Jump to content

Recommended Posts

i'm going to guess this is a symptom of a page getting requested twice/redirected back to, combined with php's output_buffering being on to hide things (thanks php), and the second request doesn't have any post data and you are only seeing the output from the second/last request.

 

to start with, the php code you posted isn't even checking if a form was submitted, so any time the page gets requested, it will run that code. if the page was requested with a get request, $_POST will be empty and you will get an empty value inserted into your database table and your "New record created successfully" message will be output.

 

i'm not sure if the phpinfo() output you posted was supposed to be from the result of submitting the form with a valid url, but the REQUEST_METHOD showing in that output is GET.

 

any chance that your page is doing a header() redirect back to itself based on some condition related to the url/non-url being submitted?

 

it would take seeing all your code involved with this problem, less any database credentials, posted in the forum, for anyone else reading this thread to help. by sending code via pm, you are preventing anyone else, with a fresh set of eyes, from offering any specific help.

mac_gyver, that doesn't explain why a partial URL works but a full one does not. Surely if it was submitting twice, that would not work either? We should be able to test that theory though, by logging to a file.

<?php

$pathToLog = 'request.log';

$log = '[' . date('Y-m-d H:i:s', time()) . '] ';
$log .= "Dumping POST:\n" . var_export($_POST) . "\n-------------\n";
$log .= "Dumping SERVER:\n" . var_export($_SERVER) . "\n-------------\n-------------\n";

file_put_contents($pathToLog, $log, FILE_APPEND);
Adjust $pathToLog to a writable location.

This is the output:

 

array ( )array ( 'DOCUMENT_ROOT' => '/home/sedoyrzi/public_html', 'GATEWAY_INTERFACE' => 'CGI/1.1', 'HTTP_ACCEPT' => 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8', 'HTTP_ACCEPT_ENCODING' => 'gzip, deflate, sdch', 'HTTP_ACCEPT_LANGUAGE' => 'en-US,en;q=0.8', 'HTTP_CACHE_CONTROL' => 'max-age=0', 'HTTP_COOKIE' => 'ips4_recentEmoticons=%5B%7B%22src%22%3A%22http%3A//www.sedonaconnect.com/uploads/monthly_2015_02/wink.png.7b86830064549519834fb1d05cbb24c2.png%22%2C%22text%22%3A%22%3B%29%22%7D%2C%7B%22src%22%3A%22http%3A//www.sedonaconnect.com/uploads/emoticons/boom.jpg%22%2C%22text%22%3A%22%3Aboom%3A%22%7D%5D; ips4_IPSSessionFront=6ppd6f8napglgug5q5piuf2380; ips4_IPSSessionAdmin=irkfvp01nrn6181usi1d1kv0u4; ips4_acpTabs=%7B%22core%22%3A%5B%5D%2C%22community%22%3A%5B%5D%2C%22members%22%3A%5B%5D%2C%22nexus%22%3A%5B%5D%2C%22content%22%3A%5B%5D%2C%22stats%22%3A%5B%5D%2C%22customization%22%3A%5B%5D%7D; ips4_hasJS=true; ips4_member_id=1; ips4_pass_hash=617a52a733d824d430498409d94f93b9; ips4_ipsTimezone=America/Phoenix', 'HTTP_DNT' => '1', 'HTTP_HOST' => 'www.sedonaconnect.com', 'HTTP_REFERER' => 'http://www.sedonaconnect.com/Ads/createAd.php' 'HTTP_UPGRADE_INSECURE_REQUESTS' => '1', 'HTTP_USER_AGENT' => 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36', 'HTTP_X_FORWARDED_FOR' => '24.121.198.152', 'PATH' => '/bin:/usr/bin', 'PATH_INFO' => '/', 'PATH_TRANSLATED' => '/home/sedoyrzi/public_html/Ads/placeAd.php', 'QUERY_STRING' => '', 'REDIRECT_STATUS' => '200', 'REMOTE_ADDR' => '24.121.198.152', 'REMOTE_PORT' => '49994', 'REQUEST_METHOD' => 'GET', 'REQUEST_URI' => '/Ads/placeAd.php/', 'SCRIPT_FILENAME' => '/home/sedoyrzi/public_html/Ads/placeAd.php', 'SCRIPT_NAME' => '/Ads/placeAd.php', 'SERVER_ADDR' => '192.64.112.59', 'SERVER_ADMIN' => 'webmaster@sedonaconnect.com', 'SERVER_NAME' => 'www.sedonaconnect.com', 'SERVER_PORT' => '80', 'SERVER_PROTOCOL' => 'HTTP/1.1', 'SERVER_SIGNATURE' => '', 'SERVER_SOFTWARE' => 'Apache', 'UNIQUE_ID' => 'VeOPi8e8yGQABOTYpTgAAACM', 'PHP_SELF' => '/Ads/placeAd.php/', 'REQUEST_TIME_FLOAT' => 1440976779.364756107330322265625, 'REQUEST_TIME' => 1440976779, )string(0) "" array(0) { } 


<?php
$servername = "localhost";
$username = "";
$password = "";
$dbname = "";
global $mysqli;

ini_set('display_errors', 'On');
error_reporting(-1);

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);

// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}

var_dump(file_get_contents('php://input'));
var_dump($_POST);

// Setup the collection of the POST variables


if (isset($_POST["bold"])) {
$_POST["bold"]="1";
} else {
$_POST["bold"]="0";
}

$Line1=$_POST["Line1"];
$Bold=$_POST["bold"];
$Line2=$_POST["Line2"];
$Line3=$_POST["Line3"];
$Line4=$_POST["Line4"];
$Line5=$_POST["Line5"];
$Line6=$_POST["Line6"];
$NumOfWeeks =$_POST["weeks"];
$Email=$_POST["email"];
$Comment=$_POST["comment"];


$sql = "INSERT INTO SSCAds (`Line1`, `Line2`, `Line3`, `Line4`, `Line5`, `Line6`, `NumOfWeeks`, `Email`, `Comment`, `Bold`)
VALUES ('$Line1', '$Line2', '$Line3', '$Line4', '$Line5', '$Line6', '$NumOfWeeks', '$Email', '$Comment', '$Bold')";

if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}

//Close this down
mysqli_close($conn);


?>

I placed your code into the top of the 'catch' page, here is the output:

 

array ( )array ( 'DOCUMENT_ROOT' => '/home/sedoyrzi/public_html', 'GATEWAY_INTERFACE' => 'CGI/1.1', 'HTTP_ACCEPT' => 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8', 'HTTP_ACCEPT_ENCODING' => 'gzip, deflate, sdch', 'HTTP_ACCEPT_LANGUAGE' => 'en-US,en;q=0.8', 'HTTP_CACHE_CONTROL' => 'max-age=0', 'HTTP_COOKIE' => 'ips4_recentEmoticons=%5B%7B%22src%22%3A%22http%3A//www.sedonaconnect.com/uploads/monthly_2015_02/wink.png.7b86830064549519834fb1d05cbb24c2.png%22%2C%22text%22%3A%22%3B%29%22%7D%2C%7B%22src%22%3A%22http%3A//www.sedonaconnect.com/uploads/emoticons/boom.jpg%22%2C%22text%22%3A%22%3Aboom%3A%22%7D%5D; ips4_IPSSessionFront=6ppd6f8napglgug5q5piuf2380; ips4_IPSSessionAdmin=irkfvp01nrn6181usi1d1kv0u4; ips4_acpTabs=%7B%22core%22%3A%5B%5D%2C%22community%22%3A%5B%5D%2C%22members%22%3A%5B%5D%2C%22nexus%22%3A%5B%5D%2C%22content%22%3A%5B%5D%2C%22stats%22%3A%5B%5D%2C%22customization%22%3A%5B%5D%7D; ips4_member_id=1; ips4_pass_hash=617a52a733d824d430498409d94f93b9; ips4_ipsTimezone=America/Phoenix', 'HTTP_DNT' => '1', 'HTTP_HOST' => 'www.sedonaconnect.com', 'HTTP_REFERER' => 'http://www.sedonaconnect.com/Ads/createAd.php' 'HTTP_UPGRADE_INSECURE_REQUESTS' => '1', 'HTTP_USER_AGENT' => 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36', 'HTTP_X_FORWARDED_FOR' => '24.121.198.152', 'PATH' => '/bin:/usr/bin', 'PATH_INFO' => '/', 'PATH_TRANSLATED' => '/home/sedoyrzi/public_html/Ads/placeAd.php', 'QUERY_STRING' => '', 'REDIRECT_STATUS' => '200', 'REMOTE_ADDR' => '24.121.198.152', 'REMOTE_PORT' => '37962', 'REQUEST_METHOD' => 'GET', 'REQUEST_URI' => '/Ads/placeAd.php/', 'SCRIPT_FILENAME' => '/home/sedoyrzi/public_html/Ads/placeAd.php', 'SCRIPT_NAME' => '/Ads/placeAd.php', 'SERVER_ADDR' => '192.64.112.59', 'SERVER_ADMIN' => 'webmaster@sedonaconnect.com', 'SERVER_NAME' => 'www.sedonaconnect.com', 'SERVER_PORT' => '80', 'SERVER_PROTOCOL' => 'HTTP/1.1', 'SERVER_SIGNATURE' => '', 'SERVER_SOFTWARE' => 'Apache', 'UNIQUE_ID' => 'VeOtEse8yGQABz7Zpi8AAAAV', 'PHP_SELF' => '/Ads/placeAd.php/', 'REQUEST_TIME_FLOAT' => 1440984338.9681270122528076171875, 'REQUEST_TIME' => 1440984338, )string(0) "" array(0) { } 

@Sedona, you need to be careful when posting the debugging output you are getting. it contains cookie values that will allow anyone to visit your site and impersonate you. I reported the two previous posts in this thread that contain those values and they were hidden/removed. Now you have posted two more sets of cookie values for someone to use.

 

'HTTP_X_FORWARDED_FOR'

 

this header is indicative of going through a proxy server, either where the client is at or the web server is behind a proxy where it is hosted. either of these, or even a .htaccess file could be causing this, but i doubt it would be dependent on there being a completely specified http url or not in the posted data.

 

if that's your whole form processing code in post #31, there's nothing in it that could be causing this, aside from the fact that it isn't bothering to test if a from was submitted at all.

 

you didn't post your form/the whole client-side code.. i'm guessing you have some client-side validation that could be causing this, only when it finds something that starts with a completely specified http url?

 

i also don't see where you are logging the information that scootstah gave you code to do.

Edited by mac_gyver

I placed your code into the top of the 'catch' page, here is the output

No, this one:

mac_gyver, that doesn't explain why a partial URL works but a full one does not. Surely if it was submitting twice, that would not work either? We should be able to test that theory though, by logging to a file.

<?php

$pathToLog = 'request.log';

$log = '[' . date('Y-m-d H:i:s', time()) . '] ';
$log .= "Dumping POST:\n" . var_export($_POST) . "\n-------------\n";
$log .= "Dumping SERVER:\n" . var_export($_SERVER) . "\n-------------\n-------------\n";

file_put_contents($pathToLog, $log, FILE_APPEND);
Adjust $pathToLog to a writable location.

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.