strange problem with php

Hi guys,

I have just set up a duplicate server running:
apache 2.54, mysql 5.04 and php 5.04

This is the same setup as as the server we are using now, apart from
the hardware inside. I have copied across the database and website,
with exact same permissions as the first server.

The problem is that part of the php code is executing but others
arent:

example:
------------------------
// Make the connection
mysql_connect("localhost", "dailyuser", "hidupituindah") or
die(mysql_error());
echo "Connected to MySQL
";
mysql_select_db("sales") or die(mysql_error());
echo "Connected to Database
";

$query = mysql_query("SELECT product_name FROM `code_tbl` WHERE `code`
='P191")
or die(mysql_error());

$result = mysql_fetch_array($query);
echo "The name of the product is " .$result['product_name']. " ";
?>
-----------------

This will work with no problems

But when i change it to:
-----------------
// Make the connection
mysql_connect("localhost", "user", "pass") or die(mysql_error());
echo "Connected to MySQL
";
mysql_select_db("sales") or die(mysql_error());
echo "Connected to Database
";

$query = mysql_query("SELECT product_name FROM `code_tbl` WHERE `code`
='$code")
or die(mysql_error());

$result = mysql_fetch_array($query);
echo "The name of the product is " .$result['product_name']. " ";
?>
-----------------
and select the page with /test.php?code=P191

It connects to the database, but the result is empty, leaving the
line:
The name of the product is

I am completely lost with this!!
Not sure if its apache, php or sql... i am assuming this is php,
although i know one shouldnt assume anything.
Any help would be much appreciated, before i have no hair left to pull

Dave.

Re: strange problem with php

On Wed, 15 Aug 2007 11:59:25 +0200, Dave =

wrote:

> Hi guys,
>
> I have just set up a duplicate server running:
> apache 2.54, mysql 5.04 and php 5.04
>
> This is the same setup as as the server we are using now, apart from
> the hardware inside. I have copied across the database and website,
> with exact same permissions as the first server.
>
> The problem is that part of the php code is executing but others
> arent:
>
> example:
> ------------------------
> > // Make the connection
> mysql_connect("localhost", "********", "**********") or

Hmmm, seemed like a real user/pass combo to me...


> die(mysql_error());
> echo "Connected to MySQL
";
> mysql_select_db("sales") or die(mysql_error());
> echo "Connected to Database
";
>
> $query =3D mysql_query("SELECT product_name FROM `code_tbl` WHERE `cod=
e`
> =3D'P191")

Shouldn't that be `code` =3D 'P191'" (notice the ending single quote).

> or die(mysql_error());
>
> $result =3D mysql_fetch_array($query);
> echo "The name of the product is " .$result['product_name']. " ";
> ?>
> -----------------
>
> This will work with no problems
>
> But when i change it to:
> -----------------
> > // Make the connection
> mysql_connect("localhost", "user", "pass") or die(mysql_error());
> echo "Connected to MySQL
";
> mysql_select_db("sales") or die(mysql_error());
> echo "Connected to Database
";
>
> $query =3D mysql_query("SELECT product_name FROM `code_tbl` WHERE `cod=
e`
> =3D'$code")

Again, the missing ending single quote in the SQL statement. Where does =
=

$code com form BTW? You're not relying on register_globals are you? Not =
a =

good thing. So, use $code =3D mysql_real_escape_string($_GET['code']); f=
irst.

> $result =3D mysql_fetch_array($query);

var_dump($result);
-- =

Rik Wasmus

Re: strange problem with php

Dave escribió:
> $query = mysql_query("SELECT product_name FROM `code_tbl` WHERE `code`
> ='P191")
> or die(mysql_error());
>
> $result = mysql_fetch_array($query);
> echo "The name of the product is " .$result['product_name']. " ";
> ?>
> -----------------
>
> This will work with no problems

Weird... The query contains an unmatched quote.





> $query = mysql_query("SELECT product_name FROM `code_tbl` WHERE `code`
> ='$code")
> or die(mysql_error());
>
> $result = mysql_fetch_array($query);
> echo "The name of the product is " .$result['product_name']. " ";
> ?>
> -----------------
> and select the page with /test.php?code=P191

Your code relies on the register_globals directive, which is disabled by
default. There're good reasons for it. You should access your query
params through the $_GET array. E.G.:

$query = "SELECT product_name FROM `code_tbl` WHERE `code` >='" .
mysql_real_escape_string($_GET['code']) . "'";



--
-+ http://alvaro.es - Álvaro G. Vicario - Burgos, Spain
++ Mi sitio sobre programación web: http://bits.demogracia.com
+- Mi web de humor austrohúngaro: http://www.demogracia.com
--

Re: strange problem with php

On 15 Aug, 11:06, Rik wrote:
> On Wed, 15 Aug 2007 11:59:25 +0200, Dave
>
>
>
>
>
> wrote:
> > Hi guys,
>
> > I have just set up a duplicate server running:
> > apache 2.54, mysql 5.04 and php 5.04
>
> > This is the same setup as as the server we are using now, apart from
> > the hardware inside. I have copied across the database and website,
> > with exact same permissions as the first server.
>
> > The problem is that part of the php code is executing but others
> > arent:
>
> > example:
> > ------------------------
> > > > // Make the connection
> > mysql_connect("localhost", "********", "**********") or
>
> Hmmm, seemed like a real user/pass combo to me...
>
> > die(mysql_error());
> > echo "Connected to MySQL
";
> > mysql_select_db("sales") or die(mysql_error());
> > echo "Connected to Database
";
>
> > $query = mysql_query("SELECT product_name FROM `code_tbl` WHERE `code`
> > ='P191")
>
> Shouldn't that be `code` = 'P191'" (notice the ending single quote).
>
>
>
>
>
> > or die(mysql_error());
>
> > $result = mysql_fetch_array($query);
> > echo "The name of the product is " .$result['product_name']. " ";
> > ?>
> > -----------------
>
> > This will work with no problems
>
> > But when i change it to:
> > -----------------
> > > > // Make the connection
> > mysql_connect("localhost", "user", "pass") or die(mysql_error());
> > echo "Connected to MySQL
";
> > mysql_select_db("sales") or die(mysql_error());
> > echo "Connected to Database
";
>
> > $query = mysql_query("SELECT product_name FROM `code_tbl` WHERE `code`
> > ='$code")
>
> Again, the missing ending single quote in the SQL statement. Where does
> $code com form BTW? You're not relying on register_globals are you? Not a
> good thing. So, use $code = mysql_real_escape_string($_GET['code']); first.
>
> > $result = mysql_fetch_array($query);
>
> var_dump($result);
> --
> Rik Wasmus- Hide quoted text -
>
> - Show quoted text -- Hide quoted text -
>
> - Show quoted text -

Hi Rik, thanks for the prompt reply

The missing ' was a mistype in the post. I have tried adding the code
you suggested along with others.

1. adding the line $code = mysql_real_escape_string($_GET['code']);
outputs absolutely nothing, not even "connected to database"

2. Removing the single quotes around $code
outputs: You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near '' at line 1

3. Removing the last single quote from around $code (so becomes
'$code ) like mistype above.
outputs: You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near ''' at line 1

4. When single quotes are put back in and adding the line
var_dump($result);
outputs: array(2) { [0]=> string(0) "" ["product_name"]=> string(0)
"" }

5. When manually adding the code P191 in to the php code instead of
$code, the ouput of var_dump is:
array(2) { [0]=> string(28) "Pulsar Classic Bomber
Jacket" ["product_name"]=> string(28) "Pulsar Classic Bomber Jacket" }

Dave.

Also, register globals is off.

Re: strange problem with php

On Wed, 15 Aug 2007 12:26:42 +0200, Dave =

wrote:
> On 15 Aug, 11:06, Rik wrote:
>> On Wed, 15 Aug 2007 11:59:25 +0200, Dave
>> wrote:
>> > I have just set up a duplicate server running:
>> > apache 2.54, mysql 5.04 and php 5.04
>>
>> > This is the same setup as as the server we are using now, apart fro=
m
>> > the hardware inside. I have copied across the database and website,=

>> > with exact same permissions as the first server.
>>
>> > The problem is that part of the php code is executing but others
>> > arent:
>>
>> > example:
>> > ------------------------
>> > >> > die(mysql_error());
>> > echo "Connected to MySQL
";
>> > mysql_select_db("sales") or die(mysql_error());
>> > echo "Connected to Database
";
>>
>> > $query =3D mysql_query("SELECT product_name FROM `code_tbl` WHERE `=
code`
>> > =3D'P191")
>>
>> Shouldn't that be `code` =3D 'P191'" (notice the ending single quote)=
..
>>
>> > or die(mysql_error());
>>
>> > But when i change it to:
>> > -----------------
>> > >> > // Make the connection
>> > mysql_connect("localhost", "user", "pass") or die(mysql_error());
>> > echo "Connected to MySQL
";
>> > mysql_select_db("sales") or die(mysql_error());
>> > echo "Connected to Database
";
>>
>> > $query =3D mysql_query("SELECT product_name FROM `code_tbl` WHERE `=
code`
>> > =3D'$code")
>>
>> Again, the missing ending single quote in the SQL statement. Where do=
es
>> $code com form BTW? You're not relying on register_globals are you? N=
ot =

>> a
>> good thing. So, use $code =3D mysql_real_escape_string($_GET['code'])=
; =

>> first.
>>
>> > $result =3D mysql_fetch_array($query);
>>
>> var_dump($result);
>
> The missing ' was a mistype in the post. I have tried adding the code
> you suggested along with others.
>
> 1. adding the line $code =3D mysql_real_escape_string($_GET['code']);
> outputs absolutely nothing, not even "connected to database"

Have you enabled display_errors? It should be done just after connecting=
=

to the database.

> 2. Removing the single quotes around $code

You shouldn't do that.

> 3. Removing the last single quote from around $code (so becomes
> '$code ) like mistype above.

Shouldn't do that either.

> 4. When single quotes are put back in and adding the line
> var_dump($result);
> outputs: array(2) { [0]=3D> string(0) "" ["product_name"]=3D> string(0=
)
> "" }
>
> 5. When manually adding the code P191 in to the php code instead of
> $code, the ouput of var_dump is:
> array(2) { [0]=3D> string(28) "Pulsar Classic Bomber
> Jacket" ["product_name"]=3D> string(28) "Pulsar Classic Bomber Jacket"=
}

Well, echo the query that gets send before actually using it, and examin=
e =

where it differs.

-- =

Rik Wasmus

Re: strange problem with php

On 15 Aug, 11:35, Rik wrote:
> On Wed, 15 Aug 2007 12:26:42 +0200, Dave
>
>
>
>
>
> wrote:
> > On 15 Aug, 11:06, Rik wrote:
> >> On Wed, 15 Aug 2007 11:59:25 +0200, Dave
> >> wrote:
> >> > I have just set up a duplicate server running:
> >> > apache 2.54, mysql 5.04 and php 5.04
>
> >> > This is the same setup as as the server we are using now, apart from
> >> > the hardware inside. I have copied across the database and website,
> >> > with exact same permissions as the first server.
>
> >> > The problem is that part of the php code is executing but others
> >> > arent:
>
> >> > example:
> >> > ------------------------
> >> > > >> > die(mysql_error());
> >> > echo "Connected to MySQL
";
> >> > mysql_select_db("sales") or die(mysql_error());
> >> > echo "Connected to Database
";
>
> >> > $query = mysql_query("SELECT product_name FROM `code_tbl` WHERE `code`
> >> > ='P191")
>
> >> Shouldn't that be `code` = 'P191'" (notice the ending single quote).
>
> >> > or die(mysql_error());
>
> >> > But when i change it to:
> >> > -----------------
> >> > > >> > // Make the connection
> >> > mysql_connect("localhost", "user", "pass") or die(mysql_error());
> >> > echo "Connected to MySQL
";
> >> > mysql_select_db("sales") or die(mysql_error());
> >> > echo "Connected to Database
";
>
> >> > $query = mysql_query("SELECT product_name FROM `code_tbl` WHERE `code`
> >> > ='$code")
>
> >> Again, the missing ending single quote in the SQL statement. Where does
> >> $code com form BTW? You're not relying on register_globals are you? Not
> >> a
> >> good thing. So, use $code = mysql_real_escape_string($_GET['code']);
> >> first.
>
> >> > $result = mysql_fetch_array($query);
>
> >> var_dump($result);
>
> > The missing ' was a mistype in the post. I have tried adding the code
> > you suggested along with others.
>
> > 1. adding the line $code = mysql_real_escape_string($_GET['code']);
> > outputs absolutely nothing, not even "connected to database"
>
> Have you enabled display_errors? It should be done just after connecting
> to the database.
>
> > 2. Removing the single quotes around $code
>
> You shouldn't do that.
>
> > 3. Removing the last single quote from around $code (so becomes
> > '$code ) like mistype above.
>
> Shouldn't do that either.
>
> > 4. When single quotes are put back in and adding the line
> > var_dump($result);
> > outputs: array(2) { [0]=> string(0) "" ["product_name"]=> string(0)
> > "" }
>
> > 5. When manually adding the code P191 in to the php code instead of
> > $code, the ouput of var_dump is:
> > array(2) { [0]=> string(28) "Pulsar Classic Bomber
> > Jacket" ["product_name"]=> string(28) "Pulsar Classic Bomber Jacket" }
>
> Well, echo the query that gets send before actually using it, and examine
> where it differs.
>
> --
> Rik Wasmus- Hide quoted text -
>
> - Show quoted text -


Hi Rik,

I echoed the $code to the page, and it didnt show. However i have
noticed that on our internal server, register globals is on. So to
test, i turned it on our external server, and everything seems to
work.
So i guess when you asked before whether i was using register globals,
in actual fact, we was on our internal server, but i only looked at
the new server.

So now i found the problem, any pointers how to fix this, I am not too
clued up on register globals, although i am searching now...

thanks for the help
Dave.

Re: strange problem with php

Dave wrote:
> On 15 Aug, 11:35, Rik wrote:
>> On Wed, 15 Aug 2007 12:26:42 +0200, Dave
>>
>>
>>
>>
>>
>> wrote:
>>> On 15 Aug, 11:06, Rik wrote:
>>>> On Wed, 15 Aug 2007 11:59:25 +0200, Dave
>>>> wrote:
>>>>> I have just set up a duplicate server running:
>>>>> apache 2.54, mysql 5.04 and php 5.04
>>>>> This is the same setup as as the server we are using now, apart from
>>>>> the hardware inside. I have copied across the database and website,
>>>>> with exact same permissions as the first server.
>>>>> The problem is that part of the php code is executing but others
>>>>> arent:
>>>>> example:
>>>>> ------------------------
>>>>> >>>>> die(mysql_error());
>>>>> echo "Connected to MySQL
";
>>>>> mysql_select_db("sales") or die(mysql_error());
>>>>> echo "Connected to Database
";
>>>>> $query = mysql_query("SELECT product_name FROM `code_tbl` WHERE `code`
>>>>> ='P191")
>>>> Shouldn't that be `code` = 'P191'" (notice the ending single quote).
>>>>> or die(mysql_error());
>>>>> But when i change it to:
>>>>> -----------------
>>>>> >>>>> // Make the connection
>>>>> mysql_connect("localhost", "user", "pass") or die(mysql_error());
>>>>> echo "Connected to MySQL
";
>>>>> mysql_select_db("sales") or die(mysql_error());
>>>>> echo "Connected to Database
";
>>>>> $query = mysql_query("SELECT product_name FROM `code_tbl` WHERE `code`
>>>>> ='$code")
>>>> Again, the missing ending single quote in the SQL statement. Where does
>>>> $code com form BTW? You're not relying on register_globals are you? Not
>>>> a
>>>> good thing. So, use $code = mysql_real_escape_string($_GET['code']);
>>>> first.
>>>>> $result = mysql_fetch_array($query);
>>>> var_dump($result);
>>> The missing ' was a mistype in the post. I have tried adding the code
>>> you suggested along with others.
>>> 1. adding the line $code = mysql_real_escape_string($_GET['code']);
>>> outputs absolutely nothing, not even "connected to database"
>> Have you enabled display_errors? It should be done just after connecting
>> to the database.
>>
>>> 2. Removing the single quotes around $code
>> You shouldn't do that.
>>
>>> 3. Removing the last single quote from around $code (so becomes
>>> '$code ) like mistype above.
>> Shouldn't do that either.
>>
>>> 4. When single quotes are put back in and adding the line
>>> var_dump($result);
>>> outputs: array(2) { [0]=> string(0) "" ["product_name"]=> string(0)
>>> "" }
>>> 5. When manually adding the code P191 in to the php code instead of
>>> $code, the ouput of var_dump is:
>>> array(2) { [0]=> string(28) "Pulsar Classic Bomber
>>> Jacket" ["product_name"]=> string(28) "Pulsar Classic Bomber Jacket" }
>> Well, echo the query that gets send before actually using it, and examine
>> where it differs.
>>
>> --
>> Rik Wasmus- Hide quoted text -
>>
>> - Show quoted text -
>
>
> Hi Rik,
>
> I echoed the $code to the page, and it didnt show. However i have
> noticed that on our internal server, register globals is on. So to
> test, i turned it on our external server, and everything seems to
> work.
> So i guess when you asked before whether i was using register globals,
> in actual fact, we was on our internal server, but i only looked at
> the new server.
>
> So now i found the problem, any pointers how to fix this, I am not too
> clued up on register globals, although i am searching now...
>
> thanks for the help
> Dave.
>

Rik wins again :-)

Yes, there is a reason it's now off by default. It's a security
exposure. You really need to change your code to not use it.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Re: strange problem with php

On 15 Aug, 13:21, Jerry Stuckle wrote:
> Dave wrote:
> > On 15 Aug, 11:35, Rik wrote:
> >> On Wed, 15 Aug 2007 12:26:42 +0200, Dave
>
> >> wrote:
> >>> On 15 Aug, 11:06, Rik wrote:
> >>>> On Wed, 15 Aug 2007 11:59:25 +0200, Dave
> >>>> wrote:
> >>>>> I have just set up a duplicate server running:
> >>>>> apache 2.54, mysql 5.04 and php 5.04
> >>>>> This is the same setup as as the server we are using now, apart from
> >>>>> the hardware inside. I have copied across the database and website,
> >>>>> with exact same permissions as the first server.
> >>>>> The problem is that part of the php code is executing but others
> >>>>> arent:
> >>>>> example:
> >>>>> ------------------------
> >>>>> > >>>>> die(mysql_error());
> >>>>> echo "Connected to MySQL
";
> >>>>> mysql_select_db("sales") or die(mysql_error());
> >>>>> echo "Connected to Database
";
> >>>>> $query = mysql_query("SELECT product_name FROM `code_tbl` WHERE `code`
> >>>>> ='P191")
> >>>> Shouldn't that be `code` = 'P191'" (notice the ending single quote).
> >>>>> or die(mysql_error());
> >>>>> But when i change it to:
> >>>>> -----------------
> >>>>> > >>>>> // Make the connection
> >>>>> mysql_connect("localhost", "user", "pass") or die(mysql_error());
> >>>>> echo "Connected to MySQL
";
> >>>>> mysql_select_db("sales") or die(mysql_error());
> >>>>> echo "Connected to Database
";
> >>>>> $query = mysql_query("SELECT product_name FROM `code_tbl` WHERE `code`
> >>>>> ='$code")
> >>>> Again, the missing ending single quote in the SQL statement. Where does
> >>>> $code com form BTW? You're not relying on register_globals are you? Not
> >>>> a
> >>>> good thing. So, use $code = mysql_real_escape_string($_GET['code']);
> >>>> first.
> >>>>> $result = mysql_fetch_array($query);
> >>>> var_dump($result);
> >>> The missing ' was a mistype in the post. I have tried adding the code
> >>> you suggested along with others.
> >>> 1. adding the line $code = mysql_real_escape_string($_GET['code']);
> >>> outputs absolutely nothing, not even "connected to database"
> >> Have you enabled display_errors? It should be done just after connecting
> >> to the database.
>
> >>> 2. Removing the single quotes around $code
> >> You shouldn't do that.
>
> >>> 3. Removing the last single quote from around $code (so becomes
> >>> '$code ) like mistype above.
> >> Shouldn't do that either.
>
> >>> 4. When single quotes are put back in and adding the line
> >>> var_dump($result);
> >>> outputs: array(2) { [0]=> string(0) "" ["product_name"]=> string(0)
> >>> "" }
> >>> 5. When manually adding the code P191 in to the php code instead of
> >>> $code, the ouput of var_dump is:
> >>> array(2) { [0]=> string(28) "Pulsar Classic Bomber
> >>> Jacket" ["product_name"]=> string(28) "Pulsar Classic Bomber Jacket" }
> >> Well, echo the query that gets send before actually using it, and examine
> >> where it differs.
>
> >> --
> >> Rik Wasmus- Hide quoted text -
>
> >> - Show quoted text -
>
> > Hi Rik,
>
> > I echoed the $code to the page, and it didnt show. However i have
> > noticed that on our internal server, register globals is on. So to
> > test, i turned it on our external server, and everything seems to
> > work.
> > So i guess when you asked before whether i was using register globals,
> > in actual fact, we was on our internal server, but i only looked at
> > the new server.
>
> > So now i found the problem, any pointers how to fix this, I am not too
> > clued up on register globals, although i am searching now...
>
> > thanks for the help
> > Dave.
>
> Rik wins again :-)
>
> Yes, there is a reason it's now off by default. It's a security
> exposure. You really need to change your code to not use it.
>
> --
> ==================
> Remove the "x" from my email address
> Jerry Stuckle
> JDS Computer Training Corp.
> jstuck...@attglobal.net
> ==================- Hide quoted text -
>
> - Show quoted text -

Hi again,

just a brief question, as I am unsure of the consequences.

The new webserver that has register_globals turned off, every page is
only accessible after logging in using cookies against the mysql
database.

This part seems to be working as normal, i have tried to access many
pages beneath this, and get redirected to the login page if not logged
in. It seems only after login, that passing variables across to other
pages is not working.

My question is, is it safe to turn globals on, for the period of time
while i am recoding all the pages to work with globals turned off, so
that our staff can use the database. I have approx, 100 pages to go
through, and am unsure how long this will take.

thanks
Dave.

Re: strange problem with php

Dave wrote:
> On 15 Aug, 13:21, Jerry Stuckle wrote:
>> Dave wrote:
>>> On 15 Aug, 11:35, Rik wrote:
>>>> On Wed, 15 Aug 2007 12:26:42 +0200, Dave
>>>> wrote:
>>>>> On 15 Aug, 11:06, Rik wrote:
>>>>>> On Wed, 15 Aug 2007 11:59:25 +0200, Dave
>>>>>> wrote:
>>>>>>> I have just set up a duplicate server running:
>>>>>>> apache 2.54, mysql 5.04 and php 5.04
>>>>>>> This is the same setup as as the server we are using now, apart from
>>>>>>> the hardware inside. I have copied across the database and website,
>>>>>>> with exact same permissions as the first server.
>>>>>>> The problem is that part of the php code is executing but others
>>>>>>> arent:
>>>>>>> example:
>>>>>>> ------------------------
>>>>>>> >>>>>>> die(mysql_error());
>>>>>>> echo "Connected to MySQL
";
>>>>>>> mysql_select_db("sales") or die(mysql_error());
>>>>>>> echo "Connected to Database
";
>>>>>>> $query = mysql_query("SELECT product_name FROM `code_tbl` WHERE `code`
>>>>>>> ='P191")
>>>>>> Shouldn't that be `code` = 'P191'" (notice the ending single quote).
>>>>>>> or die(mysql_error());
>>>>>>> But when i change it to:
>>>>>>> -----------------
>>>>>>> >>>>>>> // Make the connection
>>>>>>> mysql_connect("localhost", "user", "pass") or die(mysql_error());
>>>>>>> echo "Connected to MySQL
";
>>>>>>> mysql_select_db("sales") or die(mysql_error());
>>>>>>> echo "Connected to Database
";
>>>>>>> $query = mysql_query("SELECT product_name FROM `code_tbl` WHERE `code`
>>>>>>> ='$code")
>>>>>> Again, the missing ending single quote in the SQL statement. Where does
>>>>>> $code com form BTW? You're not relying on register_globals are you? Not
>>>>>> a
>>>>>> good thing. So, use $code = mysql_real_escape_string($_GET['code']);
>>>>>> first.
>>>>>>> $result = mysql_fetch_array($query);
>>>>>> var_dump($result);
>>>>> The missing ' was a mistype in the post. I have tried adding the code
>>>>> you suggested along with others.
>>>>> 1. adding the line $code = mysql_real_escape_string($_GET['code']);
>>>>> outputs absolutely nothing, not even "connected to database"
>>>> Have you enabled display_errors? It should be done just after connecting
>>>> to the database.
>>>>> 2. Removing the single quotes around $code
>>>> You shouldn't do that.
>>>>> 3. Removing the last single quote from around $code (so becomes
>>>>> '$code ) like mistype above.
>>>> Shouldn't do that either.
>>>>> 4. When single quotes are put back in and adding the line
>>>>> var_dump($result);
>>>>> outputs: array(2) { [0]=> string(0) "" ["product_name"]=> string(0)
>>>>> "" }
>>>>> 5. When manually adding the code P191 in to the php code instead of
>>>>> $code, the ouput of var_dump is:
>>>>> array(2) { [0]=> string(28) "Pulsar Classic Bomber
>>>>> Jacket" ["product_name"]=> string(28) "Pulsar Classic Bomber Jacket" }
>>>> Well, echo the query that gets send before actually using it, and examine
>>>> where it differs.
>>>> --
>>>> Rik Wasmus- Hide quoted text -
>>>> - Show quoted text -
>>> Hi Rik,
>>> I echoed the $code to the page, and it didnt show. However i have
>>> noticed that on our internal server, register globals is on. So to
>>> test, i turned it on our external server, and everything seems to
>>> work.
>>> So i guess when you asked before whether i was using register globals,
>>> in actual fact, we was on our internal server, but i only looked at
>>> the new server.
>>> So now i found the problem, any pointers how to fix this, I am not too
>>> clued up on register globals, although i am searching now...
>>> thanks for the help
>>> Dave.
>> Rik wins again :-)
>>
>> Yes, there is a reason it's now off by default. It's a security
>> exposure. You really need to change your code to not use it.
>>
>> --
>> ==================
>> Remove the "x" from my email address
>> Jerry Stuckle
>> JDS Computer Training Corp.
>> jstuck...@attglobal.net
>> ==================- Hide quoted text -
>>
>> - Show quoted text -
>
> Hi again,
>
> just a brief question, as I am unsure of the consequences.
>
> The new webserver that has register_globals turned off, every page is
> only accessible after logging in using cookies against the mysql
> database.
>
> This part seems to be working as normal, i have tried to access many
> pages beneath this, and get redirected to the login page if not logged
> in. It seems only after login, that passing variables across to other
> pages is not working.
>
> My question is, is it safe to turn globals on, for the period of time
> while i am recoding all the pages to work with globals turned off, so
> that our staff can use the database. I have approx, 100 pages to go
> through, and am unsure how long this will take.
>
> thanks
> Dave.
>

No, it's not safe, which is why it was turned off in the first place.

However, since you seem to have been running with register_globals on
before, it's no less safe than it was previously.

Are you sure that is the problem? And BTW - sessions are much safer for
login tracking than cookies. It's too easy to fudge up a cookie.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Re: strange problem with php

On 15 Aug, 22:02, Jerry Stuckle wrote:
> Dave wrote:
> > On 15 Aug, 13:21, Jerry Stuckle wrote:
> >> Dave wrote:
> >>> On 15 Aug, 11:35, Rik wrote:
> >>>> On Wed, 15 Aug 2007 12:26:42 +0200, Dave
> >>>> wrote:
> >>>>> On 15 Aug, 11:06, Rik wrote:
> >>>>>> On Wed, 15 Aug 2007 11:59:25 +0200, Dave
> >>>>>> wrote:
> >>>>>>> I have just set up a duplicate server running:
> >>>>>>> apache 2.54, mysql 5.04 and php 5.04
> >>>>>>> This is the same setup as as the server we are using now, apart from
> >>>>>>> the hardware inside. I have copied across the database and website,
> >>>>>>> with exact same permissions as the first server.
> >>>>>>> The problem is that part of the php code is executing but others
> >>>>>>> arent:
> >>>>>>> example:
> >>>>>>> ------------------------
> >>>>>>> > >>>>>>> die(mysql_error());
> >>>>>>> echo "Connected to MySQL
";
> >>>>>>> mysql_select_db("sales") or die(mysql_error());
> >>>>>>> echo "Connected to Database
";
> >>>>>>> $query = mysql_query("SELECT product_name FROM `code_tbl` WHERE `code`
> >>>>>>> ='P191")
> >>>>>> Shouldn't that be `code` = 'P191'" (notice the ending single quote).
> >>>>>>> or die(mysql_error());
> >>>>>>> But when i change it to:
> >>>>>>> -----------------
> >>>>>>> > >>>>>>> // Make the connection
> >>>>>>> mysql_connect("localhost", "user", "pass") or die(mysql_error());
> >>>>>>> echo "Connected to MySQL
";
> >>>>>>> mysql_select_db("sales") or die(mysql_error());
> >>>>>>> echo "Connected to Database
";
> >>>>>>> $query = mysql_query("SELECT product_name FROM `code_tbl` WHERE `code`
> >>>>>>> ='$code")
> >>>>>> Again, the missing ending single quote in the SQL statement. Where does
> >>>>>> $code com form BTW? You're not relying on register_globals are you? Not
> >>>>>> a
> >>>>>> good thing. So, use $code = mysql_real_escape_string($_GET['code']);
> >>>>>> first.
> >>>>>>> $result = mysql_fetch_array($query);
> >>>>>> var_dump($result);
> >>>>> The missing ' was a mistype in the post. I have tried adding the code
> >>>>> you suggested along with others.
> >>>>> 1. adding the line $code = mysql_real_escape_string($_GET['code']);
> >>>>> outputs absolutely nothing, not even "connected to database"
> >>>> Have you enabled display_errors? It should be done just after connecting
> >>>> to the database.
> >>>>> 2. Removing the single quotes around $code
> >>>> You shouldn't do that.
> >>>>> 3. Removing the last single quote from around $code (so becomes
> >>>>> '$code ) like mistype above.
> >>>> Shouldn't do that either.
> >>>>> 4. When single quotes are put back in and adding the line
> >>>>> var_dump($result);
> >>>>> outputs: array(2) { [0]=> string(0) "" ["product_name"]=> string(0)
> >>>>> "" }
> >>>>> 5. When manually adding the code P191 in to the php code instead of
> >>>>> $code, the ouput of var_dump is:
> >>>>> array(2) { [0]=> string(28) "Pulsar Classic Bomber
> >>>>> Jacket" ["product_name"]=> string(28) "Pulsar Classic Bomber Jacket" }
> >>>> Well, echo the query that gets send before actually using it, and examine
> >>>> where it differs.
> >>>> --
> >>>> Rik Wasmus- Hide quoted text -
> >>>> - Show quoted text -
> >>> Hi Rik,
> >>> I echoed the $code to the page, and it didnt show. However i have
> >>> noticed that on our internal server, register globals is on. So to
> >>> test, i turned it on our external server, and everything seems to
> >>> work.
> >>> So i guess when you asked before whether i was using register globals,
> >>> in actual fact, we was on our internal server, but i only looked at
> >>> the new server.
> >>> So now i found the problem, any pointers how to fix this, I am not too
> >>> clued up on register globals, although i am searching now...
> >>> thanks for the help
> >>> Dave.
> >> Rik wins again :-)
>
> >> Yes, there is a reason it's now off by default. It's a security
> >> exposure. You really need to change your code to not use it.
>
> >> --
> >> ==================
> >> Remove the "x" from my email address
> >> Jerry Stuckle
> >> JDS Computer Training Corp.
> >> jstuck...@attglobal.net
> >> ==================- Hide quoted text -
>
> >> - Show quoted text -
>
> > Hi again,
>
> > just a brief question, as I am unsure of the consequences.
>
> > The new webserver that has register_globals turned off, every page is
> > only accessible after logging in using cookies against the mysql
> > database.
>
> > This part seems to be working as normal, i have tried to access many
> > pages beneath this, and get redirected to the login page if not logged
> > in. It seems only after login, that passing variables across to other
> > pages is not working.
>
> > My question is, is it safe to turn globals on, for the period of time
> > while i am recoding all the pages to work with globals turned off, so
> > that our staff can use the database. I have approx, 100 pages to go
> > through, and am unsure how long this will take.
>
> > thanks
> > Dave.
>
> No, it's not safe, which is why it was turned off in the first place.
>
> However, since you seem to have been running with register_globals on
> before, it's no less safe than it was previously.
>
> Are you sure that is the problem? And BTW - sessions are much safer for
> login tracking than cookies. It's too easy to fudge up a cookie.
>
> --
> ==================
> Remove the "x" from my email address
> Jerry Stuckle
> JDS Computer Training Corp.
> jstuck...@attglobal.net
> ==================- Hide quoted text -
>
> - Show quoted text -

The other server it was running on is internal to the company, so only
people who are inside the company firewall have access. The new server
will be directly on the internet.

I am not positive that register_globals is the problem but it seems
likely as when i turned globals on to try it, everything worked as it
does on our internal server. Plus when some of the pages load, by
default it holds information from the database, but then using if
statements throughout depending on what they click, depends on which
if statement to run, and its these that are not working (presumably
because its not passing the variables across)

But I suppose, better to be safe than sorry. I shall keep it that way
until i have changed all the pages.

Thanks again for the advice
Dave.