Jump to content

Recommended Posts

Hi,

have looked thru archives and cant find any answers. Godaddy recently removed support for PHP4 and as a consequence, stuff that has been quietly working nicely has stopped under PHP5.3.

I am able to create a new student, but when I try to update the student details get error "couldn't execute query". Here is the relevant code...with the password xxxx'd out.

<?php

/*  Program name: upd_user_details.php

*  Description:  Script displays a form with address 

*                information obtained from the database.

*/



session_start();

//set session variables  for students id number

$_SESSION['studentid'] = "$studentid";

        $studentid = $_SESSION['studentid'];  //I think this might need to be set on each page where required??dunno!

          $_SESSION['f_name'] = "$f_name";

        $f_name = $_SESSION['f_name'];  //I think this might need to be set on each page where required??dunno!

         $_SESSION['l_name'] = "$l_name";

       $l_name = $_SESSION['l_name'];  //I think this might need to be set on each page where required??dunno!

       $_SESSION['email'] = "$email";

       $email = $_SESSION['email'];  //I think this might need to be set on each page where required??dunno!



  echo "<html>

        <head><title>Student Details</title></head>

        <body>";

  // create an array that contains the labels used in the form      

  // the keys are the field names.

  $labels = array( "f_name"=>"First  Name:",

                   "l_name"=>"Last Name (Surname/Family):",

                   "salutation"=>"Dr/Mr/Mrs/Ms:",

                   "gender"=>"Gender (m or f) :",

                   "birthdate"=>"Date of Birth (yyyy-mm-dd):",

                   "email"=>"Email Address:",

                   "address1"=>"Street Address 1:",

                   "address2"=>"Street Address 2:",

                   "address3"=>"City or Town:",

                   "state"=>"State:",

                   "zip"=>"Zipcode or Postcode:",

                   "country"=>"Country:",

                   "occupation" => "Occupation: ");

  $user="distanceed";

  $host="mysql39.secureserver.net";

  $password="XXXXXXXXXXXX";

  $database = "distanceed";





  $conn = mysql_connect($host,$user,$password)

       or die ("couldn't connect to server");

  $db = mysql_select_db($database,$conn)

       or die ("Couldn't select database");

  $query = "SELECT * FROM auth_users 

                     WHERE id = $studentid ";

  $result = mysql_query($query)

       or die ("Couldn't execute query.");

.........it is at this point that the error occurs...it seems to me that the problem is with the query where id = $studentid

 

It is about 5 years since I wrote this code and i have forgotten it so I will need to get up to speed again  >:(

 

There are some other breaks and they are all associated with passing of student id number.

Be most pleased if anyone can advise me wht PHp5 has done to PHp4 code in regard to passing of this variable ( it is an autoincremented value from a mysql database.

thanks in anticiption

Link to comment
https://forums.phpfreaks.com/topic/267427-php5-breaks-php4/
Share on other sites

OK done that!  error now

ou have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 2 SQL: SELECT * FROM auth_users WHERE id =

 

also excuse my ignorance (newbie)  what do you mean by

" use code tags on the forum"

 

Now that you can see the new and enhanced error message can you pls advise where to go next.

Thanks

Link to comment
https://forums.phpfreaks.com/topic/267427-php5-breaks-php4/#findComment-1371460
Share on other sites

When posting code, surround it in [ PHP ] and [/ PHP ] tags, without spaces inside the tags.  That's how you color your code and make it easier to read.

 

Your error message indicates that your query it malformed.  Then it prints the query.  As you can see, your query is missing the value for student ID.

 

That's because you never get the value for studentid from anywhere.  Your code initially uses it here:

 

   $_SESSION['studentid'] = "$studentid";

(This variable doesn't need to be quoted in this line)

 

You are relying on an old feature of PHP called register_globals.  I have bad news for you:  Every single one of your pages is probably broken.  Your code was assuming there was a key called 'studentid' in $_GET, $_POST, or $_COOKIE.  You have to figure out which one, and put this at the top of your file:

$studentid = $_POST['studentid'];

You then need to repeat this exercise with every single variable you use this way.  On every page, in every file. 

 

You upgraded your PHP install without knowing how it would work.  It's like upgrading your operating system.  Some of your apps will stop working.  In your case, you were doing something critically wrong and nobody told you until it was too late.  Good luck, you have a lot of changes ahead of you.

 

Link to comment
https://forums.phpfreaks.com/topic/267427-php5-breaks-php4/#findComment-1371462
Share on other sites

You upgraded your PHP install without knowing how it would work.

 

**it happens!...Godaddy upgraded me without my knowledge by removing support for PHP4.

Users of my system alerted me that the system was broken today.

The question now is what to do about it.

I have a perfectly good MYSQL database with lotsa good stuff in it.

Do I try and patch the old PHP4 code or should I go for a rewrite with PHP5. ( I have read that PHP6 is around the corner...I dont want this repeated when PHP5 is ditched!!!)

As far as I can see, the only problem is with the studentid variable not getting passed around like it used to.

Your wisdom would be appreciated.

thank you

 

Link to comment
https://forums.phpfreaks.com/topic/267427-php5-breaks-php4/#findComment-1371470
Share on other sites

Register_globals was switched to "off" as the default ini file setting in PHP installations ten years ago (2002), so don't blame GoDaddy too much (except for waiting so long) - there have been warnings in the PHP manual and elsewhere for many years.

 

PS NOT recommended, as it still presents the same security risk as using register_globals, but if you need a quick fix while you rewrite your pages, add

 

extract ($_POST); 

 

to the top of each script (or $_GET if that is the method used)

Link to comment
https://forums.phpfreaks.com/topic/267427-php5-breaks-php4/#findComment-1371479
Share on other sites

so don't blame GoDaddy too much

Not blaming anyone.

Just wanting the quickest, best, cost effective FIX.

Hopefully that will outlast the next PHPx arrival.

I thank all for their comments.

Will also accept any further comments that might help.

Unfortunately I am about 12000 miles from my office and wont be back till October.

I can manually service my clients during this period.

I do need to implement a fix when I get back to my office.

Gives me about 35 days to get my head up to speed :'(

Maybe I should employ a PHP pro????

Thoughts?

 

 

Link to comment
https://forums.phpfreaks.com/topic/267427-php5-breaks-php4/#findComment-1371483
Share on other sites

Barand's solution was very dangerous and not recommended (as he noted in his post).  While it gets your site working today, your site still has security problems that are more than a decade old.  You should rewrite this with modern best practices, in PHP 5.4.

Link to comment
https://forums.phpfreaks.com/topic/267427-php5-breaks-php4/#findComment-1371505
Share on other sites

I recommend a rewrite as well.

 

The posted code is apparently processing a form submission. However, it has no logic to test if a form was even submitted; it is not validating any of the submitted data (the code shouldn't even get to the point of executing the query when the $studentid is empty); and it is not doing anything to prevent sql injection/query errors due to unexpected/hacked data values.

Link to comment
https://forums.phpfreaks.com/topic/267427-php5-breaks-php4/#findComment-1371508
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.