roflcaesar Posted October 25, 2009 Share Posted October 25, 2009 Hi, I recently changed hosts, and I noticed that certain mysql scripts weren't working on my new host. I'm not really sure why, but anything that contains a variable in a query does nothing. This is what I have: mysql_query("UPDATE addinatorz SET points=points+50 WHERE id='$ref'") or die(mysql_error()); and $sql="SELECT * FROM $tbl_name"; $result=mysql_query($sql); $count=mysql_num_rows($result); ?> <table width="400" border="0" cellspacing="1" cellpadding="0"> <tr> <td><form name="form1" method="post" action=""> <table width="400" border="0" cellpadding="3" cellspacing="1" bgcolor="#CCCCCC"> <tr> <td bgcolor="#FFFFFF"> </td> <td colspan="4" bgcolor="#FFFFFF"><strong>Delete multiple rows in mysql</strong> </td> </tr> <tr> <td align="center" bgcolor="#FFFFFF">#</td> <td align="center" bgcolor="#FFFFFF"><strong>Id</strong></td> <td align="center" bgcolor="#FFFFFF"><strong>Point</strong></td> </tr> <?php while($rows=mysql_fetch_array($result)){ ?> <tr> <td align="center" bgcolor="#FFFFFF"><input name="checkbox[]" type="checkbox" id="checkbox[]" value="<? echo $rows['id']; ?>"></td> <td bgcolor="#FFFFFF"><? echo $rows['id']; ?></td> <td bgcolor="#FFFFFF"><? echo $rows['points']; ?></td> </tr> <?php } ?> <tr> <td colspan="5" align="center" bgcolor="#FFFFFF"><input name="delete" type="submit" id="delete" value="Delete"></td> </tr> <? if($delete){ for($i=0;$i<$count;$i++){ $del_id = $checkbox[$i]; $sql = "DELETE FROM $tbl_name WHERE id='$del_id'"; $result = mysql_query($sql); } if($result){ echo "<meta http-equiv=\"refresh\" content=\"0;URL=delete.php\">"; } } mysql_close(); ?> Does anyone have any idea why these don't work with my new host or what I should do to fix them? Because I don't lol Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted October 25, 2009 Share Posted October 25, 2009 Your code is dependent on register_globals to 'magically' populate program variables from post/get/session/cookie variables by the same name. Unfortunately, register_globals was a huge blunder by php.net because they also allow hackers to set your session variables to anything they want, causing a huge number of web sites to be taken over. register_globals were turned off by default in php4.2 in April of the year 2002. No code, books, tutorials, web host, or programmers should have relied on register_globals in their code nor should they have enabled them in php.ini. This security problem has been known for 7 years. There is no excuse for any code to still rely on register_globals at this date. Register_globals have been completely removed in php6. You will need to fix your code so that it uses the proper $_POST, $_GET, $_SESSION, or $_COOKIE variables where the actual data is coming from. Quote Link to comment Share on other sites More sharing options...
roflcaesar Posted October 25, 2009 Author Share Posted October 25, 2009 Ah, thank you! It works now Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.