Code issues with 5.3

[whorelando]

Hello, I am new to this forum

 

I have done a bit with php previously but not really worked with it in the past few years. When I did so I wwas more accustomed to the ISAPI set up which now it seems has become obsolete.

 

When I last did any work with PHP OIt was more or less around the time PHP 4 moved up to 5 - I remember having gotten in contact with Larry Ulmann at the time as a lot of the Global Syntax had changed and couldn't work through his books. Even with the pHP titles I bought the code Larry used I am sure was pho 5 but by the time I bought the book the syntax had changed. This seems to be the case with nearly every update to php, not only the syntax but also the configuration...

 

I now find existing scripts I had, that ran in 5.2.10 on an isapi install only a few days ago are now giving me trouble

 

Included here is the first snippet:

 

<?php
if($process) {
@extract($_POST);
$name = stripslashes($name);
$email = stripslashes($email);
$subject = stripslashes($subject);
$message = stripslashes($message);
$origin = "This email originated on the webform at http://www.coup.com";

mail("headless_chikkin@coup.com",$subject,$message,
"From: $name <$email>\r\n" .
"Reply-To: $name <$email>\r\n" .
"X-Mailer: PHP/" . phpversion());
                

$message = str_replace("\n","<br>",$message);
echo "<h3><font color= #545F1D>Your message has been sent succesfully!!!</font></h3><hr/>";
echo "<b><font color= #660000>From:</font></b> $name <".$email."><br/><br/>";
echo "<b><font color= #660000>Subject:</font></b> $subject<br>";
echo "<hr/><br/><b><font color= #000000>Message:</font></b> <i>$message</I><br/>";
echo "<br/><hr/>";
echo "<b><font color= #660000>Thank You for your comment</font></b>";
} 
else 
{
echo "<font color= #000000>Sorry but you can't access this page directly</font>";
?>
}

 

 

I had a heckuva time setting up 5.3 on a 64bit Vista machine but followed this very well explained step by step on installing  FastCGI PHP and it seems to be running fine except for the fact it is throwing a lot of parser errors.

 

In the snippet above the script falls down at:

 

if($process)

 

The second example should be a lot more straight forward... but for the life of me I cannot figure out why the script is falling down, I have explicitly declared variables (This exercise btw comes from Larry's PHP 5 and MySQL 6 for Dynamic Websites title) and given them valued derived directly from the Posted Values on the Html form. The names I have treble chequed a dozen times.... and still I am getting undefined index error messages.

 

here is the php end of the script

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Form Feedback</title>
</head>
<body>
<?php # Script 2.2 - handle_form.php
// Create a shorthand for the form data:
    $name = $_REQUEST['name'];
    $email = $_REQUEST['email'];
    $comments = $_REQUEST['comments'];
/* Not used:
$_REQUEST[‘age’]
$_REQUEST[‘gender’]
$_REQUEST[‘submit’]
*/

// Print the submitted information:
echo "<p>Thank you, <b>$name</b>, for the following comments:<br />
<tt>$comments</tt></p>
<p>We will reply to you at <i>$email</i>.</p>\n";
?>
</body

 

again, as mentioned the incoming values posted from the html page are name, email and comments )as written, lower-case)

 

Can anyone please shed some light on why supposedly very straight-forward scripts are suddenly coming horribly undone on this'latest flavour')

 

Thanks in advance

 

- ps forgot to mention I have changed $-REQUEST to $_GET and $_POST nothing makes any difference. I suspect variable definition has once again gotten an overhaul

[trq]

In your first script, I don't see where $process is defined. register_globals has been off in php for over seven years, even prior to any version of 5 was released.

 

Very little syntax changes have been made between php4 - 5, and even those are only really within the OOP realm, so I'm really not sure what your moaning about.

 

As for your second script. Your getting undefined index notices because your assigning variables from values you assume are within the $_REQUEST array without first checking the $_REQUEST array holds these values.

 

These aren't syntax quirks on php part but logical mistakes on your part.

[whorelando]

whereas I am thankful for your response I do not appreciate the tone or the manner of it. We're not all psudo geeks you know!

 

So to reply at your level - bright spark!

 

Explain this then why dont you... both scrips work perfectly on Mac os X running Entropy php 5.2.9.7 with globals turned off. Monkey can transfer file from Windows to Mac, duh!!!!

 

Once again - for anyone herewho does not mind sharing helpful and pertinent suggestions - These scripts run fine on Entropy and earlier Isapi Installations of PhP 5 on both Mac and windows. It is only with a CGI install on Vista 64 of 5.3 that the problems first start to appear.

 

Unlike our 'learned' wise-guy here that sees to think personal insult and belittlement helps the case I looked up a few things about 5.3.

 

First off it is a test-pilot for php 6.0 which is 'just around the corner' as it seemingly has been for at least 3 years now. Super Globals have been deemed unsafe and I suspect have been stripped from this version - which in turn would definitely throw these type of errors. That said who knows what else has been stripped.

 

I would therefore like to know what code to use to receive values passed from the html code in place of the super globals if they are no longer to exist.

 

as for the $process problem.... as mentioned this is old code that I pieced together from snippets and tutes some 3 years ago.  I am not sure that it needs to be defined, after all it works as it should on all versions of 5 I have used up to the most recent one. Checked it last night again on the Entropy 5.2.9.7 and it executes as expected.

 

Forgive me that I am not an MIT FX_NERD_TML super code guru but I would at least have appreciated a more level-headed reply to a request for help. Indeed languages like these can be frustrating at the best of times and constant changes as one starts getting the hang of things does't help issues that much.....

 

Anyhow, regardless of attitude... The fact remains, as do the problems that 5.3 does not behave in the same manner as it's immediate predecessors did.

 

I am now wondering too that if super globals are indeed to be stripped from 6.0 altogether, how it is that Larry Ulman uses them, even though they are recognized security threats, as examples in a book about a forthcoming version of php (ie 6.0) in which they are to be made obsolete.

 

Again - If I were an expert I wouldn't be needing the books - right??? just don't figger!!!!

[KevinM1]

Super globals != register_globals.

 

Super globals are your gpc arrays - $_GET, $_POST, $_COOKIE, and the catch-all $_REQUEST.  Those aren't going anywhere.

 

register_globals, on the other hand, was a PHP.ini setting that would automatically transform a value in one of the super global arrays into a separate variable of the same key name.  So, $_POST['name'] would automatically be available to the coder as $name.  It was dangerous because people had a tendency to use that 'feature' as a crutch, and would put these unsanitized variables directly in their database queries.

 

As an aside, addslashes() isn't a very good defense against injection attacks.  You should use your database's escape function (such as mysql_real_escape_string()) instead.

 

As for the rest, thorpe's reply is sufficient.  The language hasn't changed much in a decade, and certainly not at the variable assignment level.  Your errors are logical, not syntactical, in nature.

[MatthewJ]

Very little syntax changes have been made between php4 - 5, and even those are only really within the OOP realm, so I'm really not sure what your moaning about.

 

A little snarky there for a mod... maybe pre morning coffee

[whorelando]

Thank you Nightslr for the explanation - I will take the suggestion on board as I am planning to possibly include sql in the latest project.

 

In this case though, with register globals turned off (as indeed they were in 5.2.9.7 where the script works) what should I replace $_REQUEST etc with to take in the values passed from the html form?

 

is it enough just to declare $name; ? surely it has to be = (value passed from html form)

 

can that be simply $name = ['name'] ?

 

I very much doubt it... as the name has to somehow have linked reference to the originating form.

 

Meant to add here that the original script here does not use DB... it is intended to send web Form email to remote email address that can be immediately made obsolete in the case of bulk mail hijacking - (which was an issue I had when with netfirms). the user basically leaves name and contact details and a message. I can then reply to them from one of a number of legitimate mail addressas less prone to spam and hijack attacks....

[whorelando]

Very little syntax changes have been made between php4 - 5, and even those are only really within the OOP realm, so I'm really not sure what your moaning about.

 

A little snarky there for a mod... maybe pre morning coffee

 

Hey Matthew....

 

Only out of bed myself and not fully waken up so I guess my reply was very toned down and reserved.... mind you I have that coffee teed up on the 1st waiting for me!

 

The day hasn't got under way till the first signs of caffeine jitters kick in!

[MatthewJ]

depending on the form method (get/post) it would be

$name = $_GET['name'];

 

or

 

$name = $_POST['name'];

[whorelando]

depending on the form method (get/post) it would be

$name = $_GET['name'];

 

or

 

$name = $_POST['name'];

 

Hi again... this my friend is the crux of the problem... no matter which  method I use - get/request or post the script falls down every time withundefined index error, and only it seems on 5.3.

 

If you have a moment and have a similar set up to mine (Vista 64 IIS7 php 5.3 using fast CGI) you might give it a whirl and try as I did replacing $_REQUEST with one of the others.

 

No matter what I try (i even turned on register_Globals for this purpose) the script falls down every time on these lines.

 

Here are the 2 files is question:

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Simple HTML Form</title>
</head>
<!--Script 2.1 Form.html-->
<body>
<form id="form1" name="form1" method="post" action="handle_form.php">

<fieldset><legend>Enter your
information in the form below:</legend>

<p><b>Name:</b> <input type=”text”
name=”name” size=”20” maxlength=”40”
/></p>

<p><b>Email Address:</b> <input
type=”text” name=”email” size=”40”
maxlength=”60” /></p>

<p><b>Gender:</b> <input type=”radio”
name=”gender” value=”M” /> Male <input
type=”radio” name=”gender” value=”F” />
Female</p>

<p><b>Age:</b>

<select name=”age”>
<option value=”0-29”>Under 30</option>

<option value=”30-60”>Between 30 and 60</option>

<option value=”60+”>Over 60</option>

</select></p>

<p><b>Comments:</b> <textarea
name=”comments” rows=”3”
cols=”40”></textarea></p>
</fieldset>

  <div align="center">
    <input type="submit" name="submit" id="submit" value="Submit My Registration" />
  </div>


<div align="center"></div></form>
</body>
</html>

 

and

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Form Feedback</title>
</head>
<body>
<?php # Script 2.2 - handle_form.php
// Create a shorthand for the form data:
	$name = $_REQUEST['name'];
$email = $_REQUEST['email'];
$comments = $_REQUEST['comments'];
/* Not used:
$_REQUEST[‘age’]
$_REQUEST[‘gender’]
$_REQUEST[‘submit’]
*/

// Print the submitted information:
echo "<p>Thank you, <b>$name</b>, for the following comments:<br />
<tt>$comments</tt></p>
<p>We will reply to you at <i>$email</i>.</p>\n";
?>
</body>
</html>

 

[KevinM1]

Thank you Nightslr for the explanation - I will take the suggestion on board as I am planning to possibly include sql in the latest project.

 

In this case though, with register globals turned off (as indeed they were in 5.2.9.7 where the script works) what should I replace $_REQUEST etc with to take in the values passed from the html form?

 

is it enough just to declare $name; ? surely it has to be = (value passed from html form)

 

can that be simply $name = ['name'] ?

 

I very much doubt it... as the name has to somehow have linked reference to the originating form

 

You use the correct super global array.

 

If your form's method is post, then you use $_POST.  If it's get, you use $_GET.  The key names are the names of your form's inputs.  So, if you have an input named 'name' (sans quotes), you would access it with $_POST['name']/$_GET['name'] depending on your form's method.  You should first check to see if the array even has any values in it, though.

 

Example:

 

Form.html

<html>
   <head>
      <title>Test form</title>
   </head>

   <body>
      <form action="handleform.php" method="post">
         Name: <input type="text" name="name" /><br />
         E-mail: <input type="text" name="email" /><br />
         <input type="submit" name="submit" value="submit" />
      </form>
   </body>

</html>

 

Handleform.php

<?php
   $errMsg = "";

   if(isset($_POST['submit'])) //if the form was submitted
   {
      if(!empty($_POST['name'])) //if name exists
      {
         $name = $_POST['name'];
      }
      else
      {
         $name = false;
         $errMsg .= "No name has been entered<br />";
      }

      if(!empty($_POST['email'])) //if email exists
      {
         $email = $_POST['email'];
      }
      else
      {
         $email = false;
         $errMsg .= "No e-mail address has been entered<br />";
      }
   
      if($name && $email)
      {
         echo "Your name is $name.  Your e-mail address is $email";
      }
      else
      {
         echo $errMsg;
      }
   }
?>

[MatthewJ]

I guessed at what process was etc. but try that and see if it runs for you.

 

<?php
if(isset($_REQUEST['process'])) 
{
$name = stripslashes($_REQUEST['name']);
$email = stripslashes($_REQUEST['email']);
$subject = stripslashes($_REQUEST['subject']);
$message = stripslashes($_REQUEST['message']);
$origin = "This email originated on the webform at http://www.coup.com";

mail("headless_chikkin@coup.com",$subject,$message,
"From: $name <$email>\r\n" .
"Reply-To: $name <$email>\r\n" .
"X-Mailer: PHP/" . phpversion());


$message = str_replace("\n","<br>",$_REQUEST['message']);
echo "<h3><font color= #545F1D>Your message has been sent succesfully!!!</font></h3><hr/>";
echo "<b><font color= #660000>From:</font></b> $name <".$email."><br/><br/>";
echo "<b><font color= #660000>Subject:</font></b> $subject<br>";
echo "<hr/><br/><b><font color= #000000>Message:</font></b> <i>$message</I><br/>";
echo "<br/><hr/>";
echo "<b><font color= #660000>Thank You for your comment</font></b>";
} 
else 
{
echo "<font color= #000000>Sorry but you can't access this page directly</font>";
}
?>

[whorelando]

Hi Again Matthew- and thanks for doing this....

 

It certainly does.... and gives me something to work with... might need to tidy up a line or two put at least the script executes. Not sure what was behind the @extract line in the code originally either.

 

I see also that here the $_REQUEST method is working - needless I would have to test this live to ensure that the variable placeholder values are indeed being filled with the values passed to them.

 

However I am still baffled by why it is falling down in the other example which should be a LOT more straightforward than this one. Bear in mind this script is an old one I have been using for a few years now. The other one is an example from Larry Ulmas New Book on PHP6 & and MYSQL5 development.

 

Thank you again so much for solving part one. I will need to get back into code and read up on the isset function in the API. BTW how fo I access the API and syntax explanations? do I need to go online directly fopr it or is it downloadable?

[whorelando]

to Nightslr

 

- Thank you again for continued interest in the thread... I tested the script in Firefox and input values... so the form imo should have passed on those values to the server via the post method.

 

Last night i went in and since there are 3 variables in use here I set ones method to $_REQUEST, One to $_POST and one to $_GET

 

I then retested the form in the browser and entered values in to all  fields - again I got the same error message for all 3 variables... undefined index!

 

Has me utterly confused....

[wildteen88]

Could you post the code to your form here.

[roopurt18]

Explain this then why dont you... both scrips work perfectly on Mac os X running Entropy php 5.2.9.7 with globals turned off. Monkey can transfer file from Windows to Mac, duh!!!!

 

Your scripts are broken on 5.2.9.7 as well.  You just have a different level of error reporting set on that installation.

 

Go on over to your 5.2.9.7 installation and at the top of a script add:

error_reporting(0xffffffff);
ini_set( 'display_errors', 'on' );

 

You should see much the same errors.

 

First off it is a test-pilot for php 6.0 which is 'just around the corner' as it seemingly has been for at least 3 years now. Super Globals have been deemed unsafe and I suspect have been stripped from this version - which in turn would definitely throw these type of errors. That said who knows what else has been stripped.

The changes between PHP releases are well documented; there's no need to guess about anything.  Of course guessing is never a good way to go about programming.

 

BTW, everything thorpe said was dead on.  Sensitive much?

[whorelando]

Hi Again Matthew- and thanks for doing this....

 

It certainly does.... and gives me something to work with... might need to tidy up a line or two put at least the script executes. Not sure what was behind the @extract line in the code originally either.

 

I see also that here the $_REQUEST method is working - needless I would have to test this live to ensure that the variable placeholder values are indeed being filled with the values passed to them.

 

However I am still baffled by why it is falling down in the other example which should be a LOT more straightforward than this one. Bear in mind this script is an old one I have been using for a few years now. The other one is an example from Larry Ulmas New Book on PHP6 & and MYSQL5 development.

 

Thank you again so much for solving part one. I will need to get back into code and read up on the isset function in the API. BTW how fo I access the API and syntax explanations? do I need to go online directly fopr it or is it downloadable?

 

Sorry matthew.... got my wires crossed...

 

Now when I try t execute the script I get:

 

PHP Warning:  mail(): Failed to connect to mailserver at "localhost" port 25, verify your "SMTP" and "smtp_port" setting in php.ini or use ini_set() in C:\inetpub\wwwroot\testsite\email.php on line 63

 

 

[whorelando]

Could you post the code to your form here.

 

Already did - check 5 to 7 posts above this...

[KevinM1]

Re: API

 

PHP manual: http://www.php.net/manual/en/

PHP function list: http://www.php.net/quickref.php

 

Everything you'd ever want to know about the language is there.

[MatthewJ]

Seriously... you guys kiss a lot of butt here for some reason... the mods quite often are rude. I'm sure it gets old seeing the same old posts, and explaining the same old things, but if that is true, find a new hobby and leave being a mod to someone else. There is no need to be rude to someone who obviously does not have the same level of php experience. My response would be childish much?

[MatthewJ]

That error means that your smtp server is not installed, or not configured in the ini. Google should be able to help for fixing that.

[MatthewJ]

Could you post the code to your form here.

 

Already did - check 5 to 7 posts above this...

 

You actually posted the handler and the confirmation page, but not the form

[roopurt18]

Seriously... you guys kiss a lot of butt here for some reason... the mods quite often are rude. ... My response would be childish much?

 

You're 100% right.  I should stop being childish and kissing up to thorpe.

 

To the original poster, just add these two lines at the top of all your files and most of your problems will be fixed.

error_reporting(0);
ini_set( 'display_errors', '0' );

[wildteen88]

Could you post the code to your form here.

 

Already did - check 5 to 7 posts above this...

 

You actually posted the handler and the confirmation page, but not the form

I'm guessing this is your form

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Simple HTML Form</title>
</head>
<!--Script 2.1 Form.html-->
<body>
<form id="form1" name="form1" method="post" action="handle_form.php">

<fieldset><legend>Enter your
information in the form below:</legend>

<p><b>Name:</b> <input type=”text”
name=”name” size=”20” maxlength=”40”
/></p>

<p><b>Email Address:</b> <input
type=”text” name=”email” size=”40”
maxlength=”60” /></p>

<p><b>Gender:</b> <input type=”radio”
name=”gender” value=”M” /> Male <input
type=”radio” name=”gender” value=”F” />
Female</p>

<p><b>Age:</b>

<select name=”age”>
<option value=”0-29”>Under 30</option>

<option value=”30-60”>Between 30 and 60</option>

<option value=”60+”>Over 60</option>

</select></p>

<p><b>Comments:</b> <textarea
name=”comments” rows=”3”
cols=”40”></textarea></p>
</fieldset>

  <div align="center">
    <input type="submit" name="submit" id="submit" value="Submit My Registration" />
  </div>


<div align="center"></div></form>
</body>
</html>

[/code]

 

 

The form is fine. However you are using the wrong type of quotes. You should use " to wrap attribute values in and not ”. Change all instances of ” to " and your script should function.

This could be why your PHP script is failing.

[whorelando]

The form is fine. However you are using the wrong type of quotes. You should use " to wrap attribute values in and not ”. Change all instances of ” to " and your script should function.

This could be why your PHP script is failing.

 

Thank you - I think this might very well be the problem. I live in peru and am finding it danged hard to laymy hands on an english keyboard for the PC ( a nightmare when you cannot find things lile @ and the backslash... as well as these wuote issues. WIll have a look at this later but I think you are dead right

[whorelando]

Re: API

 

PHP manual: http://www.php.net/manual/en/

PHP function list: http://www.php.net/quickref.php

 

Everything you'd ever want to know about the language is there.

 

Thank you my friend. Your help here has been invaluable. I think Wildteen may have solved the problem... I work on a Spanish Keyboard on Windows (Latin American - as it's all I can find here in Lima). Thankfully my mac is US English =)

 

I will bookmark both of these. Your if else routine is also something I will definitely look at though in terms of strengthening the code and my understanding of it!

 

Thanks for your time and courteousness.

 

The other script continues to give me problems though... Mathew has given me something more to google here....