HELP All my PhP worked... moved identical files to GoDaddy.. now its hosed

[JTapp]

I don't know seems too complicated to post this but.. I thought I would try.

Here is a bit of my code... it is not returning the data, but also no errors. 

Any ideas?

 

$query = mysql_query("SELECT strLodgeName, intLodgeNumber, intDistrictID, strLodgeLocationCity FROM tblLodges WHERE TRIM(LEADING '0' FROM $metode) = '$search' GROUP BY strLodgeName LIMIT 50");

while ($row = @mysql_fetch_array($query))

 

 

{

echo "<tr bgcolor=\"#dddddd\"><td><center>";

echo $row["intLodgeNumber"];

echo "</center></td><td><center>";

echo $row["strLodgeName"];

echo "</center></td><td><center><span class=\"style2\">";

echo "<input name=\"submit\" type=\"button\" value=\"Lodge Details\" onclick=\"javascript:window.location='http://www.gloklahoma.com/lodgelocator/3view.php?id=";

echo $row["intLodgeNumber"];

echo "'\" /></center></td>";

echo "</center></td><td><center>";

echo $row["strLodgeLocationCity"];

echo "</center></td><td><center>";

echo ltrim($row["intDistrictID"], '0');

[trq]

Its likely not returning any errors because you never check for any and your using error suppression.

 

What does this output?

 

$sql = "SELECT strLodgeName, intLodgeNumber, intDistrictID, strLodgeLocationCity FROM tblLodges WHERE TRIM(LEADING '0' FROM $metode) = '$search' GROUP BY strLodgeName LIMIT 50"
if ($results = mysql_query($sql)) {
  if (mysql_num_rows($results)) {
    while ($row = mysql_fetch_assoc($results)) {
      echo "<tr bgcolor=\"#dddddd\"><td><center>";
      echo $row["intLodgeNumber"];
      echo "</center></td><td><center>";
      echo $row["strLodgeName"];
      echo "</center></td><td><center><span class=\"style2\">";
      echo "<input name=\"submit\" type=\"button\" value=\"Lodge Details\" onclick=\"javascript:window.location='http://www.gloklahoma.com/lodgelocator/3view.php?id=";
      echo $row["intLodgeNumber"];
      echo "'\" /></center></td>";
      echo "</center></td><td><center>";
      echo $row["strLodgeLocationCity"];
      echo "</center></td><td><center>";
      echo ltrim($row["intDistrictID"], '0');
    }
  } else {
    echo "No records found";
  }
} else {
  echo "Query failed<br >" . mysql_error() . "<br>$sql";
}

[JTapp]

Thanks for your time.

Results in:

 

Parse error: syntax error, unexpected T_IF in /home/content/62/5287962/html/lodgelocator/3results.php on line 569

 

Line 568-570 is:

$sql = "SELECT strLodgeName, intLodgeNumber, intDistrictID, strLodgeLocationCity FROM tblLodges WHERE TRIM(LEADING '0' FROM $metode) = '$search' GROUP BY strLodgeName LIMIT 50"
if ($results = mysql_query($sql)) {
  if (mysql_num_rows($results)) {

[trq]

Sorry, the $sql line is quite obviously missing a semi-colon.

[JTapp]

ah!

 

Here is the return:

Query failed
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ') = '' GROUP BY strLodgeName LIMIT 50' at line 1
SELECT strLodgeName, intLodgeNumber, intDistrictID, strLodgeLocationCity FROM tblLodges WHERE TRIM(LEADING '0' FROM ) = '' GROUP BY strLodgeName LIMIT 50

[trq]

Now were getting somewhere.

 

$metode & $search are empty. Where are these variables defined?

[JTapp]

Makes complete sense.. that's what I was checking out before my post...

I'll still looking..

To see this in action - go to:

 

http://www.glflamason.org/lodgelocator/5search.php

and search for "washington"

 

it goes from 5search.php 

to 3results.php

to 3view.php

[JTapp]

I'm pretty convinced those were never defined.. could it be?

[JTapp]

I don't know - this seems to be related to the server.. am I wrong?

[PFMaBiSmAd]

Your form is using the POST method. The form data will be submitted as $_POST variables. You should have $_POST['metode'] and $_POST['search'] variables in your code to access the data from the form.

[JTapp]

Your form is using the POST method. The form data will be submitted as $_POST variables. You should have $_POST['metode'] and $_POST['search'] variables in your code to access the data from the form.

 

This would be an approach I'm not familiar with.. I'm willing to put in the research and try to go find out how to do it.. but considering all of the work that has been done on this, and the fact that the EXACT same code is working on another server - the idea of re-writing it confuses me.

[JTapp]

Well I searched this site and Google and couldn't find much help.

I tried plugging it in, but it returned:

Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/content/62/5287962/html/lodgelocator/3results.php on line 572

 

$query = mysql_query("SELECT strLodgeName, intLodgeNumber, intDistrictID, strLodgeLocationCity, strLodgeLocationZIP FROM tblLodges WHERE TRIM(LEADING '0') = '$search' GROUP BY strLodgeName LIMIT 50");
while ($row = @mysql_fetch_array($query))

$sql = "SELECT strLodgeName, intLodgeNumber, intDistrictID, strLodgeLocationCity FROM tblLodges WHERE TRIM(LEADING '0' FROM $_POST['metode']) = $_POST['search'] GROUP BY strLodgeName LIMIT 50";
if ($results = mysql_query($sql)) {
  if (mysql_num_rows($results)) {
    while ($row = mysql_fetch_assoc($results)) {
      echo "<tr bgcolor=\"#dddddd\"><td><center>";
      echo $row["intLodgeNumber"];
      echo "</center></td><td><center>";
      echo $row["strLodgeName"];
      echo "</center></td><td><center><span class=\"style2\">";
      echo "<input name=\"submit\" type=\"button\" value=\"Lodge Details\" onclick=\"javascript:window.location='http://www.gloklahoma.com/lodgelocator/3view.php?id=";
      echo $row["intLodgeNumber"];
      echo "'\" /></center></td>";
      echo "</center></td><td><center>";
      echo $row["strLodgeLocationCity"];
      echo "</center></td><td><center>";
      echo ltrim($row["intDistrictID"], '0');
    }
  } else {
    echo "No records found";
  }
} else {
  echo "Query failed<br >" . mysql_error() . "<br>$sql";
}?>

 

Can anybody point me to a $_POST['metode'] thread where I might be able to figure this out?

Thanks

[PFMaBiSmAd]

Unfortunately, php needs help when array variables are put into a quoted string. I did not expect that you would put the $_POST variables directly into the query (you should be using mysql_real_escape_string() on string data put into a query to prevent sql injection and to prevent special sql characters in the data from breaking the syntax of the query.)

 

You need to surround array variables with braces {} when they are within a string.

 

The problem with your code working on one server and not another is due to register_globals. Register_globals were turned off by default over 7 years ago. Unfortunately (again) it is unlikely you have been programming in php for seven years, so you should not even know how to write code that depends on register_globals. Register_globals have been completely removed in upcoming php6, so now is the time to fix your code to use the correct $_POST, $_GET, $_COOKIE, $_SESSION, and $_SERVER variables where the data is actually coming from.

[.josh]

to clarify, your old server sucked, because it allowed register globals, and your code sucks, because it uses them. 

 

register globals being "on" means you can do this:

 

<input name='something' type='text' />

 

and then in your code, simply use the variable $something to access what was entered in that form field. This is a bad thing.  To illustrate, let's say I have this internal sql query. Let's say it grabs info based on an id found from a login script (user provides login info, script queries db, retrieves id associated with it):

 

$sql = "select * from table where id = '$id'";

 

well with register globals on and being used, I can simply do this: http://www.yoursite.com/page.php?id=xxx  and there's a good chance it will now select * where id = any id I want or let's do some sql injection ("good chance" meaning, if there's nothing on that page overwriting what I put into the url query string, before it's used in the sql query)

 

So as you can see, register globals being enabled and using them is generally a bad idea, which is why they've been set to off by default for a long time, and are being removed. 

 

So basically what you need to do is with all of your form elements, change that $something to $_POST['something'] or $_GET['something'], depending on what form method you are using (also, params passed in the url query string are also found in in $_GET). 

 

But you should not put them directly into your sql query string.  You should always sanitize your variables first.  You can leave the variables in your query string as-is, by putting above the query string something as simple as this:

 

$metode = mysql_real_escape_string($_POST['metode']);

$search = mysql_real_escape_string($_POST['search']);

 

This will escape quotes if user tries to put quotes in the form fields in attempt at sql injection, and assign that to the variables you are using in your sql query string.

[JTapp]

Here is page one of my code.  Can you please tell me if I have to change anything on here before I begin to try to fix the main php?

 

form name="form1" method ="post" action="http://www.gloklahoma.com/lodgelocator/3results.php" target="_blank">
<table width="849" border="0" align="center">
  <tr>
    <th width="812" bgcolor="#fff" class="form_1" scope="col">
      <p class="style1"> </p>
      <p align="center"><span class="heading_1">Grand Lodge of Oklahoma - Lodge Locator</span></p>
      <p align="center"><span class="heading_1">*** SERVER UPDATE - PLEASE TRY BACK LATER ***</span></p>
<p class="style1"><img src="../images/line.gif" width="327" height="23"></p>
      <p class="style1">
        <select name="metode" size="6">
          <option value="tblLodges.strLodgeName" selected>Name of Lodge</option>
          <option value="tblLodges.intLodgeNumber">Lodge Number</option>
          <option value="tblLodges.intDistrictID">District Lodge Is In</option>
          <option value="tblLodges.strLodgeLocationCity">City Lodge Is Located In</option>
          <option value="tblLodges.strLodgeLocationZIP">Zip Code of Lodge Location</option>
          <option value="tblLodges.strLodgeCounty">Lodge County</option>
        </select>
        <span class="text_1">Search Value:</span><span class="copy_1">
        <input name="search" type="text" class="form" size="25">
        </span> </p>
      <p class="style1">
        <input type="submit" value="Click Here To Search Our Lodge Locator!!" name="GOTWO2">
      </p>
      <p class="style1"> </p></th>
  </tr>
</table>
</form>

[.josh]

no, you don't need to change your form. you just need to change how your 3results.php handles the incoming data

[PFMaBiSmAd]

And if you develop and debug your code on a system with error_reporting set to E_ALL and display_errors set to ON in your php.ini, php will help you by pointing out most of the variables that are affected because they will be undefined.

[JTapp]

OK - thanks for the clarification.  But I still can't assess if my code is completely hosed or if I just need to add a line or two.

 

[JTapp]

Ignore this last post.. I didn't see "Page 2"  Thanks.

 

OK - thanks for the clarification.  But I still can't assess if my code is completely hosed or if I just need to add a line or two.

 

OK - thanks for the clarification.  But I still can't assess if my code is completely hosed or if I just need to add a line or two.

 

[JTapp]

And if you develop and debug your code on a system with error_reporting set to E_ALL and display_errors set to ON in your php.ini, php will help you by pointing out most of the variables that are affected because they will be undefined.

 

You may be assuming I have a degree in this stuff.

[JTapp]

Sorry... I've been playing with this through the night.

And please bear with me...because I am also still quite the beginner - I am spending as much time trying to understand your posts as I am trying to tweak the code.

 

Here is my latest attempt

 

$metode = mysql_real_escape_string($_POST['metode']);
$search = mysql_real_escape_string($_POST['search']);


$query = mysql_query("SELECT strLodgeName, intLodgeNumber, intDistrictID, strLodgeLocationCity, strLodgeLocationZIP FROM tblLodges WHERE TRIM(LEADING '0') = '$search' GROUP BY strLodgeName LIMIT 50");
while ($row = @mysql_fetch_array($query))

$sql = "SELECT strLodgeName, intLodgeNumber, intDistrictID, strLodgeLocationCity FROM tblLodges WHERE TRIM(LEADING '0' FROM $_POST['metode']) = $_POST['search'] GROUP BY strLodgeName LIMIT 50";
if ($results = mysql_query($sql)) {
  if (mysql_num_rows($results)) {
    while ($row = mysql_fetch_assoc($results)) {
      echo "<tr bgcolor=\"#dddddd\"><td><center>";
      echo $row["intLodgeNumber"];
      echo "</center></td><td><center>";
      echo $row["strLodgeName"];
      echo "</center></td><td><center><span class=\"style2\">";
      echo "<input name=\"submit\" type=\"button\" value=\"Lodge Details\" onclick=\"javascript:window.location='http://www.gloklahoma.com/lodgelocator/3view.php?id=";
      echo $row["intLodgeNumber"];
      echo "'\" /></center></td>";
      echo "</center></td><td><center>";
      echo $row["strLodgeLocationCity"];
      echo "</center></td><td><center>";
      echo ltrim($row["intDistrictID"], '0');
    }
  } else {
    echo "No records found";
  }
} else {
  echo "Query failed<br >" . mysql_error() . "<br>$sql";
}?>

[JTapp]

Does

 

$row

 

Become

 

$_POST['row']

 

?

[.josh]

no. only data coming in from a form or url query string needs to be changed to $_POST['variable'] or $_GET['variable']

[JTapp]

Ok - The information I am getting is too scattered for me to piece together.

It sounds like there is a big effort to change the way beginners like me are coding things.

 

But my non-industry standard code worked - it is still working on a new server and it took me a lot of pain to get there.

I am coping my code for another client and their server seems to be more standardized so I can't just import it.

 

I feel like I'm being told "Its not compliant" - but "Go figure it out"

 

Can somebody PLEASE tell me specifically how to fix the following code so it is not speaking to registry globals?

 

                                        </tr>
                                        <?php
$username = "xxxxxxxx";
$password = "xxxxxxxxx";
$hostname = "xxxxx"; 

$dbhandle = mysql_connect($hostname, $username, $password)
or die("Unable to connect to MySQL");

$selected = mysql_select_db("xxxxxxxxx",$dbhandle)
or die("Could not select xxxxxxx");

$query = mysql_query("SELECT strLodgeName, intLodgeNumber, intDistrictID, strLodgeLocationCity, strLodgeLocationZIP FROM tblLodges WHERE TRIM(LEADING '0' FROM $metode) = '$search' GROUP BY strLodgeName LIMIT 50");
while ($row = @mysql_fetch_array($query))

{
echo "<tr bgcolor=\"#dddddd\"><td><center>";
echo $row["intLodgeNumber"];
echo "</center></td><td><center>";
echo $row["strLodgeName"];
echo "</center></td><td><center><span class=\"style2\">";
echo "<input name=\"submit\" type=\"button\" value=\"Lodge Details\" onclick=\"javascript:window.location='http://www.mywebsiteaddress.org/lodgelocator/3view.php?id=";
echo $row["intLodgeNumber"];
echo "'\" /></center></td>";
echo "</center></td><td><center>";
echo $row["strLodgeLocationCity"];
echo "</center></td><td><center>";
echo ltrim($row["intDistrictID"], '0');
}?>
         

 

 

[trq]

You need to define $metode & $search. This can be done by placing the following just before your query.

 

$metode = mysql_real_escape_string($POST['metode']);
$search = mysql_real_escape_string($POST['search']);

 

It sounds like there is a big effort to change the way beginners like me are coding things.

 

I'm really not sure where your learning from but register globals has been off by default in php installation for over 8 years.