Jump to content

HELP All my PhP worked... moved identical files to GoDaddy.. now its hosed


JTapp

Recommended Posts

I don't know seems too complicated to post this but.. I thought I would try.

Here is a bit of my code... it is not returning the data, but also no errors. 

Any ideas?

 

$query = mysql_query("SELECT strLodgeName, intLodgeNumber, intDistrictID, strLodgeLocationCity FROM tblLodges WHERE TRIM(LEADING '0' FROM $metode) = '$search' GROUP BY strLodgeName LIMIT 50");

while ($row = @mysql_fetch_array($query))

 

 

{

echo "<tr bgcolor=\"#dddddd\"><td><center>";

echo $row["intLodgeNumber"];

echo "</center></td><td><center>";

echo $row["strLodgeName"];

echo "</center></td><td><center><span class=\"style2\">";

echo "<input name=\"submit\" type=\"button\" value=\"Lodge Details\" onclick=\"javascript:window.location='http://www.gloklahoma.com/lodgelocator/3view.php?id=";

echo $row["intLodgeNumber"];

echo "'\" /></center></td>";

echo "</center></td><td><center>";

echo $row["strLodgeLocationCity"];

echo "</center></td><td><center>";

echo ltrim($row["intDistrictID"], '0');

Link to comment
Share on other sites

Its likely not returning any errors because you never check for any and your using error suppression.

 

What does this output?

 

$sql = "SELECT strLodgeName, intLodgeNumber, intDistrictID, strLodgeLocationCity FROM tblLodges WHERE TRIM(LEADING '0' FROM $metode) = '$search' GROUP BY strLodgeName LIMIT 50"
if ($results = mysql_query($sql)) {
  if (mysql_num_rows($results)) {
    while ($row = mysql_fetch_assoc($results)) {
      echo "<tr bgcolor=\"#dddddd\"><td><center>";
      echo $row["intLodgeNumber"];
      echo "</center></td><td><center>";
      echo $row["strLodgeName"];
      echo "</center></td><td><center><span class=\"style2\">";
      echo "<input name=\"submit\" type=\"button\" value=\"Lodge Details\" onclick=\"javascript:window.location='http://www.gloklahoma.com/lodgelocator/3view.php?id=";
      echo $row["intLodgeNumber"];
      echo "'\" /></center></td>";
      echo "</center></td><td><center>";
      echo $row["strLodgeLocationCity"];
      echo "</center></td><td><center>";
      echo ltrim($row["intDistrictID"], '0');
    }
  } else {
    echo "No records found";
  }
} else {
  echo "Query failed<br >" . mysql_error() . "<br>$sql";
}

Link to comment
Share on other sites

Thanks for your time.

Results in:

 

Parse error: syntax error, unexpected T_IF in /home/content/62/5287962/html/lodgelocator/3results.php on line 569

 

Line 568-570 is:

$sql = "SELECT strLodgeName, intLodgeNumber, intDistrictID, strLodgeLocationCity FROM tblLodges WHERE TRIM(LEADING '0' FROM $metode) = '$search' GROUP BY strLodgeName LIMIT 50"
if ($results = mysql_query($sql)) {
  if (mysql_num_rows($results)) {

Link to comment
Share on other sites

ah!

 

Here is the return:

Query failed
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ') = '' GROUP BY strLodgeName LIMIT 50' at line 1
SELECT strLodgeName, intLodgeNumber, intDistrictID, strLodgeLocationCity FROM tblLodges WHERE TRIM(LEADING '0' FROM ) = '' GROUP BY strLodgeName LIMIT 50

Link to comment
Share on other sites

Your form is using the POST method. The form data will be submitted as $_POST variables. You should have $_POST['metode'] and $_POST['search'] variables in your code to access the data from the form.

 

This would be an approach I'm not familiar with.. I'm willing to put in the research and try to go find out how to do it.. but considering all of the work that has been done on this, and the fact that the EXACT same code is working on another server - the idea of re-writing it confuses me.

Link to comment
Share on other sites

Well I searched this site and Google and couldn't find much help.

I tried plugging it in, but it returned:

Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/content/62/5287962/html/lodgelocator/3results.php on line 572

 

$query = mysql_query("SELECT strLodgeName, intLodgeNumber, intDistrictID, strLodgeLocationCity, strLodgeLocationZIP FROM tblLodges WHERE TRIM(LEADING '0') = '$search' GROUP BY strLodgeName LIMIT 50");
while ($row = @mysql_fetch_array($query))

$sql = "SELECT strLodgeName, intLodgeNumber, intDistrictID, strLodgeLocationCity FROM tblLodges WHERE TRIM(LEADING '0' FROM $_POST['metode']) = $_POST['search'] GROUP BY strLodgeName LIMIT 50";
if ($results = mysql_query($sql)) {
  if (mysql_num_rows($results)) {
    while ($row = mysql_fetch_assoc($results)) {
      echo "<tr bgcolor=\"#dddddd\"><td><center>";
      echo $row["intLodgeNumber"];
      echo "</center></td><td><center>";
      echo $row["strLodgeName"];
      echo "</center></td><td><center><span class=\"style2\">";
      echo "<input name=\"submit\" type=\"button\" value=\"Lodge Details\" onclick=\"javascript:window.location='http://www.gloklahoma.com/lodgelocator/3view.php?id=";
      echo $row["intLodgeNumber"];
      echo "'\" /></center></td>";
      echo "</center></td><td><center>";
      echo $row["strLodgeLocationCity"];
      echo "</center></td><td><center>";
      echo ltrim($row["intDistrictID"], '0');
    }
  } else {
    echo "No records found";
  }
} else {
  echo "Query failed<br >" . mysql_error() . "<br>$sql";
}?>

 

Can anybody point me to a $_POST['metode'] thread where I might be able to figure this out?

Thanks

Link to comment
Share on other sites

Unfortunately, php needs help when array variables are put into a quoted string. I did not expect that you would put the $_POST variables directly into the query (you should be using mysql_real_escape_string() on string data put into a query to prevent sql injection and to prevent special sql characters in the data from breaking the syntax of the query.)

 

You need to surround array variables with braces {} when they are within a string.

 

The problem with your code working on one server and not another is due to register_globals. Register_globals were turned off by default over 7 years ago. Unfortunately (again) it is unlikely you have been programming in php for seven years, so you should not even know how to write code that depends on register_globals. Register_globals have been completely removed in upcoming php6, so now is the time to fix your code to use the correct $_POST, $_GET, $_COOKIE, $_SESSION, and $_SERVER variables where the data is actually coming from.

Link to comment
Share on other sites

to clarify, your old server sucked, because it allowed register globals, and your code sucks, because it uses them. 

 

register globals being "on" means you can do this:

 

<input name='something' type='text' />

 

and then in your code, simply use the variable $something to access what was entered in that form field. This is a bad thing.  To illustrate, let's say I have this internal sql query. Let's say it grabs info based on an id found from a login script (user provides login info, script queries db, retrieves id associated with it):

 

$sql = "select * from table where id = '$id'";

 

well with register globals on and being used, I can simply do this: http://www.yoursite.com/page.php?id=xxx  and there's a good chance it will now select * where id = any id I want or let's do some sql injection ("good chance" meaning, if there's nothing on that page overwriting what I put into the url query string, before it's used in the sql query)

 

So as you can see, register globals being enabled and using them is generally a bad idea, which is why they've been set to off by default for a long time, and are being removed. 

 

So basically what you need to do is with all of your form elements, change that $something to $_POST['something'] or $_GET['something'], depending on what form method you are using (also, params passed in the url query string are also found in in $_GET). 

 

But you should not put them directly into your sql query string.  You should always sanitize your variables first.  You can leave the variables in your query string as-is, by putting above the query string something as simple as this:

 

$metode = mysql_real_escape_string($_POST['metode']);

$search = mysql_real_escape_string($_POST['search']);

 

This will escape quotes if user tries to put quotes in the form fields in attempt at sql injection, and assign that to the variables you are using in your sql query string.

Link to comment
Share on other sites

Here is page one of my code.  Can you please tell me if I have to change anything on here before I begin to try to fix the main php?

 

form name="form1" method ="post" action="http://www.gloklahoma.com/lodgelocator/3results.php" target="_blank">
<table width="849" border="0" align="center">
  <tr>
    <th width="812" bgcolor="#fff" class="form_1" scope="col">
      <p class="style1"> </p>
      <p align="center"><span class="heading_1">Grand Lodge of Oklahoma - Lodge Locator</span></p>
      <p align="center"><span class="heading_1">*** SERVER UPDATE - PLEASE TRY BACK LATER ***</span></p>
<p class="style1"><img src="../images/line.gif" width="327" height="23"></p>
      <p class="style1">
        <select name="metode" size="6">
          <option value="tblLodges.strLodgeName" selected>Name of Lodge</option>
          <option value="tblLodges.intLodgeNumber">Lodge Number</option>
          <option value="tblLodges.intDistrictID">District Lodge Is In</option>
          <option value="tblLodges.strLodgeLocationCity">City Lodge Is Located In</option>
          <option value="tblLodges.strLodgeLocationZIP">Zip Code of Lodge Location</option>
          <option value="tblLodges.strLodgeCounty">Lodge County</option>
        </select>
        <span class="text_1">Search Value:</span><span class="copy_1">
        <input name="search" type="text" class="form" size="25">
        </span> </p>
      <p class="style1">
        <input type="submit" value="Click Here To Search Our Lodge Locator!!" name="GOTWO2">
      </p>
      <p class="style1"> </p></th>
  </tr>
</table>
</form>

Link to comment
Share on other sites

Ignore this last post.. I didn't see "Page 2"  Thanks.

 

OK - thanks for the clarification.  But I still can't assess if my code is completely hosed or if I just need to add a line or two. :shrug:

 

OK - thanks for the clarification.  But I still can't assess if my code is completely hosed or if I just need to add a line or two. :shrug:

 

Link to comment
Share on other sites

And if you develop and debug your code on a system with error_reporting set to E_ALL and display_errors set to ON in your php.ini, php will help you by pointing out most of the variables that are affected because they will be undefined.

 

You may be assuming I have a degree in this stuff.

Link to comment
Share on other sites

Sorry... I've been playing with this through the night.

And please bear with me...because I am also still quite the beginner - I am spending as much time trying to understand your posts as I am trying to tweak the code.

 

Here is my latest attempt

 

$metode = mysql_real_escape_string($_POST['metode']);
$search = mysql_real_escape_string($_POST['search']);


$query = mysql_query("SELECT strLodgeName, intLodgeNumber, intDistrictID, strLodgeLocationCity, strLodgeLocationZIP FROM tblLodges WHERE TRIM(LEADING '0') = '$search' GROUP BY strLodgeName LIMIT 50");
while ($row = @mysql_fetch_array($query))

$sql = "SELECT strLodgeName, intLodgeNumber, intDistrictID, strLodgeLocationCity FROM tblLodges WHERE TRIM(LEADING '0' FROM $_POST['metode']) = $_POST['search'] GROUP BY strLodgeName LIMIT 50";
if ($results = mysql_query($sql)) {
  if (mysql_num_rows($results)) {
    while ($row = mysql_fetch_assoc($results)) {
      echo "<tr bgcolor=\"#dddddd\"><td><center>";
      echo $row["intLodgeNumber"];
      echo "</center></td><td><center>";
      echo $row["strLodgeName"];
      echo "</center></td><td><center><span class=\"style2\">";
      echo "<input name=\"submit\" type=\"button\" value=\"Lodge Details\" onclick=\"javascript:window.location='http://www.gloklahoma.com/lodgelocator/3view.php?id=";
      echo $row["intLodgeNumber"];
      echo "'\" /></center></td>";
      echo "</center></td><td><center>";
      echo $row["strLodgeLocationCity"];
      echo "</center></td><td><center>";
      echo ltrim($row["intDistrictID"], '0');
    }
  } else {
    echo "No records found";
  }
} else {
  echo "Query failed<br >" . mysql_error() . "<br>$sql";
}?>

Link to comment
Share on other sites

Ok - The information I am getting is too scattered for me to piece together.

It sounds like there is a big effort to change the way beginners like me are coding things.

 

But my non-industry standard code worked - it is still working on a new server and it took me a lot of pain to get there.

I am coping my code for another client and their server seems to be more standardized so I can't just import it.

 

I feel like I'm being told "Its not compliant" - but "Go figure it out"

 

Can somebody PLEASE tell me specifically how to fix the following code so it is not speaking to registry globals?

 

                                        </tr>
                                        <?php
$username = "xxxxxxxx";
$password = "xxxxxxxxx";
$hostname = "xxxxx"; 

$dbhandle = mysql_connect($hostname, $username, $password)
or die("Unable to connect to MySQL");

$selected = mysql_select_db("xxxxxxxxx",$dbhandle)
or die("Could not select xxxxxxx");

$query = mysql_query("SELECT strLodgeName, intLodgeNumber, intDistrictID, strLodgeLocationCity, strLodgeLocationZIP FROM tblLodges WHERE TRIM(LEADING '0' FROM $metode) = '$search' GROUP BY strLodgeName LIMIT 50");
while ($row = @mysql_fetch_array($query))

{
echo "<tr bgcolor=\"#dddddd\"><td><center>";
echo $row["intLodgeNumber"];
echo "</center></td><td><center>";
echo $row["strLodgeName"];
echo "</center></td><td><center><span class=\"style2\">";
echo "<input name=\"submit\" type=\"button\" value=\"Lodge Details\" onclick=\"javascript:window.location='http://www.mywebsiteaddress.org/lodgelocator/3view.php?id=";
echo $row["intLodgeNumber"];
echo "'\" /></center></td>";
echo "</center></td><td><center>";
echo $row["strLodgeLocationCity"];
echo "</center></td><td><center>";
echo ltrim($row["intDistrictID"], '0');
}?>
         

 

 

Link to comment
Share on other sites

You need to define $metode & $search. This can be done by placing the following just before your query.

 

$metode = mysql_real_escape_string($POST['metode']);
$search = mysql_real_escape_string($POST['search']);

 

It sounds like there is a big effort to change the way beginners like me are coding things.

 

I'm really not sure where your learning from but register globals has been off by default in php installation for over 8 years.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.