Im getting these errors after installing a script on the server. I dont have a choice of where it is hosted so I cannot change the fact that its php4. I didn’t write the script and it works on php5 without errors.
Here is what I am getting:
Notice: Undefined index: loggedInTimecard in /database.php on line 5
Notice: Undefined index: userName in /database.php on line 14
Notice: Undefined index: password in /database.php on line 14
Fatal error: Call to a member function on a non-object in /database.php on line 15
Is this easily fixable or will I have to rewrite the whole dang thing?
I’ve seen quite a bit of code that simply ignores notice errors. But in this case it’s not too hard to fix them. You can either define them to a default value and then redefine them. Or you can test if they’re set before trying to use them. eg.
do other validation stuff and then use it in preferably a prepared statement. The code you posted looks like it doesn’t do much in the way of security.
The fatal error is a more serious error. mysql_connect() returns a resource, and AFAIK it doesn’t have a query method so I don’t know what that’s about.
I don’t know who wrote the script but I’d either ask them about it or find something better.
So it seems that $Conn is an object of a database class.
Yes then the OP needs to do something like Stephen already told if OP has the function query() defined somewhere in his library and supposed to use. Otherwise either he should go for mysqli and change the connection and all accordingly or he needs to use mysql_query($sql, $Conn) or something like this.
While it’s true you can simply turn off the notice errors (perhaps justifiable in production but not development testing IMHO), I still think it’s unwise to use the user supplied input directly in the query without validating and sanitizing it.
I was able to get the host to upgrade to PHP Version 5.1.6, the orginal server this ran on was PHP Version 5.2.11. It still doesn’t work.
I took the following suggestion:
$Conn->query($sql);
to
query($sql,$Conn);
to fix that error.
And I still received the Call to undefined query(). Why would the first part of this query run to check the user/pass and when it has been validated it tries to run the second and fails?
if($_COOKIE['loggedInTimecard'] == "1") {
$sql = "SELECT * FROM users WHERE id ='" . $_COOKIE['idTimeCard'] ."'";
$result = $Conn->query($sql);
while($recordSet = $result->fetch_assoc()){
$adminName = $recordSet['fName'] . " " . $recordSet['lName'];
$signature = $recordSet['signature'];
$userId = $recordSet['id'];
}
}else{
$sql = "SELECT * FROM users WHERE userName ='" . $_POST['userName'] ."' AND password ='" . md5($_POST['password']) ."'";
$result = $Conn->query($sql);
I am not awesome at this by an stretch and Im stuck since it was working on another server. I didn’t write this it was given to me to use. Thanks!
mysqli
MysqlI Support enabled
Client API library version 5.0.82sp1
Client API header version 5.0.62
MYSQLI_SOCKET /var/lib/mysql/mysql.sock
Directive Local Value Master Value
mysqli.default_host no value no value
mysqli.default_port 3306 3306
mysqli.default_pw no value no value
mysqli.default_socket no value no value
mysqli.default_user no value no value
mysqli.max_links Unlimited Unlimited
mysqli.reconnect Off Off
First of all you be sure that you are intentionally using mysqli or not. If yes, then see if that has been installed/enabled in your server or not because it might not be enabled in all the servers. If you are using normal mysql functions then you need to change your code something like this:
$sql = "SELECT * FROM users WHERE id ='" . $_COOKIE['idTimeCard'] ."'";
$result = mysql_query($sql) or die(mysql_error());
while($recordSet = mysql_fetch_assoc($result)){
$adminName = $recordSet['fName'] . " " . $recordSet['lName'];
$signature = $recordSet['signature'];
$userId = $recordSet['id'];
}