Posted by Jim Moseby on 11/28/05 20:41

>
> This page works on a operator hosted production server but
> not my own test
> server. I have no idea what's causing this and I REALLY need
> some help or
> ideas what to check.
>
> This is the browsers address line:
> http://localhost/index.php?team=F10a
>
> I have this in my page and it doesn't work:
> $sql = "select jouk_nimi from x_jun_jouk where jouk_id='$team' ";
> $kysely = mysql_query($sql);
> $tulos = mysql_fetch_row($kysely);
> $jouk_nimi = $tulos[0];
>
> $jouk_nimi -variable will be empty.
>
> This works (replaced the $team with static entry "F10a")
> $sql = "select jouk_nimi from x_jun_jouk where jouk_id='F10a' ";
> $kysely = mysql_query($sql);
> $tulos = mysql_fetch_row($kysely);
> $jouk_nimi = $tulos[0];
>
> $jouk_nimi get's right value from database.
>
> This sql clause works when ran from PhpMyAdmin. It returns
> the right value.
> "select jouk_nimi from x_jun_jouk where jouk_id='F10a'
>
> So I think that somehow the $team variable is not passed from
> the address
> line. Is there something in PHP ar Apache that needs to be configured
>
> differently? The test server is on a OpenSuse 10.0. Apache version is
> 2.0.54-10. Apache2-Mod_PHP4 version is 4.4.0-6.2. MySQL
> version is 4.1.13-3.
>
> PHP4-Mysql is installed. Everything ispretty much on their default
> confgiration.
>
> All modules installed were supplied with the Suse 10.0


Hi Will.

Looks to me that you don't have register_globals turned on in your home
server. Add this to the top:

$team=$_GET['team'];

....and see if it works.

I'll leave the SQL injection dangers of your code to other posters. ;-)

JM

[Back to original message]