$REQUEST_METHOD question

[mrb1972]

Hi,

 

Im a bit of a PHP novice so any advice would be great, I have a website written quite a while ok which is being migrated to a new server which contains a new install of php.

 

This has bought to light a few problems with the php code which my host has pointed out to me,

 

one such example is the code; which dosent get executed any more

 

if($REQUEST_METHOD=="POST" && isset($submit_x))

{

 

Im told this is no longer valid on PHP 5.1.6 , my questions is, is this easy to fix, is it a big rewite, or just a few code changes.

 

thanks

[mrjcfreak]

if($REQUEST_METHOD=="POST" && isset($submit_x)) {

to

if(!empty($_POST['POST'] && isset($submit_x)) {

 

would be the immediate change...

 

..However I imagine that your code is written for 'register_globals' being on (a setting in php.ini)

which automatically makes things like session variables, form posts and url pieces into variables...

so if you go to

index.php?id=4

then $id is automatically set: $id=4;

where as now there is a seperation between such variables: they are accessed by:

$_GET['id'] // for URL things

$_POST['id'] //for POST form submission

$_SESSION['id'] //for session data.

 

Truthfully you ought to re write the code to reflect the revised best practice, but if you can persuade your host to turn register_globals back on (which they understandably may not want to) then it would probably be a quick fix.

 

Register globals info is here:

http://uk.php.net/register_globals

 

There may also be other older code in there which no longer is valid; I would recommend a good read of this page:

 

http://uk3.php.net/reserved.variables

[GingerRobot]

As was explained, your problems are all down to register_globals.

 

Just thought i would add that the $REQUEST_METHOD variable is part of the $_SERVER superglobal array. So, with register_globals on, you would access its contents with $_SERVER['REQUEST_METHOD'];

[mrb1972]

As was explained, your problems are all down to register_globals.

 

Just thought i would add that the $REQUEST_METHOD variable is part of the $_SERVER superglobal array. So, with register_globals on, you would access its contents with $_SERVER['REQUEST_METHOD'];

 

Thanks for your comments so far, I have indeed tried the $SEVER['REQUEST_METHOD']; but it didnt seem to work, everything after the IF statment is ignored when the submit button is pressed

 

<?

include("includes/config.php");

 

$message = "";

 

if($REQUEST_METHOD=="POST" && isset($submit_x))

{

 

And the form code is , does the $PHP_SELF self part need changing?

 

<form name="frm" method="post" action="<?=$PHP_SELF?>">

 

thanks

 

 

[GingerRobot]

I would change your if statement to:

 

if(isset($_POST['submit_x'))
{
}

 

Again, due to register_globals being off, the variable submit_x isn't defined. It is contained within the $_POST superglobal array. You'll need to change all of your variables that are from your form to be taken from the $_POST array.

 

The reason why i dropped the request method part of your if statement is that if something is set inside the $_POST array, then the method is going to be post.

[mrb1972]

if i use if(isset($_POST['submit_x')) then the page dosent even load up..

[GingerRobot]

Is there lots to this code? If not do you think you could post it up inside

 tags(without the spaces).

[mrb1972]

No its not a lot of code here is the php part, the bit i havent posted is just the html form which is below the php.. the problem is it just seems to ignore everything in (If statment) ..thanks

 

<?
include("includes/config.php");

$message = "";

if($REQUEST_METHOD=="POST" && isset($submit_x))
{
if(empty($vchUserName))
	$message .= "Please enter your username.<br>";
if(empty($vchPassword))
	$message .= "Please enter your password.<br>";
if(empty($vchRePassword))
	$message .= "Please confirm your password.<br>";
if(!empty($vchPassword) && !empty($vchRePassword))
{
	if(trim($vchPassword) != trim($vchRePassword))
	{
		$message .= "Passwords don't match.<br>";
	}
}
if(empty($vchEmail))
	$message .= "Please enter your e-mail address.";


if(empty($message))
{

	//check for the existence of the username and the password
	$exist = GiveValue("count(intMemberID) as cnt","tblMembers"," where vchUserName = '".$vchUserName."'",0);

	$exist1 = GiveValue("count(intMemberID) as cnt","tblMembers"," where vchEmail = '".$vchEmail."'",0);

	//print $exist;
	if($exist>0 || $exist1>0)
	{
		$message = "Duplicate username or e-mail address. Please try again";
	}
	else
	{
		//insert
		$sql = "insert into tblMembers(vchUserName,vchPassword,vchEmail,chStatus,dtAdded) values('$vchUserName','$vchPassword','$vchEmail','D',now())";
		//print $sql;
		mysql_query($sql);
		$MID = mysql_insert_id();

		if(mysql_insert_id())
		{
			//send email
			$myname = "New Zealand Stays";
			$myemail = "[email protected]";
			$contactname = $vchUserName;
			$contactemail = $vchEmail;
			$strmessage = "Dear $contactname,<br/><br/>Thank you for registering on Newzealandstays, please confirm your registration by clicking on the following link to activate your membership account - <br><br><a href='http://$HTTP_HOST/confirm.php?user=$MID'>http://$HTTP_HOST/confirm.php?user=$MID</a><br><br>After confirmation you can use the members area to log-in and add your property on the website.<br><br>Regards,<br>Newzealandstays Administrator<br><br><a href='http://$HTTP_HOST'>$HTTP_HOST</a>";
			$subject = "Confirmation email from - ".$HTTP_HOST;
			$headers .= "MIME-Version: 1.0\n";
			$headers .= "Content-type: text/html; charset=iso-8859-1\n";
			$headers .= "From: ".$myname." <$myemail>\n";
			$headers .= 'Cc: [email protected]' . "\n";
			mail($contactemail, $subject, $strmessage, $headers);
			$message = "A confirmation email has been sent to the email address you provided, please check your email and confirm your registration. Thank you";
			//print $strmessage;

		}
	}
}

}
fnHeader();
?>

[mrjcfreak]

Let me explain what "register globals" does....

In the standard set up of PHP5, all posted form variables, url strings and session info is put into arrays called $_POST, $_GET and $_SESSION respectively...

So in your script there are variables called $_POST['vchEmail'] - which the script expects to be called $vchEmail...

so you need to identify every variable whichcame from a script, and rename it....

 

I would image your final script to be:

 

<?
include("includes/config.php");

$message = "";

if(isset($_POST['submit_x'))
{
if(empty($_REQUEST['vchUserName']))
	$message .= "Please enter your username.<br>";
if(empty($_REQUEST['vchPassword']))
	$message .= "Please enter your password.<br>";
if(empty($_REQUEST['vchRePassword']))
	$message .= "Please confirm your password.<br>";
if(!empty($_REQUEST['vchPassword']) && !empty($_REQUEST['vchRePassword']))
{
	if(trim($_REQUEST['vchPassword']) != trim($_REQUEST['vchRePassword']))
	{
		$message .= "Passwords don't match.<br>";
	}
}
if(empty($_REQUEST['vchEmail']))
	$message .= "Please enter your e-mail address.";


if(empty($message))
{

	//check for the existence of the username and the password
	$exist = GiveValue("count(intMemberID) as cnt","tblMembers"," where vchUserName = '".$_REQUEST['vchUserName']."'",0);

	$exist1 = GiveValue("count(intMemberID) as cnt","tblMembers"," where vchEmail = '".$_REQUEST['vchEmail']."'",0);

	//print $exist;
	if($exist>0 || $exist1>0)
	{
		$message = "Duplicate username or e-mail address. Please try again";
	}
	else
	{
		//insert
		$sql = "insert into tblMembers(vchUserName,vchPassword,vchEmail,chStatus,dtAdded) values('$_REQUEST['vchUserName']','$_REQUEST['vchPassword']','$_REQUEST['vchEmail']','D',now())";
		//print $sql;
		mysql_query($sql);
		$MID = mysql_insert_id();

		if(mysql_insert_id())
		{
			//send email
			$myname = "New Zealand Stays";
			$myemail = "[email protected]";
			$contactname = $_REQUEST['vchUserName'];
			$contactemail = $_REQUEST['vchEmail'];
			$strmessage = "Dear $contactname,<br/><br/>Thank you for registering on Newzealandstays, please confirm your registration by clicking on the following link to activate your membership account - <br><br><a href='http://$HTTP_HOST/confirm.php?user=$MID'>http://$HTTP_HOST/confirm.php?user=$MID</a><br><br>After confirmation you can use the members area to log-in and add your property on the website.<br><br>Regards,<br>Newzealandstays Administrator<br><br><a href='http://$HTTP_HOST'>$HTTP_HOST</a>";
			$subject = "Confirmation email from - ".$HTTP_HOST;
			$headers .= "MIME-Version: 1.0\n";
			$headers .= "Content-type: text/html; charset=iso-8859-1\n";
			$headers .= "From: ".$myname." <$myemail>\n";
			$headers .= 'Cc: [email protected]' . "\n";
			mail($contactemail, $subject, $strmessage, $headers);
			$message = "A confirmation email has been sent to the email address you provided, please check your email and confirm your registration. Thank you";
			//print $strmessage;

		}
	}
}

}
fnHeader();
?>

 

but you do need to check this.

 

I have used $_REQUEST, a combination of $_POST and $_GET, which should work for you.

[mrb1972]

Thanks for that, unfortunatley I now only get a blank page, it dosent seem to like the if(isset($_POST['submit_x')) part

[wildteen88]

Missing ending square bracket ] on line 6

 

It should be:

if(isset($_POST['submit_x']))

[mrb1972]

ahh ok , changed that but still no joy

[wildteen88]

What error do you get. If you dont get any errors and just a blank screen. Enable display_errors if you can in the php.ini or just add this line at the top of your script:

error_reporting(E_ALL);
ini_set('display_errors', 'On');

[mrb1972]

Hi, I cant get access to the php.ini, but i did add those lines to the code as your stated, but all i get it a blank page still?

[mrjcfreak]

try adding text on each line of your script to see where it's pants fall down.

[mrb1972]

ok, i think im getting somewhere, it looks the like the form is working now, but i had to remove

action="<?$PHP_SELF?>"

 

from the form code!. Any one know why this would cause the problem..?

thanks

[premiso]

Because register_globals is off (like it should be) you need to access php_self via $_SERVER['PHP_SELF'] 

[mrb1972]

Yes thanks i have tried that, no joy..

 

I even got the hosting company to turn register back on, but still the form will only work with php_self part removed..

 

??? I give up..

[premiso]

Well are you doing a mod_rewrite or is the file being called included through a different file?

 

Remember PHP thinks PHP_SELF is the original script. So if you have a mod_rewrite to send let's say www.yourdomin.com/help to www.yourdomain.com/main.php?action=help  well the main.php is going to be the php_self file, not help/index.php

 

Just a little fyi.

[wildteen88]

Yes thanks i have tried that, no joy..

 

I even got the hosting company to turn register back on, but still the form will only work with php_self part removed..

 

??? I give up..

Rather than turn regsiter_globals on you should set error_reporting to E_ALL  and turn display_errors on. That way PHP will spit out errors if there is any when the script runs.

[mrjcfreak]

<?$PHP_SELF?>

should be

<? echo $_SERVER['PHP_SELF']; ?>