SitePoint Sponsor

User Tag List

Results 1 to 22 of 22
  1. #1
    SitePoint Addict
    Join Date
    Jun 2003
    Location
    Barrie, Ontario, Canada
    Posts
    316
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    PHP variables not working: move from PHP4 to PHP5

    Hi All,

    I should preface by saying I'm by no means proficient in PHP. Got stuck fixing someone else's error here.

    I have an older application which was working fine when the server was running PHP4. Upgraded to PHP5 and now this page isn't working.

    Specifically, variables aren't being pulled into the form (value attribute) where they should. The code (edited/simplified to make it easier):

    PHP Code:
    <?php

    if(!empty($_POST['submit']))
    {

    $status                'Active';
    $intResId              $_POST['intResId'];
    $noofuploads            $_POST['NumberOfUploads'];
    $generatePassword     =  $_POST['generatePassword'];
    $responsename1         =  $_POST['responsename1']; 
    $varstatus            $_REQUEST['status1'];

    if(
    $varstatus == 1)
    {
    $sta 'Active';
    }
    else
    {
    $sta 'Inactive';
    }    

    ### Find Company Id
    $Company="select * from ".CLIENT." where intClientId='$sessionadminId'";
    $Result=mysql_query($Company);
    $Companyfetch=mysql_fetch_array($Result);
    $clientid=$Companyfetch['intClientId'];
    $companyid=$Companyfetch['intComId'];

    //Check query to avoid duplication
    $Check"SELECT * FROM ".RESPONSE." WHERE intResId <> '$intResId' and ucase(varEmail1)='".strtoupper($email1)."' and intClientId = '$clientid' and  intComId = '$companyid'";
    $CheckRes mysql_query($Check);
    $Chuckrows mysql_num_rows($CheckRes);
    if(
    $Chuckrows == 0){    

    $updqry="UPDATE ".RESPONSE." SET intComId='$companyid',intClientId='$clientid',varResName='$responsename1',varEmail1='$email1',varEmail2 ='$varemail1',varBoss='$boss1',varPassword='$generatePassword' where intResId ='$intResId'";

    $updres=mysql_query($updqry)or die("Error".mysql_error());

    header("Location:index.php?task=responseview&log=succ&go=respondent");
    }else{
    header("Location:index.php?task=editresponse&log=err&go=response&edit=edit&intResId=$intResId");
    }


    }    


    $Displayquery="select * from ".RESPONSE." where intResId='$intResId'";

    $Displayresult=mysql_query($Displayquery)or die(mysql_error());

    while(
    $Displayarr=mysql_fetch_array($Displayresult)){

    $varResName        $Displayarr['varResName'];
    $varStatus        $Displayarr['varStatus'];
    $varBoss        $Displayarr['varBoss'];
    $company         $Displayarr['intComId'];
    $ComId             $Displayarr['intComId'];
    $client         $Displayarr['intClientId'];
    }


    ?>

    <form action="index.php?task=editresponse" method="post" enctype="multipart/form-data" name="frm_respondent" onSubmit="return respondentvalidate();">

    <table width="90%" border="0" align="center" cellpadding="0" cellspacing="0">
    <?php if($_REQUEST['log'] == "err"){ ?>
    <tr>
    <td align="center" class="information"> Email Address has already available
    </td>
    </tr>
    <?php ?>
    <tr>
    <td><table width="100%" border="0" cellspacing="0" cellpadding="0" id="tabUpload">

    <tr>
    <td height="10"></td>
    </tr>
    <tr>
    <td align="left" valign="top" ><strong>Respondent Name: </strong><br />
    <input name="responsename1" type="text" id="responsename1" value="<?php echo $varResName?>" size="35" /></td>
    </tr>

    </table></td>
    </tr>


    <tr>
    <td><input type="hidden" name="NumberOfUploads" id="NumberOfUploads" value="1" />
    <input type="hidden" name="intResId" value="<?php print $intResId;?>" />
    <input type="hidden" name="edit" value="<?php print $edit;?>" />

    <input name="submit" type="submit" class="button" id="submit" value="Edit Respondent" />

    </tr>
    </table>
    </form>
    Any idea why this would stop working? Do you need more information from me to fix this? I assume it's a simple fix (I already had to fix a few other things) but just not sure here.

    Thanks in advance.
    Last edited by SpacePhoenix; Jan 26, 2012 at 12:46. Reason: swapped code tags for php tags around php script

  2. #2
    SitePoint Enthusiast jakub_polak's Avatar
    Join Date
    Jan 2012
    Location
    Slovakia
    Posts
    35
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hello,

    please put right after <?php :

    PHP Code:
    echo '<pre>'var_dump($_POST); echo '</pre>'
    Then submit formular and show us the contents of $_POST array please.

  3. #3
    SitePoint Addict
    Join Date
    Jun 2003
    Location
    Barrie, Ontario, Canada
    Posts
    316
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I believe it's empty, this is what it returned:

    Code:
    array(0) {
    }
    Thanks.

  4. #4
    SitePoint Guru
    Join Date
    Nov 2003
    Location
    Huntsville AL
    Posts
    689
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    Nothing really jumps out but you "simplified" the code and didn't say what was actually not working.

    So consider posting any error message. Might need to add error_reporting(E_ALL); to the top of the file.

  5. #5
    SitePoint Addict FizixRichard's Avatar
    Join Date
    May 2003
    Location
    UK
    Posts
    372
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by ahundiak View Post
    Nothing really jumps out but you "simplified" the code and didn't say what was actually not working.

    So consider posting any error message. Might need to add error_reporting(E_ALL); to the top of the file.

    Agreed, and a copy of the DB in SQL (small sample) so we can setup and see whats happening might help.


    I removed the queries to check and commented some stuff, the person name is picked up so the POST is working. I have a hunch that your not collecting the user to edit after the form is first submitted. But I can't check without seeing the whole code and seeing the DB.
    FIZIX - Full Service Digital Agency - Engaging websites, apps and games.
    Follow us @FIZIXAgency

  6. #6
    SitePoint Wizard lorenw's Avatar
    Join Date
    Feb 2005
    Location
    was rainy Oregon now sunny Florida
    Posts
    1,098
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    This jumps out at me ".CLIENT."
    I think it should be ..... select * from CLIENT where .....
    I've just never see it written that way.
    What I lack in acuracy I make up for in misteaks

  7. #7
    SitePoint Addict FizixRichard's Avatar
    Join Date
    May 2003
    Location
    UK
    Posts
    372
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by lorenw View Post
    This jumps out at me ".CLIENT."
    I think it should be ..... select * from CLIENT where .....
    I've just never see it written that way.

    I assumed this was a constant that held the client table name, maybe you are right though.
    FIZIX - Full Service Digital Agency - Engaging websites, apps and games.
    Follow us @FIZIXAgency

  8. #8
    SitePoint Addict
    Join Date
    Jun 2003
    Location
    Barrie, Ontario, Canada
    Posts
    316
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for help so far. Here's where I stand:

    I added error_reporting(E_ALL); to the top of the page, but nothing displayed.

    I tried switching
    PHP Code:
    from ".CLIENT." where 
    to
    PHP Code:
    from CLIENT where 
    but again no luck.

    How can I go about getting a sample of the database that you need without exposing the data within (don't want to include actual person's data)?

    And when I said "simplified" all I did was take out some of the form fields from the HTML. Didn't edit the PHP code at all. There are some additional variables that aren't being pulled in addition to varResName (varEmail1, varEmail2, etc.).

    Thanks again for the help so far.

  9. #9
    SitePoint Wizard TheRedDevil's Avatar
    Join Date
    Sep 2004
    Location
    Norway
    Posts
    1,196
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    The "CLIENT" is a constant, so leave that as it was. It most probably contain the name of the table with a prefix as mentioned above.

    I saw this variable: $sessionadminId and it makes me wonder if the script uses the deprecated function "session_register()" instead of accessing the session array through $_SESSION. So check how that variable is set, and if it is indeed a session you need to change it to the new system to use sessions.

    In addition check if register_globals are turned on or off, if its off try to turn it on and see if it works then. If it works, it means you got a problem with POST, GET, COOKIE, SESSION variables being used as a plain variable.

  10. #10
    SitePoint Addict
    Join Date
    Jun 2003
    Location
    Barrie, Ontario, Canada
    Posts
    316
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by TheRedDevil View Post
    The "CLIENT" is a constant, so leave that as it was. It most probably contain the name of the table with a prefix as mentioned above.

    I saw this variable: $sessionadminId and it makes me wonder if the script uses the deprecated function "session_register()" instead of accessing the session array through $_SESSION. So check how that variable is set, and if it is indeed a session you need to change it to the new system to use sessions.

    In addition check if register_globals are turned on or off, if its off try to turn it on and see if it works then. If it works, it means you got a problem with POST, GET, COOKIE, SESSION variables being used as a plain variable.
    Yes, session_register() was being used, but I already caught that. In my first round of edits to the script I changed a bunch of files to the new $_SESSION.

    register_globals is off. My first idea was to turn them on so I wouldn't have to edit any of the script, but that doesn't appear to be an option at this point (hosting restrictions). Thanks for taking a look.

  11. #11
    SitePoint Wizard TheRedDevil's Avatar
    Join Date
    Sep 2004
    Location
    Norway
    Posts
    1,196
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    What you need to do is manually go over every file of the script and fix the references that rely on register global, if you look at this file just by taking another look I can see that these variables are never set before they are used:
    $sessionadminId
    $email1
    $varemail1
    $boss1

    Not to mention that the script is wide open for SQL injection. So you should make certain that all the values inserted into the database is either cast to int or wrapped with mysql_real_escape_string().

    With other words, you have a few hours with work ahead of you doing normal "search and replace" tasks to fix the script to be able to work without register_globals turned on

  12. #12
    SitePoint Mentor bronze trophy
    John_Betong's Avatar
    Join Date
    Aug 2005
    Location
    City of Angels
    Posts
    1,806
    Mentioned
    73 Post(s)
    Tagged
    6 Thread(s)
    Quote Originally Posted by hockeykid View Post
    Thanks for help so far. Here's where I stand:

    I added error_reporting(E_ALL); to the top of the page, but nothing displayed.
    It looks like you are catching the errors but they are not being displayed which accounts for the blank page.

    Try this:

    PHP Code:
    <?php 
    error_reporting
    (E_ALL); 
    ini_set('display_errors'TRUE); 
    $i2hockeykid(' if the function does_not_exist then an error will be shown');


    # Also maybe set default $_POST values:

    if(!empty($_POST['submit']))
    {
      
    $status    'Active';
      
    $intResId = isset($_POST['intResId']) ? $_POST['intResId']  : 'intResId NOT SET';
      
    # repeat for remaining $_POST items

    ?>

  13. #13
    SitePoint Guru
    Join Date
    Nov 2003
    Location
    Huntsville AL
    Posts
    689
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by hockeykid View Post
    And when I said "simplified" all I did was take out some of the form fields from the HTML. Didn't edit the PHP code at all. There are some additional variables that aren't being pulled in addition to varResName (varEmail1, varEmail2, etc.).
    Hmmm. Don't take this the wrong way but I don't think this is quite accurate. The code you posted does not show any include files so there is no place where CLIENT can be defined neither is there a place where your mysql connection can be set or where sessionadminId could be set . It could not possibly have worked under PHP4 unless your php.ini file was setup to automatically include a file on each request which seems unlikely on a shared host.

    Are you sure you are looking at the correct file? I have seen plenty of projects where there are a gazillion files many of which are not used. How many files are we talking about here? If it is a big app then you should probably take the time to setup a local development machine and maybe use a source code control system. Otherwise, you may end up chasing your tail for a long long time.

  14. #14
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    6 Thread(s)
    Quote Originally Posted by ahundiak View Post
    Hmmm. Don't take this the wrong way but I don't think this is quite accurate. The code you posted does not show any include files so there is no place where CLIENT can be defined neither is there a place where your mysql connection can be set or where sessionadminId could be set . It could not possibly have worked under PHP4 unless your php.ini file was setup to automatically include a file on each request which seems unlikely on a shared host.
    While considered 'bad practise' as it leads to this type of lack of clarity, perhaps the files shown is included into another page that sets the constant value prior to the inclusion?
    ictus==""

  15. #15
    I solve practical problems. bronze trophy
    Michael Morris's Avatar
    Join Date
    Jan 2008
    Location
    Knoxville TN
    Posts
    2,023
    Mentioned
    62 Post(s)
    Tagged
    0 Thread(s)
    Go into the .htaccess file of the page and add

    php_flag_register_globals on

    See if it runs. If it does, your problem is the older script is expecting the post variables to be registered into the global scope - similar to calling extrace($_REQUEST) at the start of the file. (The reason this might work is register_globals is turned off by default in PHP 5)

    DO NOT LEAVE THE CODE IN THIS STATE. That setting was deprecated, with good reason, as of PHP 4.3. It has been removed in PHP 5.4 and the script will not run under PHP 5.4 until you go in, find all the references to the variables that are expected to be global and edit them (this could take awhile for a large program).

  16. #16
    SitePoint Addict
    Join Date
    Jun 2003
    Location
    Barrie, Ontario, Canada
    Posts
    316
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Michael Morris View Post
    Go into the .htaccess file of the page and add

    php_flag_register_globals on

    See if it runs. If it does, your problem is the older script is expecting the post variables to be registered into the global scope - similar to calling extrace($_REQUEST) at the start of the file. (The reason this might work is register_globals is turned off by default in PHP 5)

    DO NOT LEAVE THE CODE IN THIS STATE. That setting was deprecated, with good reason, as of PHP 4.3. It has been removed in PHP 5.4 and the script will not run under PHP 5.4 until you go in, find all the references to the variables that are expected to be global and edit them (this could take awhile for a large program).
    Again, I'd like to thank everyone for their input. As I said, just trying to fix up someone else's mess without enough knowledge to do so.

    By adding php_flag register_globals on to my site's .htaccess file I was able to get this page to work. What exactly do I need to change throughout the script in order to ensure it works without leaving register_globals on?

  17. #17
    SitePoint Zealot blackberryfan's Avatar
    Join Date
    Nov 2010
    Location
    middleOnowhere, South Africa.
    Posts
    101
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    hockeykid, do you have access to the .htaccess file? You can turn on register globals that way...

    EDIT: did not read his reply at the bottom...

  18. #18
    SitePoint Addict
    Join Date
    Jun 2003
    Location
    Barrie, Ontario, Canada
    Posts
    316
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I do have access to edit the .htaccess but I think for security-sake and future considerations I'd like to know how to edit the script to work with register_globals off. Thanks.

  19. #19
    SitePoint Zealot blackberryfan's Avatar
    Join Date
    Nov 2010
    Location
    middleOnowhere, South Africa.
    Posts
    101
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I do think that this is a good start on your part. This actually happened to me a while back too, but i changed hosts, then all of a sudden things didnt work. It's what brought me to this thread infact

    But all you really need to wrap your head around in this regard, is that you need to define each variable as it is... ie
    Code:
    $_SESSION['user']
    is not
    Code:
    $user
    it is
    Code:
    $_SESSION['user']
    .

    Goodluck!

  20. #20
    I solve practical problems. bronze trophy
    Michael Morris's Avatar
    Join Date
    Jan 2008
    Location
    Knoxville TN
    Posts
    2,023
    Mentioned
    62 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by hockeykid View Post
    I do have access to edit the .htaccess but I think for security-sake and future considerations I'd like to know how to edit the script to work with register_globals off. Thanks.
    I wasn't suggesting leaving register globals on longterm. I was suggesting turning it on long enough to see if that was the source of the problem.

  21. #21
    SitePoint Enthusiast
    Join Date
    Aug 2011
    Posts
    67
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    You could try to put this directly after the <?php

    PHP Code:
    if(isset($_POST)){
        echo 
    '<pre>'print_r($_POST); echo '</pre>';  
        exit;

    Then click the submit button of the form and you should see whats in the post. Check if it is correct and debug from there. If the post is still empty there is something seriously wrong with the universe.

  22. #22
    SitePoint Wizard lorenw's Avatar
    Join Date
    Feb 2005
    Location
    was rainy Oregon now sunny Florida
    Posts
    1,098
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    In your forms you will have something like <input type="text" name="email">.
    After the form is posted and with globals on you can use echo $email; and it works.
    With globals off you need to do this, echo $_POST['email'];
    What I lack in acuracy I make up for in misteaks


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •