I moved a site across from one server to another, and now there is one thing
no longer working properly that worked fine on the other. It may turn out to
be a PHP4 to PHP5 problem, dont know as I cant access now what the other
server had.
Certain pages on the website were able to render a list of 30 items, since
the move it now only renders the first item only.
I'm sure you want some code, but before I give that can we determine if I'm
on the right list - the function does pull items from a database so it is
sort of related, though I'm not sure it is a db problem.
In the php output page we have
$list->render( $db, $start, COUNT );
Not sure if that is a clue or not, anyway let me know if you me to post all
the related classes and functions.
Cheers
Gav...
------=_Part_58703_18760677.1220174510170--
Re: Problem after moving servers
am 31.08.2008 11:30:47 von Evert Lammerts
> $list->render( $db, $start, COUNT );
Send the code of this function and tell me the value of COUNT.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: Problem after moving servers
am 31.08.2008 12:09:02 von Evert Lammerts
Can you send over the function ProfileList::render? And you should
make sure that whenever the render() function of one of ProfileList's
subclasses is called, the value of $count is 30... It seems the most
likely source of your problem to me. To check the value of $count you
can do and echo $count; or var_dump($count); in the
ProfileList::render() function.
Make sure to always include the list in your replies. This way people
can reuse solutions from the archives.
Evert
On Sun, Aug 31, 2008 at 11:21 AM, Gav wrote:
> Hi All,
>
> I moved a site across from one server to another, and now there is one thing
> no longer working properly that worked fine on the other. It may turn out to
> be a PHP4 to PHP5 problem, dont know as I cant access now what the other
> server had.
>
> Certain pages on the website were able to render a list of 30 items, since
> the move it now only renders the first item only.
>
> I'm sure you want some code, but before I give that can we determine if I'm
> on the right list - the function does pull items from a database so it is
> sort of related, though I'm not sure it is a db problem.
>
> In the php output page we have
>
> $list->render( $db, $start, COUNT );
>
> Not sure if that is a clue or not, anyway let me know if you me to post all
> the related classes and functions.
>
> Cheers
>
> Gav...
>
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
On Sun, Aug 31, 2008 at 8:09 PM, Evert Lammerts wrote:
> Can you send over the function ProfileList::render? And you should
> make sure that whenever the render() function of one of ProfileList's
> subclasses is called, the value of $count is 30... It seems the most
> likely source of your problem to me. To check the value of $count you
> can do and echo $count; or var_dump($count); in the
> ProfileList::render() function.
>
Hmm, I'm no guru but I thought it may have been some incompatibility I'd
need to change so it worked on a newer PHP than was on the old server. This
code has remained unchanged and working perfect for at least 3 years that I
know of. I never changed a single byte of it when moving servers except the
new db connection parameters.
COUNT and $count look like they have different roles to me, COUNT is the
amount of designers to be listed per page, $count is the number of designers
to be listed altogether, so 150 designers would give me 5 pages of 30
designers.
Anyway, I did not write the code and I don't pretend to understand all of
it, so I'm including most of the file here so you can pick what you need :)
Note that that RegionSelector() and SpecSelector() work fine.
And that AllProfiles() , ProfilesByRegion() and ProfilesBySpec() are the
ones that now do not work any more - these three that do not work are part
of the ProfileList Class, so I thought it would be something in this class
as they are all common to it. I had also read the the re-use of $this had
changed in PHP5.2+ but I can not work out if this (npi) would apply in this
case.
>
>
> Make sure to always include the list in your replies. This way people
> can reuse solutions from the archives.
Sorry about that, most lists I'm subscribed to have reply-all set
automatically.
Here the code :-
// Number of designers to display per page on the list.php page.
define( "COUNT", 30 );
// Makes DB present for ALL client scripts / pages.
// This is a global scope variable. To minimize memory
// usage the $db variable is passed by reference, and not
// copyied for each function or object.
$db = new db( DBUSER, DBPASS, DBNAME );
// The RegionMultiSelector class creates the form conponent
// responsible for the input of the designers regions.
// Appears on the "Get Listed" page.
class RegionMultiSelector
{
var $html;
function RegionMultiSelector( &$db )
{
// Create query to get all regions in "regions" database table.
$q = "SELECT id, name FROM regions";
// Run the query on the database.
$db->runquery( $q );
// Start collecting HTML.
$h = "
size=\"7\">\n";
// For each row in the results print the region
while( $row = $db->getrow() )
{
$h.="\t\t\n";
}
$h.="\n";
$this->html = $h;
}
function render()
{
print $this->html;
}
}
// The RegionSelector is a drop down list for selecting singular
// regions. For purposes of filtering lists etc.
class RegionSelector extends DropNav
{
function RegionSelector( &$db )
{
$q = "SELECT id, name FROM regions";
$db->runquery( $q );
$this->addItem( "", "Please select..." );
while( $row = $db->getrow() )
{
$this->addItem( $PHP_SELF."?region=".$row->id, $row->name );
}
}
function renderBody()
{
print "
Select developers based on region.
";
print "
";
DropNav::renderBody();
print "
";
}
}
// The SpecSelector is a drop down list for selecting singular
// specialities. For purposes of filtering lists etc.
class SpecSelector extends DropNav
{
function SpecSelector( &$db )
{
$q = "SELECT id, name FROM specialities";
$db->runquery( $q );
$this->addItem( "", "Please select..." );
// The Profile List is the base class for all Profile lists.
// Subclasses must at least define the query
class ProfileList
{
var $query;
var $des;
var $lastcount;
// Render the Brief HomePage list
// &$db is a reference to the database object created for the page.
function render( &$db, $start=0, $count=1024 )
{
if ( ( $this->query=="" ) or ( ! $this->query ))
print "
Hey, you! You forgot to define a query in my subclass:
Yours ProfileList
// Loop through each designer in the database query results.
while( $row = $db->getrow() )
{
// Load up our designer object from the database selected by
ID
$this->des->load( $row->id, $db );
// Tell the designer object to print itself in brief form
$this->des->render();
}
}
else
{
print "
no developers were found for this query.
";
}
}
// Default View is Brief, but subclasses may override this.
function setView()
{
// Create a new Designer View Object to represent each designer
visually.
// (One will do, we can reuse these)
$this->des = new DesignerBriefView();
}
}
class AllProfiles extends ProfileList
{
function AllProfiles()
{
$this->query = "SELECT id FROM designers WHERE view=1 ORDER BY id
ASC";
}
function render($db, $start=0, $count=1024)
{
$db2 = $db;
print "
Listing all developers in order of sign
up.
\n";
ProfileList::render( $db2, $start, $count );
}
}
class ProfilesBySpec extends ProfileList
{
var $_spec;
function ProfilesBySpec( $spec_id )
{
$this->_spec = $spec_id;
$this->query = "SELECT d.id AS id FROM designers d, designer_spec ds
";
$this->query.= "WHERE ds.spec_id=$spec_id AND ds.designer_id=d.id ";
$this->query.= "AND d.view=1 ";
$this->query.= "ORDER BY d.id ASC ";
}
function setView()
{
// Create a new Designer View Object to represent each designer
visually.
// (One will do, we can reuse these)
$this->des = new DesignerConciseView();
}
function render(&$db, $start=0, $count=1024)
{
print "
Developers Selected on Speciality: ";
$q = "SELECT name, html FROM specialities WHERE id=$this->_spec";
$db->runquery( $q );
$row = $db->getrow();
print $row->html;
print "
\n";
ProfileList::render(&$db, $start, $count);
}
}
class ProfilesByRegion extends ProfileList
{
var $_region;
function ProfilesByRegion( $region_id )
{
$this->_region = $region_id;
$this->query = "SELECT d.id AS id FROM designers d, designer_regions
dr ";
$this->query.= "WHERE dr.region_id=$region_id AND dr.designer_id=
d.id ";
$this->query.= "AND d.view=1 ";
$this->query.= "ORDER BY d.id ASC ";
}
function setView()
{
// Create a new Designer View Object to represent each designer
visually.
// (One will do, we can reuse these)
$this->des = new DesignerConciseView();
}
function render(&$db, $start=0, $count=1024)
{
print "
Developers Selected on region: ";
$q = "SELECT name FROM regions WHERE id=$this->_region";
$db->runquery( $q );
$row = $db->getrow();
print $row->name;
print "
>
>
> Evert
>
> On Sun, Aug 31, 2008 at 11:21 AM, Gav wrote:
> > Hi All,
> >
> > I moved a site across from one server to another, and now there is one
> thing
> > no longer working properly that worked fine on the other. It may turn out
> to
> > be a PHP4 to PHP5 problem, dont know as I cant access now what the other
> > server had.
> >
> > Certain pages on the website were able to render a list of 30 items,
> since
> > the move it now only renders the first item only.
> >
> > I'm sure you want some code, but before I give that can we determine if
> I'm
> > on the right list - the function does pull items from a database so it is
> > sort of related, though I'm not sure it is a db problem.
> >
> > In the php output page we have
> >
> > $list->render( $db, $start, COUNT );
> >
> > Not sure if that is a clue or not, anyway let me know if you me to post
> all
> > the related classes and functions.
> >
> > Cheers
> >
> > Gav...
> >
>
(Sponsorship slots available on above three sites!)
------=_Part_60458_32719926.1220179518579--
Re: Problem after moving servers
am 31.08.2008 13:16:16 von Evert Lammerts
The code you've sent seems to be fine, and if I check your website it
does everything it should do in terms of filtering - if I select
Tayside as a region I get a development company with the region set to
Tayside. It seems to me that this means the problem is not in one of
the subclasses of ProfileList, so not a compatibility issue on that
level ($this->query works fine).
> while( $row = $db->getrow() )
seems to stop after one loop. This is either because there are no more
results - the query is limited to 1, so $count=1 - or because
$db->getRow generates an error.
> COUNT and $count look like they have different roles to me, COUNT is the amount of
> designers to be listed per page, $count is the number of designers to be listed altogether,
> so 150 designers would give me 5 pages of 30 designers.
In ProfileList::render the query is appended with "LIMIT $start,
$count", and the results of the query all seem to be rendered. This
probably means that $count and COUNT should have the same value - 30 -
and that the render function is initially called with the global
variable COUNT as parameter.
To check what goes wrong you first need to set error_reporting to
E_ALL in php.ini and restart your webserver, or add the line
error_reporting(E_ALL); at the beginning of you code. After that you
need to print the query from ProfileList::render. Can you adjust the
function and add var_dump($q); after the line $q = $q." LIMIT $start,
$count ";?
Evert
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: Problem after moving servers
am 31.08.2008 13:27:11 von Evert Lammerts
You don't need to print the query anymore - I already did that. You
need to change your code because right now it is open for SQL
injection attacks: I added some SQL to the url and generated an SQL
error (http://www.iwdp.co.uk/list.php?region=1&start=30,2). When you
retrieve start, e.g. $_GET['start'], do a check to make sure the value
is an integer.
The good news is that the query looks fine:
SELECT d.id AS id FROM designers d, designer_regions dr WHERE
dr.region_id=1 AND dr.designer_id=d.id AND d.view=1 ORDER BY d.id ASC
LIMIT 0, 30;
Can you run this query directly on the database and see what the result is?
Also check if you get an error after setting error_reporting to E_ALL.
On Sun, Aug 31, 2008 at 1:16 PM, Evert Lammerts wrote:
> The code you've sent seems to be fine, and if I check your website it
> does everything it should do in terms of filtering - if I select
> Tayside as a region I get a development company with the region set to
> Tayside. It seems to me that this means the problem is not in one of
> the subclasses of ProfileList, so not a compatibility issue on that
> level ($this->query works fine).
>
>> while( $row = $db->getrow() )
> seems to stop after one loop. This is either because there are no more
> results - the query is limited to 1, so $count=1 - or because
> $db->getRow generates an error.
>
>> COUNT and $count look like they have different roles to me, COUNT is the amount of
>> designers to be listed per page, $count is the number of designers to be listed altogether,
>> so 150 designers would give me 5 pages of 30 designers.
>
> In ProfileList::render the query is appended with "LIMIT $start,
> $count", and the results of the query all seem to be rendered. This
> probably means that $count and COUNT should have the same value - 30 -
> and that the render function is initially called with the global
> variable COUNT as parameter.
>
> To check what goes wrong you first need to set error_reporting to
> E_ALL in php.ini and restart your webserver, or add the line
> error_reporting(E_ALL); at the beginning of you code. After that you
> need to print the query from ProfileList::render. Can you adjust the
> function and add var_dump($q); after the line $q = $q." LIMIT $start,
> $count ";?
>
> Evert
>
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
On Sun, Aug 31, 2008 at 9:27 PM, Evert Lammerts wrote:
> You don't need to print the query anymore - I already did that. You
> need to change your code because right now it is open for SQL
> injection attacks: I added some SQL to the url and generated an SQL
> error (http://www.iwdp.co.uk/list.php?region=1&start=30,2). When you
> retrieve start, e.g. $_GET['start'], do a check to make sure the value
> is an integer.
>
> The good news is that the query looks fine:
> SELECT d.id AS id FROM designers d, designer_regions dr WHERE
> dr.region_id=1 AND dr.designer_id=d.id AND d.view=1 ORDER BY d.id ASC
> LIMIT 0, 30;
>
> Can you run this query directly on the database and see what the result is?
*SQL query:* SELECT d.id AS id FROM designers d, designer_regions dr WHERE
dr.region_id=1 AND dr.designer_id=d.id AND d.view=1 ORDER BY d.id ASC LIMIT
0, 30;
*Rows:* 30 id 2 4 5 11 43 63 86 99 117 119 158 165 233 272
290 305 328 335 363 396 414 425 430 436 459 489 490 518 536
554
>
>
> Also check if you get an error after setting error_reporting to E_ALL.
Yup, I left it up there at http://www.iwdp.co.uk/list.php
The PHP_SELF being referred to as undefined is in the included file
generic.php :-
class DropNav
{
var $items =array();
var $head;
var $body;
// CONSTRUCTOR
function DropNav()
{
}
// PUBLIC
function renderHead()
{
$this->buildHTML();
print $this->head;
}
// PUBLIC
function renderBody()
{
$this->buildHTML();
print $this->body;
}
// PUBLIC
function addItem( $url, $desc )
{
$this->items[] = array( "url" => $url, "desc"=>$desc );
}
// PRIVATE
function buildHTML()
{
global $PHP_SELF;
$this->body = "\n";
$this->head = "\n\n";
}
}
Thanks
Gav...
>
> On Sun, Aug 31, 2008 at 1:16 PM, Evert Lammerts
> wrote:
> > The code you've sent seems to be fine, and if I check your website it
> > does everything it should do in terms of filtering - if I select
> > Tayside as a region I get a development company with the region set to
> > Tayside. It seems to me that this means the problem is not in one of
> > the subclasses of ProfileList, so not a compatibility issue on that
> > level ($this->query works fine).
> >
> >> while( $row = $db->getrow() )
> > seems to stop after one loop. This is either because there are no more
> > results - the query is limited to 1, so $count=1 - or because
> > $db->getRow generates an error.
> >
> >> COUNT and $count look like they have different roles to me, COUNT is the
> amount of
> >> designers to be listed per page, $count is the number of designers to be
> listed altogether,
> >> so 150 designers would give me 5 pages of 30 designers.
> >
> > In ProfileList::render the query is appended with "LIMIT $start,
> > $count", and the results of the query all seem to be rendered. This
> > probably means that $count and COUNT should have the same value - 30 -
> > and that the render function is initially called with the global
> > variable COUNT as parameter.
> >
> > To check what goes wrong you first need to set error_reporting to
> > E_ALL in php.ini and restart your webserver, or add the line
> > error_reporting(E_ALL); at the beginning of you code. After that you
> > need to print the query from ProfileList::render. Can you adjust the
> > function and add var_dump($q); after the line $q = $q." LIMIT $start,
> > $count ";?
> >
> > Evert
> >
>
Just copying the error messages here so I can revert my changes on the site.
*Notice*: Undefined variable: PHP_SELF in *
/var/virtual/web/w0019/html/profilemanager.php* on line *75*
*Notice*: Undefined variable: PHP_SELF in *
/var/virtual/web/w0019/html/profilemanager.php* on line *76
x 22 more times. Then I get :-
**Notice*: Use of undefined constant url - assumed 'url' in *
/var/virtual/web/w0019/html/generic.php* on line *289*
*Notice*: Use of undefined constant desc - assumed 'desc' in *
/var/virtual/web/w0019/html/generic.php* on line *290
x many more times.
Then the result of the var_dump($q);
*string(66) "SELECT id FROM designers WHERE view=1 ORDER BY id ASC LIMIT 0,
30 "
HTH
I am still looking at it myself, but going round in circles, so thanks for
your help.
Gav...
On Sun, Aug 31, 2008 at 10:15 PM, Gav wrote:
>
>
> On Sun, Aug 31, 2008 at 9:27 PM, Evert Lammerts wrote:
>
>> You don't need to print the query anymore - I already did that. You
>> need to change your code because right now it is open for SQL
>> injection attacks: I added some SQL to the url and generated an SQL
>> error (http://www.iwdp.co.uk/list.php?region=1&start=30,2). When you
>> retrieve start, e.g. $_GET['start'], do a check to make sure the value
>> is an integer.
>>
>> The good news is that the query looks fine:
>> SELECT d.id AS id FROM designers d, designer_regions dr WHERE
>> dr.region_id=1 AND dr.designer_id=d.id AND d.view=1 ORDER BY d.id ASC
>> LIMIT 0, 30;
>>
>> Can you run this query directly on the database and see what the result
>> is?
>
>
> *SQL query:* SELECT d.id AS id FROM designers d, designer_regions dr WHERE
> dr.region_id=1 AND dr.designer_id=d.id AND d.view=1 ORDER BY d.id ASC
> LIMIT 0, 30;
> *Rows:* 30 id 2 4 5 11 43 63 86 99 117 119 158 165 233 272
> 290 305 328 335 363 396 414 425 430 436 459 489 490 518 536
> 554
>
>>
>>
>> Also check if you get an error after setting error_reporting to E_ALL.
>
>
> Yup, I left it up there at http://www.iwdp.co.uk/list.php
>
> The PHP_SELF being referred to as undefined is in the included file
> generic.php :-
>
> class DropNav
> {
> var $items =array();
> var $head;
> var $body;
>
> // CONSTRUCTOR
> function DropNav()
> {
> }
>
> // PUBLIC
> function renderHead()
> {
> $this->buildHTML();
> print $this->head;
> }
>
> // PUBLIC
> function renderBody()
> {
> $this->buildHTML();
> print $this->body;
> }
>
> // PUBLIC
> function addItem( $url, $desc )
> {
> $this->items[] = array( "url" => $url, "desc"=>$desc );
> }
>
> // PRIVATE
> function buildHTML()
> {
> global $PHP_SELF;
> $this->body = "\n";
>
> $this->head = "\n\n";
> }
> }
>
> Thanks
>
> Gav...
>
>
>>
>> On Sun, Aug 31, 2008 at 1:16 PM, Evert Lammerts
>> wrote:
>> > The code you've sent seems to be fine, and if I check your website it
>> > does everything it should do in terms of filtering - if I select
>> > Tayside as a region I get a development company with the region set to
>> > Tayside. It seems to me that this means the problem is not in one of
>> > the subclasses of ProfileList, so not a compatibility issue on that
>> > level ($this->query works fine).
>> >
>> >> while( $row = $db->getrow() )
>> > seems to stop after one loop. This is either because there are no more
>> > results - the query is limited to 1, so $count=1 - or because
>> > $db->getRow generates an error.
>> >
>> >> COUNT and $count look like they have different roles to me, COUNT is
>> the amount of
>> >> designers to be listed per page, $count is the number of designers to
>> be listed altogether,
>> >> so 150 designers would give me 5 pages of 30 designers.
>> >
>> > In ProfileList::render the query is appended with "LIMIT $start,
>> > $count", and the results of the query all seem to be rendered. This
>> > probably means that $count and COUNT should have the same value - 30 -
>> > and that the render function is initially called with the global
>> > variable COUNT as parameter.
>> >
>> > To check what goes wrong you first need to set error_reporting to
>> > E_ALL in php.ini and restart your webserver, or add the line
>> > error_reporting(E_ALL); at the beginning of you code. After that you
>> > need to print the query from ProfileList::render. Can you adjust the
>> > function and add var_dump($q); after the line $q = $q." LIMIT $start,
>> > $count ";?
>> >
>> > Evert
>> >
>>
>
>
>
> --
> Gav...
>
>
>
>
>
------=_Part_61723_28840338.1220186044531--
Re: Problem after moving servers
am 31.08.2008 14:36:46 von Evert Lammerts
In PHP5 register_globals defaults to "off". You can either switch it
back on through your php.ini and restart your webserver, or change all
PHP_SELF references to $_SERVER['PHP_SELF']. See if that fixes your
problem.
I hope you understood the SQL injection problem I pointed out. Anybody
can drop your database, so do fix it!
On 8/31/08, Gav wrote:
> On Sun, Aug 31, 2008 at 9:27 PM, Evert Lammerts
> wrote:
>
>> You don't need to print the query anymore - I already did that. You
>> need to change your code because right now it is open for SQL
>> injection attacks: I added some SQL to the url and generated an SQL
>> error (http://www.iwdp.co.uk/list.php?region=1&start=30,2). When you
>> retrieve start, e.g. $_GET['start'], do a check to make sure the value
>> is an integer.
>>
>> The good news is that the query looks fine:
>> SELECT d.id AS id FROM designers d, designer_regions dr WHERE
>> dr.region_id=1 AND dr.designer_id=d.id AND d.view=1 ORDER BY d.id ASC
>> LIMIT 0, 30;
>>
>> Can you run this query directly on the database and see what the result
>> is?
>
>
> *SQL query:* SELECT d.id AS id FROM designers d, designer_regions dr WHERE
> dr.region_id=1 AND dr.designer_id=d.id AND d.view=1 ORDER BY d.id ASC LIMIT
> 0, 30;
> *Rows:* 30 id 2 4 5 11 43 63 86 99 117 119 158 165 233 272
> 290 305 328 335 363 396 414 425 430 436 459 489 490 518 536
> 554
>
>>
>>
>> Also check if you get an error after setting error_reporting to E_ALL.
>
>
> Yup, I left it up there at http://www.iwdp.co.uk/list.php
>
> The PHP_SELF being referred to as undefined is in the included file
> generic.php :-
>
> class DropNav
> {
> var $items =array();
> var $head;
> var $body;
>
> // CONSTRUCTOR
> function DropNav()
> {
> }
>
> // PUBLIC
> function renderHead()
> {
> $this->buildHTML();
> print $this->head;
> }
>
> // PUBLIC
> function renderBody()
> {
> $this->buildHTML();
> print $this->body;
> }
>
> // PUBLIC
> function addItem( $url, $desc )
> {
> $this->items[] = array( "url" => $url, "desc"=>$desc );
> }
>
> // PRIVATE
> function buildHTML()
> {
> global $PHP_SELF;
> $this->body = "\n";
>
> $this->head = "\n\n";
> }
> }
>
> Thanks
>
> Gav...
>
>
>>
>> On Sun, Aug 31, 2008 at 1:16 PM, Evert Lammerts
>> wrote:
>> > The code you've sent seems to be fine, and if I check your website it
>> > does everything it should do in terms of filtering - if I select
>> > Tayside as a region I get a development company with the region set to
>> > Tayside. It seems to me that this means the problem is not in one of
>> > the subclasses of ProfileList, so not a compatibility issue on that
>> > level ($this->query works fine).
>> >
>> >> while( $row = $db->getrow() )
>> > seems to stop after one loop. This is either because there are no more
>> > results - the query is limited to 1, so $count=1 - or because
>> > $db->getRow generates an error.
>> >
>> >> COUNT and $count look like they have different roles to me, COUNT is
>> >> the
>> amount of
>> >> designers to be listed per page, $count is the number of designers to
>> >> be
>> listed altogether,
>> >> so 150 designers would give me 5 pages of 30 designers.
>> >
>> > In ProfileList::render the query is appended with "LIMIT $start,
>> > $count", and the results of the query all seem to be rendered. This
>> > probably means that $count and COUNT should have the same value - 30 -
>> > and that the render function is initially called with the global
>> > variable COUNT as parameter.
>> >
>> > To check what goes wrong you first need to set error_reporting to
>> > E_ALL in php.ini and restart your webserver, or add the line
>> > error_reporting(E_ALL); at the beginning of you code. After that you
>> > need to print the query from ProfileList::render. Can you adjust the
>> > function and add var_dump($q); after the line $q = $q." LIMIT $start,
>> > $count ";?
>> >
>> > Evert
>> >
>>
>
>
>
> --
> Gav...
>
> [LinkedIn : http://www.linkedin.com/in/ipv6guru]
>
> www.16degrees.com.au | www.iwdp.co.uk | www.minitutorials.com
>
> (Sponsorship slots available on above three sites!)
>
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
On Sun, Aug 31, 2008 at 10:36 PM, Evert Lammerts wrote:
> In PHP5 register_globals defaults to "off". You can either switch it
> back on through your php.ini and restart your webserver, or change all
> PHP_SELF references to $_SERVER['PHP_SELF']. See if that fixes your
> problem.
I already have
php_admin_flag register_globals 1
in the VirtualHost config for that site, so it should be on already.
So I guess I'll try changing the references anyway jic.
>
>
> I hope you understood the SQL injection problem I pointed out. Anybody
> can drop your database, so do fix it!
Will do, thanks.
Gav...
>
>
> On 8/31/08, Gav wrote:
> > On Sun, Aug 31, 2008 at 9:27 PM, Evert Lammerts
> > wrote:
> >
> >> You don't need to print the query anymore - I already did that. You
> >> need to change your code because right now it is open for SQL
> >> injection attacks: I added some SQL to the url and generated an SQL
> >> error (http://www.iwdp.co.uk/list.php?region=1&start=30,2). When you
> >> retrieve start, e.g. $_GET['start'], do a check to make sure the value
> >> is an integer.
> >>
> >> The good news is that the query looks fine:
> >> SELECT d.id AS id FROM designers d, designer_regions dr WHERE
> >> dr.region_id=1 AND dr.designer_id=d.id AND d.view=1 ORDER BY d.id ASC
> >> LIMIT 0, 30;
> >>
> >> Can you run this query directly on the database and see what the result
> >> is?
> >
> >
> > *SQL query:* SELECT d.id AS id FROM designers d, designer_regions dr
> WHERE
> > dr.region_id=1 AND dr.designer_id=d.id AND d.view=1 ORDER BY d.id ASC
> LIMIT
> > 0, 30;
> > *Rows:* 30 id 2 4 5 11 43 63 86 99 117 119 158 165 233 272
> > 290 305 328 335 363 396 414 425 430 436 459 489 490 518 536
> > 554
> >
> >>
> >>
> >> Also check if you get an error after setting error_reporting to E_ALL.
> >
> >
> > Yup, I left it up there at http://www.iwdp.co.uk/list.php
> >
> > The PHP_SELF being referred to as undefined is in the included file
> > generic.php :-
> >
> > class DropNav
> > {
> > var $items =array();
> > var $head;
> > var $body;
> >
> > // CONSTRUCTOR
> > function DropNav()
> > {
> > }
> >
> > // PUBLIC
> > function renderHead()
> > {
> > $this->buildHTML();
> > print $this->head;
> > }
> >
> > // PUBLIC
> > function renderBody()
> > {
> > $this->buildHTML();
> > print $this->body;
> > }
> >
> > // PUBLIC
> > function addItem( $url, $desc )
> > {
> > $this->items[] = array( "url" => $url, "desc"=>$desc );
> > }
> >
> > // PRIVATE
> > function buildHTML()
> > {
> > global $PHP_SELF;
> > $this->body = "\n";
> >
> > $this->head = "\n\n";
> > }
> > }
> >
> > Thanks
> >
> > Gav...
> >
> >
> >>
> >> On Sun, Aug 31, 2008 at 1:16 PM, Evert Lammerts
> >> wrote:
> >> > The code you've sent seems to be fine, and if I check your website it
> >> > does everything it should do in terms of filtering - if I select
> >> > Tayside as a region I get a development company with the region set to
> >> > Tayside. It seems to me that this means the problem is not in one of
> >> > the subclasses of ProfileList, so not a compatibility issue on that
> >> > level ($this->query works fine).
> >> >
> >> >> while( $row = $db->getrow() )
> >> > seems to stop after one loop. This is either because there are no more
> >> > results - the query is limited to 1, so $count=1 - or because
> >> > $db->getRow generates an error.
> >> >
> >> >> COUNT and $count look like they have different roles to me, COUNT is
> >> >> the
> >> amount of
> >> >> designers to be listed per page, $count is the number of designers to
> >> >> be
> >> listed altogether,
> >> >> so 150 designers would give me 5 pages of 30 designers.
> >> >
> >> > In ProfileList::render the query is appended with "LIMIT $start,
> >> > $count", and the results of the query all seem to be rendered. This
> >> > probably means that $count and COUNT should have the same value - 30 -
> >> > and that the render function is initially called with the global
> >> > variable COUNT as parameter.
> >> >
> >> > To check what goes wrong you first need to set error_reporting to
> >> > E_ALL in php.ini and restart your webserver, or add the line
> >> > error_reporting(E_ALL); at the beginning of you code. After that you
> >> > need to print the query from ProfileList::render. Can you adjust the
> >> > function and add var_dump($q); after the line $q = $q." LIMIT $start,
> >> > $count ";?
> >> >
> >> > Evert
> >> >
> >>
> >
> >
> >
> > --
> > Gav...
> >
> > [LinkedIn : http://www.linkedin.com/in/ipv6guru]
> >
> > www.16degrees.com.au | www.iwdp.co.uk | www.minitutorials.com
> >
> > (Sponsorship slots available on above three sites!)
> >
>
>
>
> On Sun, Aug 31, 2008 at 10:36 PM, Evert Lammerts
> > wrote:
>
>> In PHP5 register_globals defaults to "off". You can either switch it
>> back on through your php.ini and restart your webserver, or change all
>> PHP_SELF references to $_SERVER['PHP_SELF']. See if that fixes your
>> problem.
>
>
> I already have
>
> php_admin_flag register_globals 1
>
> in the VirtualHost config for that site, so it should be on already.
> So I guess I'll try changing the references anyway jic.
>
Well, with E_ALL still on I have cleared all errors now so no more errors on
screen.
However, problem persists, still looking but its now 3am so I should just
try again later.
Gav...
>
>
>
>>
>>
>> I hope you understood the SQL injection problem I pointed out. Anybody
>> can drop your database, so do fix it!
>
>
> Will do, thanks.
>
> Gav...
>
>
>>
>>
>> On 8/31/08, Gav wrote:
>> > On Sun, Aug 31, 2008 at 9:27 PM, Evert Lammerts
>> > wrote:
>> >
>> >> You don't need to print the query anymore - I already did that. You
>> >> need to change your code because right now it is open for SQL
>> >> injection attacks: I added some SQL to the url and generated an SQL
>> >> error (http://www.iwdp.co.uk/list.php?region=1&start=30,2). When you
>> >> retrieve start, e.g. $_GET['start'], do a check to make sure the value
>> >> is an integer.
>> >>
>> >> The good news is that the query looks fine:
>> >> SELECT d.id AS id FROM designers d, designer_regions dr WHERE
>> >> dr.region_id=1 AND dr.designer_id=d.id AND d.view=1 ORDER BY d.id ASC
>> >> LIMIT 0, 30;
>> >>
>> >> Can you run this query directly on the database and see what the result
>> >> is?
>> >
>> >
>> > *SQL query:* SELECT d.id AS id FROM designers d, designer_regions dr
>> WHERE
>> > dr.region_id=1 AND dr.designer_id=d.id AND d.view=1 ORDER BY d.id ASC
>> LIMIT
>> > 0, 30;
>> > *Rows:* 30 id 2 4 5 11 43 63 86 99 117 119 158 165 233
>> 272
>> > 290 305 328 335 363 396 414 425 430 436 459 489 490 518
>> 536
>> > 554
>> >
>> >>
>> >>
>> >> Also check if you get an error after setting error_reporting to E_ALL.
>> >
>> >
>> > Yup, I left it up there at http://www.iwdp.co.uk/list.php
>> >
>> > The PHP_SELF being referred to as undefined is in the included file
>> > generic.php :-
>> >
>> > class DropNav
>> > {
>> > var $items =array();
>> > var $head;
>> > var $body;
>> >
>> > // CONSTRUCTOR
>> > function DropNav()
>> > {
>> > }
>> >
>> > // PUBLIC
>> > function renderHead()
>> > {
>> > $this->buildHTML();
>> > print $this->head;
>> > }
>> >
>> > // PUBLIC
>> > function renderBody()
>> > {
>> > $this->buildHTML();
>> > print $this->body;
>> > }
>> >
>> > // PUBLIC
>> > function addItem( $url, $desc )
>> > {
>> > $this->items[] = array( "url" => $url, "desc"=>$desc );
>> > }
>> >
>> > // PRIVATE
>> > function buildHTML()
>> > {
>> > global $PHP_SELF;
>> > $this->body = "\n";
>> >
>> > $this->head = "\n\n";
>> > }
>> > }
>> >
>> > Thanks
>> >
>> > Gav...
>> >
>> >
>> >>
>> >> On Sun, Aug 31, 2008 at 1:16 PM, Evert Lammerts
>> >> wrote:
>> >> > The code you've sent seems to be fine, and if I check your website it
>> >> > does everything it should do in terms of filtering - if I select
>> >> > Tayside as a region I get a development company with the region set
>> to
>> >> > Tayside. It seems to me that this means the problem is not in one of
>> >> > the subclasses of ProfileList, so not a compatibility issue on that
>> >> > level ($this->query works fine).
>> >> >
>> >> >> while( $row = $db->getrow() )
>> >> > seems to stop after one loop. This is either because there are no
>> more
>> >> > results - the query is limited to 1, so $count=1 - or because
>> >> > $db->getRow generates an error.
>> >> >
>> >> >> COUNT and $count look like they have different roles to me, COUNT is
>> >> >> the
>> >> amount of
>> >> >> designers to be listed per page, $count is the number of designers
>> to
>> >> >> be
>> >> listed altogether,
>> >> >> so 150 designers would give me 5 pages of 30 designers.
>> >> >
>> >> > In ProfileList::render the query is appended with "LIMIT $start,
>> >> > $count", and the results of the query all seem to be rendered. This
>> >> > probably means that $count and COUNT should have the same value - 30
>> -
>> >> > and that the render function is initially called with the global
>> >> > variable COUNT as parameter.
>> >> >
>> >> > To check what goes wrong you first need to set error_reporting to
>> >> > E_ALL in php.ini and restart your webserver, or add the line
>> >> > error_reporting(E_ALL); at the beginning of you code. After that you
>> >> > need to print the query from ProfileList::render. Can you adjust the
>> >> > function and add var_dump($q); after the line $q = $q." LIMIT $start,
>> >> > $count ";?
>> >> >
>> >> > Evert
>> >> >
>> >>
>> >
>> >
>> >
>> > --
>> > Gav...
>> >
>> > [LinkedIn : http://www.linkedin.com/in/ipv6guru]
>> >
>> > www.16degrees.com.au | www.iwdp.co.uk | www.minitutorials.com
>> >
>> > (Sponsorship slots available on above three sites!)
>> >
>>
>
>
>
> --
> Gav...
>
> [LinkedIn : http://www.linkedin.com/in/ipv6guru]
>
> www.16degrees.com.au | www.iwdp.co.uk | www.minitutorials.com
>
> (Sponsorship slots available on above three sites!)
>
(Sponsorship slots available on above three sites!)
------=_Part_66221_30545255.1220202041557--
Re: Problem after moving servers
am 01.09.2008 01:23:23 von Evert Lammerts
I'm pretty sure I found the problem - I should've spotted it earlier.
The function ProfileList::render gets a reference to the $db object by
its parameter &$db. While you loop over your results, you pass the
reference on to $this->des->load. I'm guessing that the definition of
$this->des->load is something like function load($id, $db);, in which
case it's not getting a reference to the $db object but an actual copy
in PHP4. Since PHP 5 there is a new object model that makes sure that
any variable that holds an object is actually just a handle to the
object - so whenever you pass it to a function you use it as a
reference instead of a copy.
To make it clear:
class test {
var $a = 1;
function aa() {
$this->a++;
}
}
This means you should first change the function definitions to not use
references for objects, so take away the & at every &$db parameter.
Second you need to create a new $db object for your $this->des->load
function before the while loop in ProfileList::render. I think the
safest option is to do something like $db2 = new Db(...). You can also
use the keyword clone to clone an object, but i'm not sure what this
does with your internal DB handle.... you could try and see what
happens. Just add $db2 = clone $db; right before the while loop. Call
$this->des->load with $db2 instead of $db.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
On Mon, Sep 1, 2008 at 9:23 AM, Evert Lammerts wrote:
> I'm pretty sure I found the problem - I should've spotted it earlier.
>
> The function ProfileList::render gets a reference to the $db object by
> its parameter &$db. While you loop over your results, you pass the
> reference on to $this->des->load. I'm guessing that the definition of
> $this->des->load is something like function load($id, $db);, in which
> case it's not getting a reference to the $db object but an actual copy
> in PHP4. Since PHP 5 there is a new object model that makes sure that
> any variable that holds an object is actually just a handle to the
> object - so whenever you pass it to a function you use it as a
> reference instead of a copy.
>
> To make it clear:
>
> class test {
> var $a = 1;
> function aa() {
> $this->a++;
> }
> }
>
> $c = new test();
> $d = $c;
> $c->aa();
> $d->aa();
> var_dump ($c);
>
> results in:
> object(test)#1 (1) { ["a"]=> int(3) }
>
> This means you should first change the function definitions to not use
> references for objects, so take away the & at every &$db parameter.
>
> Second you need to create a new $db object for your $this->des->load
> function before the while loop in ProfileList::render. I think the
> safest option is to do something like $db2 = new Db(...). You can also
> use the keyword clone to clone an object, but i'm not sure what this
> does with your internal DB handle.... you could try and see what
> happens. Just add $db2 = clone $db; right before the while loop. Call
> $this->des->load with $db2 instead of $db.
>
aha, excellent explanation , and $db2 = clone$db; worked fine!
I was reading my way round php.net and getting closer I think, your
explanation and probably saved my a few days , so thanks.
>
>
> On Mon, Sep 1, 2008 at 9:23 AM, Evert Lammerts wrote:
>
>> I'm pretty sure I found the problem - I should've spotted it earlier.
>>
>> The function ProfileList::render gets a reference to the $db object by
>> its parameter &$db. While you loop over your results, you pass the
>> reference on to $this->des->load. I'm guessing that the definition of
>> $this->des->load is something like function load($id, $db);, in which
>> case it's not getting a reference to the $db object but an actual copy
>> in PHP4. Since PHP 5 there is a new object model that makes sure that
>> any variable that holds an object is actually just a handle to the
>> object - so whenever you pass it to a function you use it as a
>> reference instead of a copy.
>>
>> To make it clear:
>>
>> class test {
>> var $a = 1;
>> function aa() {
>> $this->a++;
>> }
>> }
>>
>> $c = new test();
>> $d = $c;
>> $c->aa();
>> $d->aa();
>> var_dump ($c);
>>
>> results in:
>> object(test)#1 (1) { ["a"]=> int(3) }
>>
>> This means you should first change the function definitions to not use
>> references for objects, so take away the & at every &$db parameter.
>>
>> Second you need to create a new $db object for your $this->des->load
>> function before the while loop in ProfileList::render. I think the
>> safest option is to do something like $db2 = new Db(...). You can also
>> use the keyword clone to clone an object, but i'm not sure what this
>> does with your internal DB handle.... you could try and see what
>> happens. Just add $db2 = clone $db; right before the while loop. Call
>> $this->des->load with $db2 instead of $db.
>>
>
> aha, excellent explanation , and $db2 = clone$db; worked fine!
>
> I was reading my way round php.net and getting closer I think, your
> explanation and probably saved my a few days , so thanks.
>
hmm, did I speak to soon, it does work well for the whole list, but as soon
as you select a region or speciality then it all goes pear shaped, I'll keep
looking.
>
>
> On Mon, Sep 1, 2008 at 10:10 AM, Gav wrote:
>
>>
>>
>> On Mon, Sep 1, 2008 at 9:23 AM, Evert Lammerts wrote:
>>
>>> I'm pretty sure I found the problem - I should've spotted it earlier.
>>>
>>> The function ProfileList::render gets a reference to the $db object by
>>> its parameter &$db. While you loop over your results, you pass the
>>> reference on to $this->des->load. I'm guessing that the definition of
>>> $this->des->load is something like function load($id, $db);, in which
>>> case it's not getting a reference to the $db object but an actual copy
>>> in PHP4. Since PHP 5 there is a new object model that makes sure that
>>> any variable that holds an object is actually just a handle to the
>>> object - so whenever you pass it to a function you use it as a
>>> reference instead of a copy.
>>>
>>> To make it clear:
>>>
>>> class test {
>>> var $a = 1;
>>> function aa() {
>>> $this->a++;
>>> }
>>> }
>>>
>>> $c = new test();
>>> $d = $c;
>>> $c->aa();
>>> $d->aa();
>>> var_dump ($c);
>>>
>>> results in:
>>> object(test)#1 (1) { ["a"]=> int(3) }
>>>
>>> This means you should first change the function definitions to not use
>>> references for objects, so take away the & at every &$db parameter.
>>>
>>> Second you need to create a new $db object for your $this->des->load
>>> function before the while loop in ProfileList::render. I think the
>>> safest option is to do something like $db2 = new Db(...). You can also
>>> use the keyword clone to clone an object, but i'm not sure what this
>>> does with your internal DB handle.... you could try and see what
>>> happens. Just add $db2 = clone $db; right before the while loop. Call
>>> $this->des->load with $db2 instead of $db.
>>>
>>
>> aha, excellent explanation , and $db2 = clone$db; worked fine!
>>
>> I was reading my way round php.net and getting closer I think, your
>> explanation and probably saved my a few days , so thanks.
>>
>
> hmm, did I speak to soon, it does work well for the whole list, but as soon
> as you select a region or speciality then it all goes pear shaped, I'll keep
> looking.
>
Ok, sorted that too, all is well again, sorry for noise.