I have just moved to a new Linux hosting with PHP and MySQL. At the last place I hosted the website I got no errors but here suddenly I got several errors:
"Notice: Undefined variable: news in /home/53/index.php on line 12"
$sql="SELECT *, DATE_FORMAT(news_date, '%d.%m.%y') AS date FROM newstable, authortable WHERE newstable.news_authorid = authortable.author_id AND newstable.news_id = '$news'";
Why did I get that error in my new hosting and what is actually wrong? I'm not to good at Php :/
Here is another one:
Notice: Undefined variable: news_id in /home/53/index.php on line 4
$sql = "SELECT * FROM cmt_table WHERE cmtnews_id = '$news_id' AND cmt_checked = '1' ORDER BY cmt_date DESC";Best guess: The new host (correctly) has register_globals turned off, while the old host had it turned on, and your script is dependent upon it being turned on by referring to values from forms, urls, cookies, and/or sessions via a simple variable name instead of using the applicable super-global array (e.g., you should use $_POST['news_id'] instead of $news_id if the value comes from a post-method form).
Less likely is that the error was always there, but the error-reporting settings were such that you did not see the errors.just checked and the register globals are turned off :/ Ok. I will try that. But is it safe to use e.g. $_GET['news_id'] ??If the values are coming from a URL query string or a get-method form, then the $_GET array is the proper source for those values. Whether or not it is "safe" is another issue: it is at least as safe as using the variable created when register_globals is turned on, while having register_globals turned off makes things a bit more secure overall.It is NOT safe, however, to use it in a SQL query.
User-supplied data should never be placed directly into a SQL query; instead, you should first sanitize it with a function such as mysql_real_escape_string().It's just that at least now you're sure about where your variables' values are coming from.
"Notice: Undefined variable: news in /home/53/index.php on line 12"
$sql="SELECT *, DATE_FORMAT(news_date, '%d.%m.%y') AS date FROM newstable, authortable WHERE newstable.news_authorid = authortable.author_id AND newstable.news_id = '$news'";
Why did I get that error in my new hosting and what is actually wrong? I'm not to good at Php :/
Here is another one:
Notice: Undefined variable: news_id in /home/53/index.php on line 4
$sql = "SELECT * FROM cmt_table WHERE cmtnews_id = '$news_id' AND cmt_checked = '1' ORDER BY cmt_date DESC";Best guess: The new host (correctly) has register_globals turned off, while the old host had it turned on, and your script is dependent upon it being turned on by referring to values from forms, urls, cookies, and/or sessions via a simple variable name instead of using the applicable super-global array (e.g., you should use $_POST['news_id'] instead of $news_id if the value comes from a post-method form).
Less likely is that the error was always there, but the error-reporting settings were such that you did not see the errors.just checked and the register globals are turned off :/ Ok. I will try that. But is it safe to use e.g. $_GET['news_id'] ??If the values are coming from a URL query string or a get-method form, then the $_GET array is the proper source for those values. Whether or not it is "safe" is another issue: it is at least as safe as using the variable created when register_globals is turned on, while having register_globals turned off makes things a bit more secure overall.It is NOT safe, however, to use it in a SQL query.
User-supplied data should never be placed directly into a SQL query; instead, you should first sanitize it with a function such as mysql_real_escape_string().It's just that at least now you're sure about where your variables' values are coming from.