code suddenly stopped working...?

[NoDoze]

I upgraded our server from php 5.x to 5.3...and now this one script has suddenly stopped working...

via html the script looks like it's running normal, but the data from the form never gets into the mysql db...

Are there any changes in 5.3 that would cause this?

If there are none, can someone help me figure out what in this is incorrect then?

I tried googling 5.3 changes, but to looks like it hasn't been out long enough to get that much attention...

 

Thanks!

 

The slimmed down version...

<?php

if (isset($_POST['submit'])):

$sql = "INSERT INTO tbl_auth_user (indate, user_id, user_password, primary_email, client1_email, client2_email, client3_email, client4_email) VALUES ('$indate', '$user_id', PASSWORD ('$user_password'), '$primary_email', '$client1_email', '$client2_email', '$client3_email', '$client4_email')";
          

else: 
?>

[PFMaBiSmAd]

There's a section in the php manual that lists what was changed going from php5.2 to 5.3.

 

However, your problem is probably some old out of date code that is relying on register_globals, that were turned off by default in php4.2 in the year 2002. Where are all the variables $indate, $user_id, $user_password, ... being set at in your code? The correct way to access them would be the same as what you have for the $_POST['submit'] variable, using the $_POST superglobal array. Since register_globals have been completely removed in php6, now is the time to upgrade your code to current recommend standards.

 

Also, you should not use the mysql PASSWORD() function in your application -

The PASSWORD() function is used by the authentication system in MySQL Server; you should not use it in your own applications. For that purpose, consider MD5() or SHA1() instead.

[taquitosensei]

register globals was probably on now its off.  Plus you should be escaping your POST variables.

 

try something along these lines to use your code mostly as is

<?php

 

if (isset($_POST['submit'])):

foreach($_POST as $k=>$v)

{

$$k=mysql_real_escape_string($v);

}

$sql = "INSERT INTO tbl_auth_user (indate, user_id, user_password, primary_email, client1_email, client2_email, client3_email, client4_email) VALUES ('$indate', '$user_id', PASSWORD ('$user_password'), '$primary_email', '$client1_email', '$client2_email', '$client3_email', '$client4_email')";

         

 

else:

?>

[NoDoze]

my registered globals is still on....

my php.ini file is identical....

what benifit is escaping the POSt variables...?

 

Any other ideas why it would suddenly stop working...?

I was guessing the way 5.3 processes the code is different or changed....?

[Alex]

The benefit of escaping your $_POST variables, or any other user input that will go into a mysql query for that matter, with mysql_real_escape_string is to prevent SQL injections which can be very harmful to your website.

[PFMaBiSmAd]

Most improvements in PHP 5.3.x have no impact on existing code. There are a few incompatibilities and new features that should be considered, and code should be tested before switching PHP versions in production environments.

 

What does the error checking and error reporting logic in your code tell you why the INSERT query does not work?

 

Did you echo $sql so that you know if it contains what you expect?