Posted by Jerry Stuckle on 08/15/07 12:21

Dave wrote:
> On 15 Aug, 11:35, Rik <luiheidsgoe...@hotmail.com> wrote:
>> On Wed, 15 Aug 2007 12:26:42 +0200, Dave
>>
>>
>>
>>
>>
>> <david.greenh...@praybourne.co.uk> wrote:
>>> On 15 Aug, 11:06, Rik <luiheidsgoe...@hotmail.com> wrote:
>>>> On Wed, 15 Aug 2007 11:59:25 +0200, Dave
>>>> <david.greenh...@praybourne.co.uk> wrote:
>>>>> I have just set up a duplicate server running:
>>>>> apache 2.54, mysql 5.04 and php 5.04
>>>>> This is the same setup as as the server we are using now, apart from
>>>>> the hardware inside. I have copied across the database and website,
>>>>> with exact same permissions as the first server.
>>>>> The problem is that part of the php code is executing but others
>>>>> arent:
>>>>> example:
>>>>> ------------------------
>>>>> <?php
>>>>> die(mysql_error());
>>>>> echo "Connected to MySQL<br />";
>>>>> mysql_select_db("sales") or die(mysql_error());
>>>>> echo "Connected to Database<br />";
>>>>> $query = mysql_query("SELECT product_name FROM `code_tbl` WHERE `code`
>>>>> ='P191")
>>>> Shouldn't that be `code` = 'P191'" (notice the ending single quote).
>>>>> or die(mysql_error());
>>>>> But when i change it to:
>>>>> -----------------
>>>>> <?php
>>>>> // Make the connection
>>>>> mysql_connect("localhost", "user", "pass") or die(mysql_error());
>>>>> echo "Connected to MySQL<br />";
>>>>> mysql_select_db("sales") or die(mysql_error());
>>>>> echo "Connected to Database<br />";
>>>>> $query = mysql_query("SELECT product_name FROM `code_tbl` WHERE `code`
>>>>> ='$code")
>>>> Again, the missing ending single quote in the SQL statement. Where does
>>>> $code com form BTW? You're not relying on register_globals are you? Not
>>>> a
>>>> good thing. So, use $code = mysql_real_escape_string($_GET['code']);
>>>> first.
>>>>> $result = mysql_fetch_array($query);
>>>> var_dump($result);
>>> The missing ' was a mistype in the post. I have tried adding the code
>>> you suggested along with others.
>>> 1. adding the line $code = mysql_real_escape_string($_GET['code']);
>>> outputs absolutely nothing, not even "connected to database"
>> Have you enabled display_errors? It should be done just after connecting
>> to the database.
>>
>>> 2. Removing the single quotes around $code
>> You shouldn't do that.
>>
>>> 3. Removing the last single quote from around $code (so becomes
>>> '$code ) like mistype above.
>> Shouldn't do that either.
>>
>>> 4. When single quotes are put back in and adding the line
>>> var_dump($result);
>>> outputs: array(2) { [0]=> string(0) "" ["product_name"]=> string(0)
>>> "" }
>>> 5. When manually adding the code P191 in to the php code instead of
>>> $code, the ouput of var_dump is:
>>> array(2) { [0]=> string(28) "Pulsar Classic Bomber
>>> Jacket" ["product_name"]=> string(28) "Pulsar Classic Bomber Jacket" }
>> Well, echo the query that gets send before actually using it, and examine
>> where it differs.
>>
>> --
>> Rik Wasmus- Hide quoted text -
>>
>> - Show quoted text -
>
>
> Hi Rik,
>
> I echoed the $code to the page, and it didnt show. However i have
> noticed that on our internal server, register globals is on. So to
> test, i turned it on our external server, and everything seems to
> work.
> So i guess when you asked before whether i was using register globals,
> in actual fact, we was on our internal server, but i only looked at
> the new server.
>
> So now i found the problem, any pointers how to fix this, I am not too
> clued up on register globals, although i am searching now...
>
> thanks for the help
> Dave.
>

Rik wins again :-)

Yes, there is a reason it's now off by default. It's a security
exposure. You really need to change your code to not use it.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

• Next in forum: Re: file_exists does not work
• Prev in forum: Re: please I need help with my mail() the code is not executed
• Thread view: Re: strange problem with php

[Reply to this message]