PHP variables not working: move from PHP4 to PHP5

hockeykid · January 26, 2012, 2:27am

Hi All,

I should preface by saying I’m by no means proficient in PHP. Got stuck fixing someone else’s error here.

I have an older application which was working fine when the server was running PHP4. Upgraded to PHP5 and now this page isn’t working.

Specifically, variables aren’t being pulled into the form (value attribute) where they should. The code (edited/simplified to make it easier):


<?php

if(!empty($_POST['submit']))
{

$status                = 'Active';
$intResId              = $_POST['intResId'];
$noofuploads            = $_POST['NumberOfUploads'];
$generatePassword     =  $_POST['generatePassword'];
$responsename1         =  $_POST['responsename1']; 
$varstatus            = $_REQUEST['status1'];

if($varstatus == 1)
{
$sta = 'Active';
}
else
{
$sta = 'Inactive';
}    

### Find Company Id
$Company="select * from ".CLIENT." where intClientId='$sessionadminId'";
$Result=mysql_query($Company);
$Companyfetch=mysql_fetch_array($Result);
$clientid=$Companyfetch['intClientId'];
$companyid=$Companyfetch['intComId'];

//Check query to avoid duplication
$Check= "SELECT * FROM ".RESPONSE." WHERE intResId <> '$intResId' and ucase(varEmail1)='".strtoupper($email1)."' and intClientId = '$clientid' and  intComId = '$companyid'";
$CheckRes = mysql_query($Check);
$Chuckrows = mysql_num_rows($CheckRes);
if($Chuckrows == 0){    

$updqry="UPDATE ".RESPONSE." SET intComId='$companyid',intClientId='$clientid',varResName='$responsename1',varEmail1='$email1',varEmail2 ='$varemail1',varBoss='$boss1',varPassword='$generatePassword' where intResId ='$intResId'";

$updres=mysql_query($updqry)or die("Error".mysql_error());

header("Location:index.php?task=responseview&log=succ&go=respondent");
}else{
header("Location:index.php?task=editresponse&log=err&go=response&edit=edit&intResId=$intResId");
}


}    


$Displayquery="select * from ".RESPONSE." where intResId='$intResId'";

$Displayresult=mysql_query($Displayquery)or die(mysql_error());

while($Displayarr=mysql_fetch_array($Displayresult)){

$varResName        = $Displayarr['varResName'];
$varStatus        = $Displayarr['varStatus'];
$varBoss        = $Displayarr['varBoss'];
$company         = $Displayarr['intComId'];
$ComId             = $Displayarr['intComId'];
$client         = $Displayarr['intClientId'];
}


?>

<form action="index.php?task=editresponse" method="post" enctype="multipart/form-data" name="frm_respondent" onSubmit="return respondentvalidate();">

<table width="90%" border="0" align="center" cellpadding="0" cellspacing="0">
<?php if($_REQUEST['log'] == "err"){ ?>
<tr>
<td align="center" class="information"> Email Address has already available
</td>
</tr>
<?php } ?>
<tr>
<td><table width="100%" border="0" cellspacing="0" cellpadding="0" id="tabUpload">

<tr>
<td height="10"></td>
</tr>
<tr>
<td align="left" valign="top" ><strong>Respondent Name: </strong><br />
<input name="responsename1" type="text" id="responsename1" value="<?php echo $varResName; ?>" size="35" /></td>
</tr>

</table></td>
</tr>


<tr>
<td><input type="hidden" name="NumberOfUploads" id="NumberOfUploads" value="1" />
<input type="hidden" name="intResId" value="<?php print $intResId;?>" />
<input type="hidden" name="edit" value="<?php print $edit;?>" />

<input name="submit" type="submit" class="button" id="submit" value="Edit Respondent" />

</tr>
</table>
</form>

Any idea why this would stop working? Do you need more information from me to fix this? I assume it’s a simple fix (I already had to fix a few other things) but just not sure here.

Thanks in advance.

jakub_polak · January 26, 2012, 9:19am

Hello,

please put right after <?php :

echo '<pre>'; var_dump($_POST); echo '</pre>';

Then submit formular and show us the contents of $_POST array please.

hockeykid · January 26, 2012, 1:48pm

I believe it’s empty, this is what it returned:

array(0) {
}

Thanks.

ahundiak · January 26, 2012, 3:30pm

Nothing really jumps out but you “simplified” the code and didn’t say what was actually not working.

So consider posting any error message. Might need to add error_reporting(E_ALL); to the top of the file.

FizixRichard · January 26, 2012, 3:38pm

Agreed, and a copy of the DB in SQL (small sample) so we can setup and see whats happening might help.

I removed the queries to check and commented some stuff, the person name is picked up so the POST is working. I have a hunch that your not collecting the user to edit after the form is first submitted. But I can’t check without seeing the whole code and seeing the DB.

lorenw · January 26, 2012, 4:10pm

This jumps out at me “.CLIENT.”
I think it should be … select * from CLIENT where …
I’ve just never see it written that way.

FizixRichard · January 26, 2012, 5:03pm

I assumed this was a constant that held the client table name, maybe you are right though.

hockeykid · January 26, 2012, 10:58pm

Thanks for help so far. Here’s where I stand:

I added error_reporting(E_ALL); to the top of the page, but nothing displayed.

I tried switching

* from ".CLIENT." where

to

* from CLIENT where

but again no luck.

How can I go about getting a sample of the database that you need without exposing the data within (don’t want to include actual person’s data)?

And when I said “simplified” all I did was take out some of the form fields from the HTML. Didn’t edit the PHP code at all. There are some additional variables that aren’t being pulled in addition to varResName (varEmail1, varEmail2, etc.).

Thanks again for the help so far.

TheRedDevil · January 27, 2012, 1:17am

The “CLIENT” is a constant, so leave that as it was. It most probably contain the name of the table with a prefix as mentioned above.

I saw this variable: $sessionadminId and it makes me wonder if the script uses the deprecated function “session_register()” instead of accessing the session array through $_SESSION. So check how that variable is set, and if it is indeed a session you need to change it to the new system to use sessions.

In addition check if register_globals are turned on or off, if its off try to turn it on and see if it works then. If it works, it means you got a problem with POST, GET, COOKIE, SESSION variables being used as a plain variable.

hockeykid · January 27, 2012, 1:53am

Yes, session_register() was being used, but I already caught that. In my first round of edits to the script I changed a bunch of files to the new $_SESSION.

register_globals is off. My first idea was to turn them on so I wouldn’t have to edit any of the script, but that doesn’t appear to be an option at this point (hosting restrictions). Thanks for taking a look.

TheRedDevil · January 27, 2012, 4:10am

What you need to do is manually go over every file of the script and fix the references that rely on register global, if you look at this file just by taking another look I can see that these variables are never set before they are used:
$sessionadminId
$email1
$varemail1
$boss1

Not to mention that the script is wide open for SQL injection. So you should make certain that all the values inserted into the database is either cast to int or wrapped with mysql_real_escape_string().

With other words, you have a few hours with work ahead of you doing normal “search and replace” tasks to fix the script to be able to work without register_globals turned on

John_Betong · January 27, 2012, 6:12am

It looks like you are catching the errors but they are not being displayed which accounts for the blank page.

Try this:


<?php 
error_reporting(E_ALL); 
ini_set('display_errors', TRUE); 
$i2= hockeykid(' if the function does_not_exist then an error will be shown');


# Also maybe set default $_POST values:

if(!empty($_POST['submit']))
{
  $status    = 'Active';
  $intResId = isset($_POST['intResId']) ? $_POST['intResId']  : 'intResId NOT SET';
  # repeat for remaining $_POST items

?>

ahundiak · January 27, 2012, 2:00pm

Hmmm. Don’t take this the wrong way but I don’t think this is quite accurate. The code you posted does not show any include files so there is no place where CLIENT can be defined neither is there a place where your mysql connection can be set or where sessionadminId could be set . It could not possibly have worked under PHP4 unless your php.ini file was setup to automatically include a file on each request which seems unlikely on a shared host.

Are you sure you are looking at the correct file? I have seen plenty of projects where there are a gazillion files many of which are not used. How many files are we talking about here? If it is a big app then you should probably take the time to setup a local development machine and maybe use a source code control system. Otherwise, you may end up chasing your tail for a long long time.

ServerStorm · January 27, 2012, 4:58pm

While considered ‘bad practise’ as it leads to this type of lack of clarity, perhaps the files shown is included into another page that sets the constant value prior to the inclusion?

Michael_Morris1 · January 28, 2012, 2:00pm

Go into the .htaccess file of the page and add

php_flag_register_globals on

See if it runs. If it does, your problem is the older script is expecting the post variables to be registered into the global scope - similar to calling extrace($_REQUEST) at the start of the file. (The reason this might work is register_globals is turned off by default in PHP 5)

DO NOT LEAVE THE CODE IN THIS STATE. That setting was deprecated, with good reason, as of PHP 4.3. It has been removed in PHP 5.4 and the script will not run under PHP 5.4 until you go in, find all the references to the variables that are expected to be global and edit them (this could take awhile for a large program).

hockeykid · January 28, 2012, 6:25pm

Again, I’d like to thank everyone for their input. As I said, just trying to fix up someone else’s mess without enough knowledge to do so.

By adding php_flag register_globals on to my site’s .htaccess file I was able to get this page to work. What exactly do I need to change throughout the script in order to ensure it works without leaving register_globals on?

blackberryfan · January 28, 2012, 6:33pm

hockeykid, do you have access to the .htaccess file? You can turn on register globals that way…

EDIT: did not read his reply at the bottom…

hockeykid · January 28, 2012, 6:35pm

I do have access to edit the .htaccess but I think for security-sake and future considerations I’d like to know how to edit the script to work with register_globals off. Thanks.

blackberryfan · January 28, 2012, 6:46pm

I do think that this is a good start on your part. This actually happened to me a while back too, but i changed hosts, then all of a sudden things didnt work. It’s what brought me to this thread infact

But all you really need to wrap your head around in this regard, is that you need to define each variable as it is… ie

$_SESSION['user']

is not

$user

it is

$_SESSION['user']

.

Goodluck!

Michael_Morris1 · January 30, 2012, 5:28pm

I wasn’t suggesting leaving register globals on longterm. I was suggesting turning it on long enough to see if that was the source of the problem.