Re: [PHP-DB] problems with a script. .
John R. Sims, Jr. wrote: Martin; I have taken your advice and read both of the articles, but unfortunately I have not been able to find what needs to be changed. As I mentioned, I am very new at this. Could you possibly look at the script and point me in the right direction? [snip] /head ?php // Set the page title and include the HTML header. $page_title = 'Wireless Neighborhoods'; include_once ('include/header.html'); $db_connection = mysql_connect ('db.wireless-neighborhoods.org', 'scfn', 'scfn75') or die (mysql_error()); $db_select = mysql_select_db('scfn') or die (mysql_error()); // If the form was submitted, process it. if (isset($submit)) { $query = insert into case_note values ('0', '$id',NOW(), NOW(),'$cmanager', '$location', '$purpose', '$present', '$subject', '$note'); if (@mysql_query ($query)) { ààecho 'A Case Note has been added.'; } else { ààecho 'The case note could not be added.' . mysql_error(); } } ? [snip] It looks like you are using register_globals on your development machine. You'll likely find it easier to write safer/cleaner PHP scripts if you don't rely on this. http://us2.php.net/register_globals though register globals itself isn't strictly a security issue, it is a convenience that can cause unwanted/undue variable namespace pollution. I'd recommend you disable it on your development machine ( in your php.ini configuration file ) and then you'll have to set about changing any variables that are coming from get/post - e.g. if (isset($submit)) { becomes if (isset($_POST['submit'])) { and the likes. It's odd that your PHP 5 installation has this enabled - the default changed to it being off in PHP 4.2.0, and certainly hasn't changed back. cheers, -- - Martin Norland, Sys Admin / Database / Web Developer, International Outreach x3257 The opinion(s) contained within this email do not necessarily represent those of St. Jude Children's Research Hospital. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php ** IMPORTANT NOTICE This communication is for the exclusive use of the intended recipient(s) named above. If you receive this communication in error, you should notify the sender by e-mail or by telephone (+44) 191 224 4461, delete it and destroy any copies of it. This communication may contain confidential information and material protected by copyright, design right or other intellectual property rights which are and shall remain the property of Piranha Studios Limited. Any form of distribution, copying or other unauthorised use of this communication or the information in it is strictly prohibited. Piranha Studios Limited asserts its rights in this communication and the information in it and reserves the right to take action against anyone who misuses it or the information in it. Piranha Studios Limited cannot accept any liability sustained as a result of software viruses and would recommend that you carry out your own virus checks before opening any attachment. GWAVAsigAdmID:A00631876AE75ABACF5876E2D91276D2 ** IMPORTANT NOTICE This communication is for the exclusive use of the intended recipient(s) named above. If you receive this communication in error, you should notify the sender by e-mail or by telephone (+44) 191 224 4461, delete it and destroy any copies of it. This communication may contain confidential information and material protected by copyright, design right or other intellectual property rights which are and shall remain the property of Piranha Studios Limited. Any form of distribution, copying or other unauthorised use of this communication or the information in it is strictly prohibited. Piranha Studios Limited asserts its rights in this communication and the information in it and reserves the right to take action against anyone who misuses it or the information in it. Piranha Studios Limited cannot accept any liability sustained as a result of software viruses and would recommend that you carry out your own virus checks before opening any attachment. GWAVAsig -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] problems with a script. .
John R. Sims, Jr. wrote: Martin; I have taken your advice and read both of the articles, but unfortunately I have not been able to find what needs to be changed. As I mentioned, I am very new at this. Could you possibly look at the script and point me in the right direction? [snip] /head ?php // Set the page title and include the HTML header. $page_title = 'Wireless Neighborhoods'; include_once ('include/header.html'); $db_connection = mysql_connect ('db.wireless-neighborhoods.org', 'scfn', 'scfn75') or die (mysql_error()); $db_select = mysql_select_db('scfn') or die (mysql_error()); // If the form was submitted, process it. if (isset($submit)) { $query = insert into case_note values ('0', '$id',NOW(), NOW(),'$cmanager', '$location', '$purpose', '$present', '$subject', '$note'); if (@mysql_query ($query)) { echo 'A Case Note has been added.'; } else { echo 'The case note could not be added.' . mysql_error(); } } ? [snip] It looks like you are using register_globals on your development machine. You'll likely find it easier to write safer/cleaner PHP scripts if you don't rely on this. http://us2.php.net/register_globals though register globals itself isn't strictly a security issue, it is a convenience that can cause unwanted/undue variable namespace pollution. I'd recommend you disable it on your development machine ( in your php.ini configuration file ) and then you'll have to set about changing any variables that are coming from get/post - e.g. if (isset($submit)) { becomes if (isset($_POST['submit'])) { and the likes. It's odd that your PHP 5 installation has this enabled - the default changed to it being off in PHP 4.2.0, and certainly hasn't changed back. cheers, -- - Martin Norland, Sys Admin / Database / Web Developer, International Outreach x3257 The opinion(s) contained within this email do not necessarily represent those of St. Jude Children's Research Hospital. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] problems with a script
I think you do. When I first installed php5, the tried a few apps that were written in php4, and they never worked with 5. -Original Message- From: John R. Sims, Jr. [mailto:[EMAIL PROTECTED] Sent: Thursday, May 12, 2005 10:04 AM To: php-db@lists.php.net; php_mysql@yahoogroups.com Subject: [PHP-DB] problems with a script Hi everyone, I have a question. I have built a script on my desktop that works fine, but when I upload it to the server, it does not post the data to the database. I checked the my server and the isp server. I am running php 5.+ but my isp is only running php 4.3.9 does this mean I have to change my script? JOHN -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] problems with a script
Not enough info to decide. PHP is supposed to be fairly backward compatible. Are you using the mysqli library to connect? You may have to change to the standard mysql library and functions. Bastien From: John R. Sims, Jr. [EMAIL PROTECTED] To: php-db@lists.php.net, php_mysql@yahoogroups.com Subject: [PHP-DB] problems with a script Date: Thu, 12 May 2005 10:03:34 -0400 Hi everyone, I have a question. I have built a script on my desktop that works fine, but when I upload it to the server, it does not post the data to the database. I checked the my server and the isp server. I am running php 5.+ but my isp is only running php 4.3.9 does this mean I have to change my script? JOHN -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] problems with a script
Rally depends on what you mean by ...does not post the data to the database. Can you confirm that you can connect to the database on your ISP's server? Can you echo out the query string and see output that accurately reflects what you expect to be sent to the server? Does PHP or the database return any sort of error or warning? Most importantly, can you post code or output demonstrating any or all of the above? Some of that information may help narrow down the possibilities. Rich -Original Message- From: John R. Sims, Jr. [mailto:[EMAIL PROTECTED] Sent: Thursday, May 12, 2005 10:04 AM To: php-db@lists.php.net; php_mysql@yahoogroups.com Subject: [PHP-DB] problems with a script Hi everyone, I have a question. I have built a script on my desktop that works fine, but when I upload it to the server, it does not post the data to the database. I checked the my server and the isp server. I am running php 5.+ but my isp is only running php 4.3.9 does this mean I have to change my script? JOHN -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] problems with a script. .
Mychael Scribner wrote: I think you do. When I first installed php5, the tried a few apps that were written in php4, and they never worked with 5. -Original Message- From: John R. Sims, Jr. [mailto:[EMAIL PROTECTED] Sent: Thursday, May 12, 2005 10:04 AM To: php-db@lists.php.net; php_mysql@yahoogroups.com Subject: [PHP-DB] problems with a script Hi everyone, I have a question. I have built a script on my desktop that works fine, but when I upload it to the server, it does not post the data to the database. I checked the my server and the isp server. I am running php 5.+ but my isp is only running php 4.3.9 does this mean I have to change my script? --- eep crosspost --- You will likely need to change some parts of it, but it should by no means be a complete rewrite. We'd need more info to track down whether it's a specific problem - but I suggest you read this: http://us4.php.net/manual/en/migration5.php and more specifically this: http://us4.php.net/manual/en/migration5.incompatible.php to see what might have changed that you're using that php4 doesn't handle the same. Any instances of unknown functions and the likes will have to be tracked down and dealt with as you hit it. Basically - your best bet is enabling error messages (note: @ before a function suppresses errors) and grunting through it. Note - obviously - if you are using lots of the newer php5 features (mostly related to classes) you probably won't want to try migrating down, and might be better off looking for a new host or setting up php5 on your current host (either you or them installing it, more likely you'll have to if it's even allowed). cheers, -- - Martin Norland, Sys Admin / Database / Web Developer, International Outreach x3257 The opinion(s) contained within this email do not necessarily represent those of St. Jude Children's Research Hospital. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] problems with a script. .
Martin; I have taken your advice and read both of the articles, but unfortunately I have not been able to find what needs to be changed. As I mentioned, I am very new at this. Could you possibly look at the script and point me in the right direction? Keep the faith John html head titleWireless Neighborhoods/title /head ?php // Set the page title and include the HTML header. $page_title = 'Wireless Neighborhoods'; include_once ('include/header.html'); $db_connection = mysql_connect ('db.wireless-neighborhoods.org', 'scfn', 'scfn75') or die (mysql_error()); $db_select = mysql_select_db('scfn') or die (mysql_error()); // If the form was submitted, process it. if (isset($submit)) { $query = insert into case_note values ('0', '$id',NOW(), NOW(),'$cmanager', '$location', '$purpose', '$present', '$subject', '$note'); if (@mysql_query ($query)) { echo 'A Case Note has been added.'; } else { echo 'The case note could not be added.' . mysql_error(); } } ? font face=Verdana body bgcolor=#F0FFFD pfont size=5CTC Database Contact Log/font/p?php //Prints something like: Monday 15th of January 2003 05:51:38 AM echo date(l dS of F Y -- h:i:s A);//Prints something like: Monday the 15th ? fieldset brlegendEnter your information in the form below:/legend form action=?=$PHP_SELF ? method=post Client Name:select name=idoptionSelect The Client/option ?php // Select one of the Students. $query = SELECT id, CONCAT(fname, ', ', lname) AS name FROM client ORDER BY lname ASC; $query_result = @mysql_query ($query); while ($row = @mysql_fetch_array ($query_result)) { echo option value=\$row[id]\$row[name]/option\n; } ? /select brbr Contact Date: input type=text name=date_added size=20nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp; Case Manager: select name=cmanageroptionSelect a Case Manager/option optionFreddie Boykin/option optionMonica Harmon/option optionEd Rivers/option optionJoseph McLeod/option optionChasity Cheatham/option optionRick Flanagan/option /selectbr / pPurpose of Contact: select size=1 name=purpose optionSelect One/option optionInitial Contact/option optionFollow-up Contact/option optionEvent/option /selectnbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp; Location of Contact:nbsp; select size=1 name=location optionSelect One/option optionOffice Visit/option optionSchool Visit/option optionHome Visit/option optionNeighborhood Visit/option /selectnbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp; /p pPresent at Contact:nbsp;nbsp; select size=1 name=present optionSelect One/option optionClient/option optionParent/option optionTeachers/option /selectnbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp; /p pSubject:nbsp; input type=text name=subject size=69nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp; /p pNotes:nbsp;nbsp;nbsp; textarea rows=4 name=note cols=66/textarea/p pinput type=submit name=submit value=Submit //p /form pnbsp;/p ?php include_once ('include/footer.html'); ? /body /html -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Problems with a script
Since I definitely don't have time to copy your script and duplicate your environment, perhaps you would be so kind as to tell what the hell is wrong with itthen we can try to help you bastien From: John R. Sims, Jr. [EMAIL PROTECTED] To: php-db@lists.php.net Subject: [PHP-DB] Problems with a script Date: Mon, 2 May 2005 17:07:48 -0400 ?php if (($_POST[op] != add) || ($_GET[master_id] != )) { //haven't seen the form, so show it $display_block = h1Add an Entry/h1 form method=\post\ action=\$_SERVER[PHP_SELF]\; if ($_GET[master_id] != ) { //connect to database $conn = mysql_connect(localhost, root, becky) or die(mysql_error()); mysql_select_db(testDB,$conn) or die(mysql_error()); //get first, last names for display/tests validity $get_names = select concat_ws(' ', fname, lname) as display_name from client where id = $_GET[master_id]; $get_names_res = mysql_query($get_names) or die(mysql_error()); if (mysql_num_rows($get_names_res) == 1) { $display_name = mysql_result($get_names_res,0,'display_name'); } } if ($display_name != ) { $display_block .= PAdding information for strong$display_name/strong:/p; } else { $display_block .= PstrongFirst/Last Names:/strongbr input type=\text\ name=\fname\ size=30 maxlength=75 input type=\text\ name=\lname\ size=30 maxlength=75; } $display_block .= PstrongAddress:/strongbr input type=\text\ name=\address\ size=30 PstrongCity/State/Zip:/strongbr input type=\text\ name=\city\ size=30 maxlength=50 input type=\text\ name=\state\ size=5 maxlength=2 input type=\text\ name=\zip\ size=10 maxlength=10 PstrongHome Telephone Number:/strongbr input type=\text\ name=\hphone\ size=30 maxlength=25 PstrongMobil Telephone Number:/strongbr input type=\text\ name=\mphone\ size=30 maxlength=25 PstrongEmail Address:/strongbr input type=\text\ name=\email\ size=30 maxlength=150 PstrongCTC Organization:/strongbr input type=\text\ name=\ctcorg\ size=30 maxlength=150 PstrongCase Manager:/strongbr input type=\text\ name=\cmanager\ size=30 maxlength=150 PstrongNeighborhood:/strongbr input type=\text\ name=\neighborhood\ size=30 maxlength=150 PstrongPersonal Note:/strongbr textarea name=\notes\ cols=35 rows=5 wrap=virtual/textarea input type=\hidden\ name=\op\ value=\add\ input type=\hidden\ name=\master_id\ value=\$_GET[master_id]\ pinput type=\submit\ name=\submit\ value=\Add Entry\/p /FORM; } else if ($_POST[op] == add) { //time to add to tables, so check for required fields if ((($_POST[fname] == ) || ($_POST[lname] == )) ($_POST[master_id] == )) { header(Location: basicinfo_form.php); exit; } //connect to database $conn = mysql_connect(localhost, root, becky) or die(mysql_error()); mysql_select_db(testDB,$conn) or die(mysql_error()); if ($_POST[master_id] == ) { //add to master_name table $add_master = insert into client values ('$_POST[fname]', '$_POST[lname]'); mysql_query($add_master) or die(mysql_error()); //get master_id for use with other tables $master_id = mysql_insert_id(); } else { $master_id = $_POST[master_id]; } if (($_POST[address]) || ($_POST[city]) || ($_POST[state]) || ($_POST[zip])) { //something relevant, so add to address table $add_address = insert into client values ('$_POST[address]', '$_POST[city]', '$_POST[state]', '$_POST[zip]'); mysql_query($add_address) or die(mysql_error()); } if ($_POST[hphone]) { //something relevant, so add to telephone table $add_tel = insert into client values ('$_POST[hphone]'); mysql_query($add_tel) or die(mysql_error()); } if ($_POST[mphone]) { //something relevant, so add to fax table $add_fax = insert into client values ('$_POST[mphone]'); mysql_query($add_fax) or die(mysql_error()); } if ($_POST[email]) { //something relevant, so add to email table $add_email = insert into client values ('$_POST[email]',); mysql_query($add_email) or die(mysql_error()); } if ($_POST[ctcorg]) { //something relevant, so add to ctcorg table $add_email = insert into client values ('$_POST[ctcorg]',); mysql_query($add_email) or die(mysql_error()); } if ($_POST[cmanager]) { //something relevant, so add to ccmanager table $add_email = insert into client values ('$_POST[cmanager]',); mysql_query($add_email) or die(mysql_error()); } if ($_POST[neighborhood]) { //something relevant, so add to neighborhood table $add_email = insert into client values ('$_POST[neighborhood]',); mysql_query($add_email) or die(mysql_error()); } if ($_POST[notes]) { //something relevant, so add to notes table $add_note = insert into client values ('$_POST[notes]'); mysql_query($add_note) or die(mysql_error()); } $display_block = h1Entry Added/h1 PYour entry has been added. Would you like to a
Re: [PHP-DB] Problems with a script. .
John R. Sims, Jr. wrote: ?php [snip * - not even gunna bother] /HTML Okay, quick/proper fixes 1 - 4: 1) you never open a FORM element, you only close it - you'll be wanting one, probably with a method=POST. 2) you should quote your array indices... just because php will evaluate them as themselves doesn't mean it's a good thing to rely on. wrong: ($_POST[master_id] == )) { right: ($_POST['master_id'] == )) { 3) you should similarly quote and curly group for the mysql queries. wrong: $add_master = insert into client values ($_POST[fname]', '$_POST[lname]'); right: $add_master = insert into client values ('{$_POST['fname']}', '{$_POST['lname']}'); 4) also, all of your queries are doing inserts - they're not specifying the fields they are to insert into, and I'm sure many of them should in fact be UPDATE statements. You'll want to fix that before your data gets *too* sparse. Once that's all fixed, go to step 5. 5) rewrite all the database accesses to prevent people from doing sql injection attacks and ruining everything. cheers, -- - Martin Norland, Sys Admin / Database / Web Developer, International Outreach x3257 The opinion(s) contained within this email do not necessarily represent those of St. Jude Children's Research Hospital. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php