Hello,
My website has been up and running for years, the scripting is fine but it has just suddenly stopped working. It uses data in the URL to transfer informations, for example:
<!-- m --><a class="postlink" href="http://www.bennettcards.co.uk/shop/view.php?productcode=ABC">http://www.bennettcards.co.uk/shop/view ... ctcode=ABC</a><!-- m -->
It should pass the information (productcode=ABC) onto the page and then the page can use the information in the PHP code, say in line 27:
$result = @mysql_query("SELECT * FROM CDBproducts WHERE productcode = '$productcode'");
This should then select from Table "CDBproducts" where Row "productcode" = "ABC"
But the page comes up as if "productcode=' ' " (nothing).
The same is true for sessions
<?php
session_start();
require '../../include.php';
mysql_connect($DBhost,$DBuser,$DBpass);
mysql_select_db("$DBName");
if(!$diyordernumber){
$diyordernumber = mktime();
session_register("diyordernumber");
$neworder=true;
}else{
session_register("diyordernumber");
} ?>
Also the forms will no longer pass data from one page to the next:
<form name="form2" method="post" action="/contact_done.php">
<textarea name="contactenquiry" cols="60" rows="8" id="contactenquiry">Enter message here</textarea>
<input type="submit" name="Submit3" value="Submit">
</form>
What is the problem all of a sudden??? Like I said, the code was fine 2 days ago. Could they have upgraded from PHP4 to PHP5 or 6? If so what can be done to fix this?
Thank you in advance
ScottIf things suddenly stopped working without any intervention on your part, the people you should question is your hosting provider. Yes, it is possible that the host upgraded PHP5, and the corresponding change in php.ini concerning register_globals caused your code to stop working.If so what can be done to fix this?As laserlight noted, it's likely that register_globals got turned off. So, to fix this, you need to go through all of your PHP scripts and use the superglobal arrays (e.g. $_POST, $_GET, etc. - more info on this manual page: variables.predefined) instead of depending on register_globals; this directive has long since been deprecated due to security exploits and isn't even available anymore as of PHP6.Another solution to your problem is to add this on top of each php page.
import_request_variables("gp", "");
This will import the variables if they were disabled in the ini file.Except that's simply imitating register_globals which has been disabled/removed from PHP for very good reasons...See also the manual's section on session handling to see what the modern (as of 2001) mechanism is (it's a lot simpler than the old method you're currently using). Basically
session_start();
// Use $_SESSION like any other array
And if you're not validating the input fields (do you check what the value of productcode looks like before you use it?) then it's only sheer dumb luck that you haven't had your entire database blown away already.
My website has been up and running for years, the scripting is fine but it has just suddenly stopped working. It uses data in the URL to transfer informations, for example:
<!-- m --><a class="postlink" href="http://www.bennettcards.co.uk/shop/view.php?productcode=ABC">http://www.bennettcards.co.uk/shop/view ... ctcode=ABC</a><!-- m -->
It should pass the information (productcode=ABC) onto the page and then the page can use the information in the PHP code, say in line 27:
$result = @mysql_query("SELECT * FROM CDBproducts WHERE productcode = '$productcode'");
This should then select from Table "CDBproducts" where Row "productcode" = "ABC"
But the page comes up as if "productcode=' ' " (nothing).
The same is true for sessions
<?php
session_start();
require '../../include.php';
mysql_connect($DBhost,$DBuser,$DBpass);
mysql_select_db("$DBName");
if(!$diyordernumber){
$diyordernumber = mktime();
session_register("diyordernumber");
$neworder=true;
}else{
session_register("diyordernumber");
} ?>
Also the forms will no longer pass data from one page to the next:
<form name="form2" method="post" action="/contact_done.php">
<textarea name="contactenquiry" cols="60" rows="8" id="contactenquiry">Enter message here</textarea>
<input type="submit" name="Submit3" value="Submit">
</form>
What is the problem all of a sudden??? Like I said, the code was fine 2 days ago. Could they have upgraded from PHP4 to PHP5 or 6? If so what can be done to fix this?
Thank you in advance
ScottIf things suddenly stopped working without any intervention on your part, the people you should question is your hosting provider. Yes, it is possible that the host upgraded PHP5, and the corresponding change in php.ini concerning register_globals caused your code to stop working.If so what can be done to fix this?As laserlight noted, it's likely that register_globals got turned off. So, to fix this, you need to go through all of your PHP scripts and use the superglobal arrays (e.g. $_POST, $_GET, etc. - more info on this manual page: variables.predefined) instead of depending on register_globals; this directive has long since been deprecated due to security exploits and isn't even available anymore as of PHP6.Another solution to your problem is to add this on top of each php page.
import_request_variables("gp", "");
This will import the variables if they were disabled in the ini file.Except that's simply imitating register_globals which has been disabled/removed from PHP for very good reasons...See also the manual's section on session handling to see what the modern (as of 2001) mechanism is (it's a lot simpler than the old method you're currently using). Basically
session_start();
// Use $_SESSION like any other array
And if you're not validating the input fields (do you check what the value of productcode looks like before you use it?) then it's only sheer dumb luck that you haven't had your entire database blown away already.