Fatal Error - Help/Guidance to correct

[kellyalan]

Hello

 

We have a testing site where users create a profile then take an aptitude test. Was working fine several months ago but we're trying to set up tests now and when the user enters their information and hits submit, we get these errors.  (first it was the white screen, then I turned on the errors and received this)

 

Deprecated: mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in ~/inc/connect.inc.php on line 11

Notice: Undefined variable: i_price in ~/profile-2.inc.php on line 97

Fatal error: Call to undefined function session_register() in ~/profile-2.inc.php on line 101

 

 

I'm assuming the Fatal Error is what's causing the profile not to be set up(and thus get the white screen).  The code in profile-2 is:

 

# Create new record:

$now = time();

$password_name = random_password(PASS_LENGTH);

$password_hash = bin2hex(mhash(MHASH_MD5, $password_name));

$i_qry2 = db_qry("INSERT INTO reports(createdate,passhash,fname,lname,age,gender,sport,loc,phone,address1,address2,city,state,zip,email,price) VALUES ($now,'$password_hash','$f_firstname','$f_lastname',$f_age,$f_gender,'$f_sport','$f_loc','$f_phone','$f_address1','$f_address2','$f_city','$f_state','$f_zip','$f_email','$i_price')")

or die("Error: profile-2, SQL request error #2 ".mysql_error());

$i_sid = mysql_insert_id($sql_link);

# Register SID in session:

session_register('r_id');      <<<<this is line 101

$_SESSION['r_id'] = $i_sid;

session_register('r_pass');

$_SESSION['r_pass'] = '';

session_register('r_ccode');

$_SESSION['r_ccode'] = stripslashes($f_ccode);

 

Does anyone have a suggestion on what might be the problem and how I go about fixing it?

 

Thanks in advance.

[NigelRel3]

The message - Deprecated: mysql_connect() should give you a hint, if you read up on this you will see that you should follow the suggestion that it gives and change the way you interact with the database.

So - yes - this is causing the database to not be updated.

[mac_gyver]

the fatal error is occurring after the point where the sql query statement is being executed (unless the profile related query is after the code you have posted), so it is not directly the cause of the data not being inserted, but it is a separate issue that MUST be fixed.

 

if the data isn't being inserted into the reports table (is that the correct table for the profile information?) then the db_qry() function isn't detecting if there is an error and returning a false value so that the or die(...) logic has something to operate on. you would need to post the code for the db_qry() function for us to be able to directly help.

 

as to the fatal error, if you read the php.net documentation for that function, you will find what it means and what to do to fix it. however, the code already has the 'fix' in it. you use the $_SESSION variable directly in assignments and references, combined with a session_start(); statement near the top of the code on any page that sets or references a $_SESSION variable.

 

lastly, your code has some even more serious problems than what you are trying to currently fix. the reason for the first and third errors are because your php version was updated to at least php 5.5. if your php version gets updated again, to php 7, ALL the database code using the php mysql_ statements will stop working because the php mysql_ extension has been removed from php and your code will need to be rewritten. your code is also most likely open to sql injection, since it is putting data values directly into the sql query statement. switching to the php PDO extension and using prepared queries would be the best why of solving both of these problems.

Edited March 18, 2017 by mac_gyver

[mac_gyver]

some separate issues -

 

1) a person's age is not a fixed value, unless they are dead. for people that are still alive, their age changes each year (or every 4 years if born on Feb. 29). you should instead be storing a date of birth and then calculating the age when needed.

 

2) you should be using php's password_hash() (and password_verify()) functions for your password hash.

[kellyalan]

Thanks for the information. I have a small understanding of how the PHP works but I think we'll have to have the code evaluated by a php expert and possibly update the whole site.

[Jacques1]

Not just possibly. The code is ~15 years out of date and very poorly written. The errors you're seeing are just the tip of the iceberg. So you need a full rewrite from somebody who actually knows what they're doing.

[kellyalan]

I figured that might be the case....   Any good references for php code writers would be appreciated, we're in Southern California.