PHP Issue
Posted by pluddies, 03-01-2010, 05:58 PM I have recently switched from a HostGator.com reseller account, to a new VPS with FutureHosting.com, and when moving a couple of my websites i've come across some (hopefully) minor PHP issues. The problem is data submitted via a form used to be passed into a MySQL database, but it's no longer working. Here is the code which worked before: But now I get nothing. I'm by no means a PHP expert, as you can probably tell from the above code - but I get by. Could use some help on this though if anyone has any suggestions - thank you
Posted by pluddies, 03-01-2010, 06:01 PM If it might help, a friend of mine managed to fix an issue on another website of mine by replacing this: With this: Perhaps it offers some suggestion of the root of my issues Last edited by pluddies; 03-01-2010 at 06:01 PM. Reason: typo
Posted by Shane Rutter, 03-01-2010, 06:17 PM Hello, You might need to change the top line which is to
Posted by pluddies, 03-01-2010, 06:23 PM I have other sites on the same VPS and scripts using just seem to work fine. It's just this one in certain which doesn't seem to want to pass info submitted from a form through to the database as it was on my previous host... despite the code, database structure etc being the same.
Posted by Shane Rutter, 03-01-2010, 06:32 PM You could try run this, and see if it works. Then just delete the entered record after it it does. At least this way if it works you no its probebly the db connection or the variables being passed. When i have problems like this i do somthing like this just to limit the possabilitys even if it seems unlikly. Does your web server have php debuging error code turned on? well is it set to display errors on the browser output?
Posted by TheDandy, 03-01-2010, 07:57 PM you shouldn't validate your code with addslashes function. You can still get a mysql injection. create a propper function to validate it.
Posted by mattle, 03-02-2010, 09:27 AM Bunch of issues here: I know this has been brought up already, but you should make a habit of getting rid of all and = tags. Not only do some PHP configurations disallow it, there seems to be conflicting information out on the interwebs as to whether or not they will be deprecated in PHP6. (If anyone has an official source for PHP6 changes, I'd love to know.) Either way, the reason for deprecating them is perfectly valid: it conflicts with XML syntax.You haven't provided any code that should have output, so it's hard to say what you're trouble-shooting. Try putting together a test script that actually fetches data and displays it."It's not working," is not a diagnostic error description. How is it not working? What error messages are you getting? What's in the web server logs? What, if anything, is happening in the database?#3 is totally expected, however because you are not doing any sort of validation on the return of mysql_query(). You didn't put your connection info in here, but I can only assume that you aren't checking any return statuses there either.For development, you should always be running with error_reporting E_ALL | E_STRICT and display errors on.addslashes() is only recommended for database connections that don't have their own escapement functionality. For MySQL, use mysql_real_escape_string().You're not showing where any of your variables are defined. It appears you may be using register_globals, which is considered bad practice, is deprecated in PHP5 and will be removed in PHP6. It is also likely to be disabled on your configuration. You should check php.ini to be sure.Finally, the best way to debug a non-working query is to output the generated SQL before sending it to the DB. Echo out the same string...I'll bet it's not what you're expecting.
Posted by HivelocityDD, 03-03-2010, 01:22 PM Although the code might not be that perfect I cant see a reason for this one to not work. It looks okay to me at this code snippet. But in the first line I think you might not be having the proper DB configuration. If you were using the shared hosting... the DB name and Username will be preceded by the hostname. So make sure you have the right one there. You might be having some lines in connect.inc which is causing this issue Also check whether you had an .htaccess file for making this work in the old hosting. Thanks
Posted by strigata, 03-07-2010, 12:31 PM TheDandy is only partially right. sql injection is still possible on multibyte charsets but you're not going to want to create your own function - instead just use php's built-in mysql_real_escape_string() function.
Posted by tim2718281, 03-07-2010, 01:03 PM There are all manner of things that could be wrong as a result of the migration. For example, has the userid been granted access to the table? The first step is to check the web server logs; there may be a message there telling you exactly what is wrong.