Re: [PHP-DB] problems with a script. .
John R. Sims, Jr. wrote:
Martin; I have taken your advice and read both of the articles, but
unfortunately I have not been able to find what needs to be changed. As I
mentioned, I am very new at this.
Could you possibly look at the script and point me in the right direction?
[snip]
/head ?php
// Set the page title and include the HTML header.
$page_title = 'Wireless Neighborhoods';
include_once ('include/header.html');
$db_connection = mysql_connect ('db.wireless-neighborhoods.org', 'scfn',
'scfn75') or die (mysql_error());
$db_select = mysql_select_db('scfn') or die (mysql_error());
// If the form was submitted, process it.
if (isset($submit)) {
$query = insert into case_note values ('0', '$id',NOW(),
NOW(),'$cmanager', '$location', '$purpose', '$present', '$subject',
'$note');
if (@mysql_query ($query)) {
à
àecho 'A Case Note has been added.';
} else {
à
àecho 'The case note could not be added.' . mysql_error();
}
}
?
[snip]
It looks like you are using register_globals on your development
machine. You'll likely find it easier to write safer/cleaner PHP
scripts if you don't rely on this.
http://us2.php.net/register_globals
though register globals itself isn't strictly a security issue, it is a
convenience that can cause unwanted/undue variable namespace pollution.
I'd recommend you disable it on your development machine ( in your
php.ini configuration file ) and then you'll have to set about changing
any variables that are coming from get/post - e.g.
if (isset($submit)) {
becomes
if (isset($_POST['submit'])) {
and the likes.
It's odd that your PHP 5 installation has this enabled - the default
changed to it being off in PHP 4.2.0, and certainly hasn't changed back.
cheers,
--
- Martin Norland, Sys Admin / Database / Web Developer, International
Outreach x3257
The opinion(s) contained within this email do not necessarily represent
those of St. Jude Children's Research Hospital.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
**
IMPORTANT NOTICE
This communication is for the exclusive use of the intended recipient(s)
named above. If you receive this communication in error, you should
notify the sender by e-mail or by telephone (+44) 191 224 4461, delete
it and destroy any copies of it.
This communication may contain confidential information and material
protected by copyright, design right or other intellectual property
rights which are and shall remain the property of Piranha Studios
Limited. Any form of distribution, copying or other unauthorised use
of this communication or the information in it is strictly prohibited.
Piranha Studios Limited asserts its rights in this communication and
the information in it and reserves the right to take action against
anyone who misuses it or the information in it.
Piranha Studios Limited cannot accept any liability sustained as a
result of software viruses and would recommend that you carry out your
own virus checks before opening any attachment.
GWAVAsigAdmID:A00631876AE75ABACF5876E2D91276D2
**
IMPORTANT NOTICE
This communication is for the exclusive use of the intended recipient(s)
named above. If you receive this communication in error, you should
notify the sender by e-mail or by telephone (+44) 191 224 4461, delete
it and destroy any copies of it.
This communication may contain confidential information and material
protected by copyright, design right or other intellectual property
rights which are and shall remain the property of Piranha Studios
Limited. Any form of distribution, copying or other unauthorised use
of this communication or the information in it is strictly prohibited.
Piranha Studios Limited asserts its rights in this communication and
the information in it and reserves the right to take action against
anyone who misuses it or the information in it.
Piranha Studios Limited cannot accept any liability sustained as a
result of software viruses and would recommend that you carry out your
own virus checks before opening any attachment.
GWAVAsig
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] problems with a script. .
John R. Sims, Jr. wrote:
Martin; I have taken your advice and read both of the articles, but
unfortunately I have not been able to find what needs to be changed. As I
mentioned, I am very new at this.
Could you possibly look at the script and point me in the right direction?
[snip]
/head ?php
// Set the page title and include the HTML header.
$page_title = 'Wireless Neighborhoods';
include_once ('include/header.html');
$db_connection = mysql_connect ('db.wireless-neighborhoods.org', 'scfn',
'scfn75') or die (mysql_error());
$db_select = mysql_select_db('scfn') or die (mysql_error());
// If the form was submitted, process it.
if (isset($submit)) {
$query = insert into case_note values ('0', '$id',NOW(),
NOW(),'$cmanager', '$location', '$purpose', '$present', '$subject',
'$note');
if (@mysql_query ($query)) {
echo 'A Case Note has been added.';
} else {
echo 'The case note could not be added.' . mysql_error();
}
}
?
[snip]
It looks like you are using register_globals on your development
machine. You'll likely find it easier to write safer/cleaner PHP
scripts if you don't rely on this.
http://us2.php.net/register_globals
though register globals itself isn't strictly a security issue, it is a
convenience that can cause unwanted/undue variable namespace pollution.
I'd recommend you disable it on your development machine ( in your
php.ini configuration file ) and then you'll have to set about changing
any variables that are coming from get/post - e.g.
if (isset($submit)) {
becomes
if (isset($_POST['submit'])) {
and the likes.
It's odd that your PHP 5 installation has this enabled - the default
changed to it being off in PHP 4.2.0, and certainly hasn't changed back.
cheers,
--
- Martin Norland, Sys Admin / Database / Web Developer, International
Outreach x3257
The opinion(s) contained within this email do not necessarily represent
those of St. Jude Children's Research Hospital.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] problems with a script
I think you do. When I first installed php5, the tried a few apps that were written in php4, and they never worked with 5. -Original Message- From: John R. Sims, Jr. [mailto:[EMAIL PROTECTED] Sent: Thursday, May 12, 2005 10:04 AM To: php-db@lists.php.net; php_mysql@yahoogroups.com Subject: [PHP-DB] problems with a script Hi everyone, I have a question. I have built a script on my desktop that works fine, but when I upload it to the server, it does not post the data to the database. I checked the my server and the isp server. I am running php 5.+ but my isp is only running php 4.3.9 does this mean I have to change my script? JOHN -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] problems with a script
Not enough info to decide. PHP is supposed to be fairly backward compatible. Are you using the mysqli library to connect? You may have to change to the standard mysql library and functions. Bastien From: John R. Sims, Jr. [EMAIL PROTECTED] To: php-db@lists.php.net, php_mysql@yahoogroups.com Subject: [PHP-DB] problems with a script Date: Thu, 12 May 2005 10:03:34 -0400 Hi everyone, I have a question. I have built a script on my desktop that works fine, but when I upload it to the server, it does not post the data to the database. I checked the my server and the isp server. I am running php 5.+ but my isp is only running php 4.3.9 does this mean I have to change my script? JOHN -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] problems with a script
Rally depends on what you mean by ...does not post the data to the database. Can you confirm that you can connect to the database on your ISP's server? Can you echo out the query string and see output that accurately reflects what you expect to be sent to the server? Does PHP or the database return any sort of error or warning? Most importantly, can you post code or output demonstrating any or all of the above? Some of that information may help narrow down the possibilities. Rich -Original Message- From: John R. Sims, Jr. [mailto:[EMAIL PROTECTED] Sent: Thursday, May 12, 2005 10:04 AM To: php-db@lists.php.net; php_mysql@yahoogroups.com Subject: [PHP-DB] problems with a script Hi everyone, I have a question. I have built a script on my desktop that works fine, but when I upload it to the server, it does not post the data to the database. I checked the my server and the isp server. I am running php 5.+ but my isp is only running php 4.3.9 does this mean I have to change my script? JOHN -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] problems with a script. .
Mychael Scribner wrote: I think you do. When I first installed php5, the tried a few apps that were written in php4, and they never worked with 5. -Original Message- From: John R. Sims, Jr. [mailto:[EMAIL PROTECTED] Sent: Thursday, May 12, 2005 10:04 AM To: php-db@lists.php.net; php_mysql@yahoogroups.com Subject: [PHP-DB] problems with a script Hi everyone, I have a question. I have built a script on my desktop that works fine, but when I upload it to the server, it does not post the data to the database. I checked the my server and the isp server. I am running php 5.+ but my isp is only running php 4.3.9 does this mean I have to change my script? --- eep crosspost --- You will likely need to change some parts of it, but it should by no means be a complete rewrite. We'd need more info to track down whether it's a specific problem - but I suggest you read this: http://us4.php.net/manual/en/migration5.php and more specifically this: http://us4.php.net/manual/en/migration5.incompatible.php to see what might have changed that you're using that php4 doesn't handle the same. Any instances of unknown functions and the likes will have to be tracked down and dealt with as you hit it. Basically - your best bet is enabling error messages (note: @ before a function suppresses errors) and grunting through it. Note - obviously - if you are using lots of the newer php5 features (mostly related to classes) you probably won't want to try migrating down, and might be better off looking for a new host or setting up php5 on your current host (either you or them installing it, more likely you'll have to if it's even allowed). cheers, -- - Martin Norland, Sys Admin / Database / Web Developer, International Outreach x3257 The opinion(s) contained within this email do not necessarily represent those of St. Jude Children's Research Hospital. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] problems with a script. .
Martin; I have taken your advice and read both of the articles, but
unfortunately I have not been able to find what needs to be changed. As I
mentioned, I am very new at this.
Could you possibly look at the script and point me in the right direction?
Keep the faith
John
html
head
titleWireless Neighborhoods/title
/head ?php
// Set the page title and include the HTML header.
$page_title = 'Wireless Neighborhoods';
include_once ('include/header.html');
$db_connection = mysql_connect ('db.wireless-neighborhoods.org', 'scfn',
'scfn75') or die (mysql_error());
$db_select = mysql_select_db('scfn') or die (mysql_error());
// If the form was submitted, process it.
if (isset($submit)) {
$query = insert into case_note values ('0', '$id',NOW(),
NOW(),'$cmanager', '$location', '$purpose', '$present', '$subject',
'$note');
if (@mysql_query ($query)) {
echo 'A Case Note has been added.';
} else {
echo 'The case note could not be added.' . mysql_error();
}
}
?
font face=Verdana
body bgcolor=#F0FFFD
pfont size=5CTC Database Contact Log/font/p?php
//Prints something like: Monday 15th of January 2003 05:51:38 AM
echo date(l dS of F Y -- h:i:s A);//Prints something like: Monday the 15th
?
fieldset
brlegendEnter your information in the form below:/legend
form action=?=$PHP_SELF ? method=post
Client Name:select name=idoptionSelect The Client/option
?php
// Select one of the Students.
$query = SELECT id, CONCAT(fname, ', ', lname) AS name FROM client ORDER BY
lname ASC;
$query_result = @mysql_query ($query);
while ($row = @mysql_fetch_array ($query_result)) {
echo option value=\$row[id]\$row[name]/option\n;
}
?
/select brbr
Contact Date: input type=text name=date_added
size=20nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;
Case Manager: select name=cmanageroptionSelect a Case Manager/option
optionFreddie Boykin/option
optionMonica Harmon/option
optionEd Rivers/option
optionJoseph McLeod/option
optionChasity Cheatham/option
optionRick Flanagan/option
/selectbr /
pPurpose of Contact: select size=1 name=purpose
optionSelect One/option
optionInitial Contact/option
optionFollow-up Contact/option
optionEvent/option
/selectnbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;
Location of Contact:nbsp; select size=1 name=location
optionSelect One/option
optionOffice Visit/option
optionSchool Visit/option
optionHome Visit/option
optionNeighborhood Visit/option
/selectnbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;
/p
pPresent at Contact:nbsp;nbsp; select size=1 name=present
optionSelect One/option
optionClient/option
optionParent/option
optionTeachers/option
/selectnbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp; /p
pSubject:nbsp; input type=text name=subject
size=69nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;
/p
pNotes:nbsp;nbsp;nbsp; textarea rows=4 name=note
cols=66/textarea/p
pinput type=submit name=submit value=Submit //p
/form
pnbsp;/p
?php
include_once ('include/footer.html');
?
/body
/html
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Problems with a script
Since I definitely don't have time to copy your script and duplicate your
environment, perhaps you would be so kind as to tell what the hell is wrong
with itthen we can try to help you
bastien
From: John R. Sims, Jr. [EMAIL PROTECTED]
To: php-db@lists.php.net
Subject: [PHP-DB] Problems with a script
Date: Mon, 2 May 2005 17:07:48 -0400
?php
if (($_POST[op] != add) || ($_GET[master_id] != )) {
//haven't seen the form, so show it
$display_block =
h1Add an Entry/h1
form method=\post\ action=\$_SERVER[PHP_SELF]\;
if ($_GET[master_id] != ) {
//connect to database
$conn = mysql_connect(localhost, root, becky) or
die(mysql_error());
mysql_select_db(testDB,$conn) or die(mysql_error());
//get first, last names for display/tests validity
$get_names = select concat_ws(' ', fname, lname) as display_name
from client where id = $_GET[master_id];
$get_names_res = mysql_query($get_names) or die(mysql_error());
if (mysql_num_rows($get_names_res) == 1) {
$display_name = mysql_result($get_names_res,0,'display_name');
}
}
if ($display_name != ) {
$display_block .= PAdding information for
strong$display_name/strong:/p;
} else {
$display_block .=
PstrongFirst/Last Names:/strongbr
input type=\text\ name=\fname\ size=30 maxlength=75
input type=\text\ name=\lname\ size=30 maxlength=75;
}
$display_block .= PstrongAddress:/strongbr
input type=\text\ name=\address\ size=30
PstrongCity/State/Zip:/strongbr
input type=\text\ name=\city\ size=30 maxlength=50
input type=\text\ name=\state\ size=5 maxlength=2
input type=\text\ name=\zip\ size=10 maxlength=10
PstrongHome Telephone Number:/strongbr
input type=\text\ name=\hphone\ size=30 maxlength=25
PstrongMobil Telephone Number:/strongbr
input type=\text\ name=\mphone\ size=30 maxlength=25
PstrongEmail Address:/strongbr
input type=\text\ name=\email\ size=30 maxlength=150
PstrongCTC Organization:/strongbr
input type=\text\ name=\ctcorg\ size=30 maxlength=150
PstrongCase Manager:/strongbr
input type=\text\ name=\cmanager\ size=30 maxlength=150
PstrongNeighborhood:/strongbr
input type=\text\ name=\neighborhood\ size=30 maxlength=150
PstrongPersonal Note:/strongbr
textarea name=\notes\ cols=35 rows=5 wrap=virtual/textarea
input type=\hidden\ name=\op\ value=\add\
input type=\hidden\ name=\master_id\ value=\$_GET[master_id]\
pinput type=\submit\ name=\submit\ value=\Add Entry\/p
/FORM;
} else if ($_POST[op] == add) {
//time to add to tables, so check for required fields
if ((($_POST[fname] == ) || ($_POST[lname] == ))
($_POST[master_id] == )) {
header(Location: basicinfo_form.php);
exit;
}
//connect to database
$conn = mysql_connect(localhost, root, becky) or
die(mysql_error());
mysql_select_db(testDB,$conn) or die(mysql_error());
if ($_POST[master_id] == ) {
//add to master_name table
$add_master = insert into client values ('$_POST[fname]',
'$_POST[lname]');
mysql_query($add_master) or die(mysql_error());
//get master_id for use with other tables
$master_id = mysql_insert_id();
} else {
$master_id = $_POST[master_id];
}
if (($_POST[address]) || ($_POST[city]) || ($_POST[state]) ||
($_POST[zip])) {
//something relevant, so add to address table
$add_address = insert into client values ('$_POST[address]',
'$_POST[city]', '$_POST[state]', '$_POST[zip]');
mysql_query($add_address) or die(mysql_error());
}
if ($_POST[hphone]) {
//something relevant, so add to telephone table
$add_tel = insert into client values ('$_POST[hphone]');
mysql_query($add_tel) or die(mysql_error());
}
if ($_POST[mphone]) {
//something relevant, so add to fax table
$add_fax = insert into client values ('$_POST[mphone]');
mysql_query($add_fax) or die(mysql_error());
}
if ($_POST[email]) {
//something relevant, so add to email table
$add_email = insert into client values ('$_POST[email]',);
mysql_query($add_email) or die(mysql_error());
}
if ($_POST[ctcorg]) {
//something relevant, so add to ctcorg table
$add_email = insert into client values ('$_POST[ctcorg]',);
mysql_query($add_email) or die(mysql_error());
}
if ($_POST[cmanager]) {
//something relevant, so add to ccmanager table
$add_email = insert into client values ('$_POST[cmanager]',);
mysql_query($add_email) or die(mysql_error());
}
if ($_POST[neighborhood]) {
//something relevant, so add to neighborhood table
$add_email = insert into client values ('$_POST[neighborhood]',);
mysql_query($add_email) or die(mysql_error());
}
if ($_POST[notes]) {
//something relevant, so add to notes table
$add_note = insert into client values ('$_POST[notes]');
mysql_query($add_note) or die(mysql_error());
}
$display_block = h1Entry Added/h1
PYour entry has been added. Would you like to
a
Re: [PHP-DB] Problems with a script. .
John R. Sims, Jr. wrote:
?php
[snip * - not even gunna bother]
/HTML
Okay, quick/proper fixes 1 - 4:
1) you never open a FORM element, you only close it - you'll be
wanting one, probably with a method=POST.
2) you should quote your array indices... just because php will evaluate
them as themselves doesn't mean it's a good thing to rely on.
wrong: ($_POST[master_id] == )) {
right: ($_POST['master_id'] == )) {
3) you should similarly quote and curly group for the mysql queries.
wrong:
$add_master = insert into client values ($_POST[fname]', '$_POST[lname]');
right:
$add_master = insert into client values ('{$_POST['fname']}',
'{$_POST['lname']}');
4) also, all of your queries are doing inserts - they're not specifying
the fields they are to insert into, and I'm sure many of them should in
fact be UPDATE statements. You'll want to fix that before your data
gets *too* sparse.
Once that's all fixed, go to step 5.
5) rewrite all the database accesses to prevent people from doing sql
injection attacks and ruining everything.
cheers,
--
- Martin Norland, Sys Admin / Database / Web Developer, International
Outreach x3257
The opinion(s) contained within this email do not necessarily represent
those of St. Jude Children's Research Hospital.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
