Shamrox Posted November 22, 2006 Share Posted November 22, 2006 I just moved a client from a shared server host to a dedicated server, and in the process the PHP version went from 4 to 5. Most of the pages work, no errors appear but certain values are not passed to links that would show records. In another situation, i have a page that lists all the vendors. It does this correctly, but when you click a link to go to a specific vendor's detail page, the same record loads no matter which vendor you click. Are there some changes in PHP 5 that would affect this? I can try to post some examples of the code if that would help, but it's pretty extensive. Thanks for any and all help. Quote Link to comment https://forums.phpfreaks.com/topic/28103-is-this-a-php-version-issue-and-how-to-fix/ Share on other sites More sharing options...
kenrbnsn Posted November 22, 2006 Share Posted November 22, 2006 This is probably due to register_globals going from enabled to disabled. Please read the [url=http://www.php.net/register_globals]section on register_globals[/url] in the manual.Ken Quote Link to comment https://forums.phpfreaks.com/topic/28103-is-this-a-php-version-issue-and-how-to-fix/#findComment-128544 Share on other sites More sharing options...
Shamrox Posted November 22, 2006 Author Share Posted November 22, 2006 Ok, that partially fixed things. Thanks!Now I'm getting a PHP notice error of:PHP Notice: Undefined offset: 1 in /var/www/vhosts/domain.com/httpdocs/folder/file.php on line 76that points to this code. Anything wrong here?if(isset($_POST['submit_create_record'])){ $varorderdate = preg_split("/(-|\/)/",$_POST['orderdate']); $varorderdate = $varorderdate[2]."-".$varorderdate[0]."-".$varorderdate[1]; $varinvoicedate = preg_split("/(-|\/)/",$_POST['invoicedate']); $varinvoicedate = $varinvoicedate[2]."-".$varinvoicedate[0]."-".$varinvoicedate[1]; $varstartdate = preg_split("/(-|\/)/",$_POST['startdate']); $varstartdate = $varstartdate[2]."-".$varstartdate[0]."-".$varstartdate[1]; $varenddate = preg_split("/(-|\/)/",$_POST['enddate']); $varenddate = $varenddate[2]."-".$varenddate[0]."-".$varenddate[1]; Quote Link to comment https://forums.phpfreaks.com/topic/28103-is-this-a-php-version-issue-and-how-to-fix/#findComment-128677 Share on other sites More sharing options...
wildteen88 Posted November 22, 2006 Share Posted November 22, 2006 Echo $_POST['orderdate'] variable. What does it contain? Quote Link to comment https://forums.phpfreaks.com/topic/28103-is-this-a-php-version-issue-and-how-to-fix/#findComment-128760 Share on other sites More sharing options...
Shamrox Posted November 22, 2006 Author Share Posted November 22, 2006 Hmmm, i get this error displayed in my browser when I submit.You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's Training Company','Dirk Digler','email@domain.com','400 7th St','Roo' at line 2 Quote Link to comment https://forums.phpfreaks.com/topic/28103-is-this-a-php-version-issue-and-how-to-fix/#findComment-128777 Share on other sites More sharing options...
wildteen88 Posted November 22, 2006 Share Posted November 22, 2006 That is a another issue, Looks like you're not escaping your quotes. The single quotes are breaking your SQL query. Post the relevant code for the error here. Quote Link to comment https://forums.phpfreaks.com/topic/28103-is-this-a-php-version-issue-and-how-to-fix/#findComment-128780 Share on other sites More sharing options...
Shamrox Posted November 22, 2006 Author Share Posted November 22, 2006 line 2 has nothing to do with that. Line to is my include for the database connection.It seems that all my other issues came from moving from php4 to 5. I had to turn register_globals ON at the server to fix one issue. Would this have anything to do with magic quotes? Quote Link to comment https://forums.phpfreaks.com/topic/28103-is-this-a-php-version-issue-and-how-to-fix/#findComment-128784 Share on other sites More sharing options...
Shamrox Posted November 22, 2006 Author Share Posted November 22, 2006 Ok, here is the code used for the submit of the record. I hope this gives a clue to what's going on.[code]if(isset($_POST['submit_create_record'])){ $varorderdate = preg_split("/(-|\/)/",$_POST['orderdate']); $varorderdate = $varorderdate[2]."-".$varorderdate[0]."-".$varorderdate[1]; $varinvoicedate = preg_split("/(-|\/)/",$_POST['invoicedate']); $varinvoicedate = $varinvoicedate[2]."-".$varinvoicedate[0]."-".$varinvoicedate[1]; $varstartdate = preg_split("/(-|\/)/",$_POST['startdate']); $varstartdate = $varstartdate[2]."-".$varstartdate[0]."-".$varstartdate[1]; $varenddate = preg_split("/(-|\/)/",$_POST['enddate']); $varenddate = $varenddate[2]."-".$varenddate[0]."-".$varenddate[1]; $sql = "SELECT `invoicenumber` FROM `spec_invoice` WHERE `invoicenumber` REGEXP '^" . date('Y') . "[0-9]*$' ORDER BY LENGTH(`invoicenumber`) DESC, `invoicenumber` DESC LIMIT 1;"; $results = mysql_query($sql) or die(mysql_error()); if(mysql_num_rows($results) > 0){ $row = mysql_fetch_assoc($results); $invoicenumber_invoice = substr($row['invoicenumber'], 4); $invoicenumber_invoice = date('Y').($invoicenumber_invoice+1); }else{ $invoicenumber_invoice = date('Y')."1"; } $sql = "SELECT `invoice` FROM `spec_registrar` WHERE `invoice` REGEXP '^" . date('Y') . "[0-9]*$' ORDER BY LENGTH(`invoice`) DESC, `invoice` DESC LIMIT 1;;"; $results = mysql_query($sql) or die(mysql_error()); if(mysql_num_rows($results) > 0){ $row = mysql_fetch_assoc($results); $invoicenumber_registrar = substr($row['invoice'], 4); $invoicenumber_registrar = date('Y').($invoicenumber_registrar+1); }else{ $invoicenumber_registrar = date('Y')."1"; } if($invoicenumber_registrar > $invoicenumber_invoice){ $invoicenumber = $invoicenumber_registrar; }else{ $invoicenumber = $invoicenumber_invoice; } $vendor_stb_po_number = "V".$invoicenumber; $sql = "INSERT INTO `spec_registrar` ( `registrarid` , `studentid` , `scheduelid` , `clientid` , `clientcontactid` , `stbrepid` , `invoice` , `training_agreement_sent` , `agreement_received` , `order_placed_vendor` , `confirmation_received_vendor` , `confirmation_sent_student` , `invoiced_status` , `old_studentid` , `old_courseid` , `old_scheduleid` , `old_vendorid` , `orderdate` , `invoicedate` , `quantity` , `discount` , `sale_price` , `stb_discount` , `salesterms` , `vendorpromocode`, `stbpromocode`, `vendorlistprice` , `vendororder` , `confirmationnumber` , `paymentmethod` , `cogs` , `comment` , `coursecode` , `vendorname` , `VendorStbPoNumber` , `VendorStbPoDescription` , `VendorStbPoTerms` , `courselength` , `startdate` , `enddate` , `starttime` , `endtime` , `timenotes` , `vendorid` , `billingcompanyname` , `billname` , `billemail` , `billaddress1` , `billaddress2` , `billcity` , `billstate` , `billclientid` , `billcontactid` , `billzip` , `purchase_order` , `contract_number` , `payment_method` , `cc_number` , `approvalcode` , `cc_notes` , `cost_center` , `status` , `lastupdate` ) VALUES(". "'',". //registrarid "'" . $_POST['selectstudent'] . "',". //studentid "'',". //scheduleid "'" . $_POST['selectclient'] . "',". //clientid "'" . $_POST['selectclient_contact'] . "',". //clientcontactid "'" . $_POST['stbrepid'] . "',". "'" . $invoicenumber . "',". //invoice "'" . @$_POST['training_agreement_sent'] . "',". "'" . @$_POST['agreement_received'] . "',". "'" . @$_POST['order_placed_vendor'] . "',". "'" . @$_POST['confirmation_received_vendor'] . "',". "'" . @$_POST['confirmation_sent_student'] . "',". "'" . @$_POST['invoiced_status'] . "',". "'',". //old_studentid "'',". //old_courseid "'',". // old_scheduleid "'',". //old_vendorid "'" . $varorderdate . "',". //orderdate "'" . $varinvoicedate . "',". //invoicedate "'" . $_POST['quantity'] . "',". //quantity "'" . $_POST['discount'] . "',". //discount "'" . $_POST['sale_price'] . "',". //sale_price "'" . $_POST['stb_discount'] . "',". //stb_discount "'" . $_POST['salesterms'] . "',". //salesterms "'" . $_POST['vendorpromocode'] . "',". //vendor promo code "'" . $_POST['stbpromocode'] . "',". //stb promo code "'" . $_POST['vendorlistprice'] . "',". //vendorlistprice "'',". //vendororder "'" . $_POST['confirmationnumber'] . "',". //confirmationnumber //"'" . $_POST['cancellationby'] . "',". //cancelby //"'" . $_POST['cancellationcomments'] . "',". //cancelcomment //"'" . $_POST['cancellationdate'] . "',". //canceldate "'" . $_POST['paymentmethod'] . "',". //paymentmethod "'" . $_POST['cogs'] . "',". //cogs "'" . $_POST['comments'] . "',". //comment "'" . $_POST['coursecode'] . "',". //coursecode "'" . $_POST['vendor'] . "',". //vendorname "'" . $vendor_stb_po_number . "',". //VendorStbPoNumber "'" . $_POST['stb_po_description'] . "',". //VendorStbPoDescription "'" . $_POST['stb_po_terms'] . "',". //VendorStbPoTerms "'" . $_POST['courselength'] . "',". //courselength "'" . $varstartdate . "',". //startdate "'" . $varenddate . "',". //enddate "'" . $_POST['starttime'] . "',". //starttime "'" . $_POST['endtime'] . "',". //endtime "'" . $_POST['timenotes'] . "',". //timenotes "'" . $_POST['vendor_id'] . "',". //vendorid "'" . $_POST['billingcompanyname'] . "',". //billingcompanyname "'" . $_POST['billingname'] . "',". //billname "'" . $_POST['billingemail'] . "',". //billemail "'" . $_POST['billingaddress1'] . "',". //billaddress1 "'" . $_POST['billingaddress2'] . "',". //billaddress2 "'" . $_POST['billingcity'] . "',". //billcity "'" . $_POST['billingstate'] . "',". //billstate "'',". //billclientid "'',". //billcontactid "'" . $_POST['billingzip'] . "',". //billzip "'" . $_POST['purchase_order'] . "',". //purchase_order "'',". //contract_number "'" . $_POST['paymentmethod'] . "',". //payment_method "'" . $_POST['cc_number'] . "',". //cc_number "'" . $_POST['approvalcode'] . "',". //approval code "'" . $_POST['cc_notes'] . "',". //cc_notes "'" . $_POST['cost_center'] . "',". //cost_center "'" . $_POST['registrationstatus'] . "',". //status "'');"; //lastupdate $results = mysql_query($sql) or die(mysql_error()); if($results){ $message = "Registrar Created."; $registrarid = mysql_insert_id(); }else{ $message = "Error Creating Registrar!"; }[/code] Quote Link to comment https://forums.phpfreaks.com/topic/28103-is-this-a-php-version-issue-and-how-to-fix/#findComment-128786 Share on other sites More sharing options...
wildteen88 Posted November 23, 2006 Share Posted November 23, 2006 You are putting your POST'd data straight into the database and you are not doing any sort of validation. So your whole site is prone to SQL injection attacks, and yes this is because of magic_quotes (being off).Do not turn magic quotes on. Leave it off. Look into using mysql_real_escape_string on your user input that you are inserting into your database. This will help to prevent SQL Injection attacks. Quote Link to comment https://forums.phpfreaks.com/topic/28103-is-this-a-php-version-issue-and-how-to-fix/#findComment-129213 Share on other sites More sharing options...
Shamrox Posted November 24, 2006 Author Share Posted November 24, 2006 Like this?"'" . mysql_real_escape_string($_POST['registrationstatus']) . "',". Quote Link to comment https://forums.phpfreaks.com/topic/28103-is-this-a-php-version-issue-and-how-to-fix/#findComment-129452 Share on other sites More sharing options...
joshi_v Posted November 24, 2006 Share Posted November 24, 2006 $query = sprintf("SELECT * FROM users WHERE user='%s' AND password='%s'", mysql_real_escape_string($user), mysql_real_escape_string($password)); Quote Link to comment https://forums.phpfreaks.com/topic/28103-is-this-a-php-version-issue-and-how-to-fix/#findComment-129550 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.