div align='right'>".'<strong>'."<font size='2'>".$row['name']."</font>".'</strong>'."<br/>".$row["position"]."<br/>"."</div>"."</p>"."</td></tr>"."</td>"."</tr>");

  }

  echo"</table>";

?>

[PFMaBiSmAd]

You have an error message about an undefined variable. Start there and work backwards. The line in that file that sets that variable is commented out -

 

//$testimonials_id = $_POST['testimonials_id'];

 

It is going to be a little difficult for your code to set a variable if the line that sets it is not being executed.

[gregory0013]

Hi,

 

I just placed that line in previously to explicitly declare the variable.  With or without it, the page still renders blank.  Any other ideas?

[PFMaBiSmAd]

The reason the original code worked on your old server is because register_globals were turned on to magically populate program variables from $_POST/$_GET/$_COOKIE/$_SESSION data. Unfortunately, register_globals magically allowed hackers to set session variables and many web sites where broken into that used login systems and assumed that session variables could only be set by their code. Register_globals were turned off by default in php4.2 in the year 2002. No new code or hosting accounts should have been created after that point that relied on or turned on register_globals and all code using register_globals should have been upgraded long ago. Register_globals have been completely removed in php6, so turning them on to fix your problem is not a solution.

 

So, uncomment the line that is setting $testimonials_id in the first piece of code and change $_POST to $_GET. A link sets GET variables not POST variables.

 

Your code has no protection against sql injection. At a minimum all string data that comes from outside your script must be put through the mysql_real_escape_string() function.

$testimonials_id = mysql_real_escape_string($_GET['testimonials_id']);

[gregory0013]

Thanks for that thorough explanation.  I sincerely appreciated your help on this!