?
Solved

PHP form stopped working when upgrading server from PHP v.4 to v.5

Posted on 2011-04-27
17
Medium Priority
?
227 Views
Last Modified: 2012-08-13
Please go to http://www.ergonomikonsulentene.no/bestillinger/ 

The form doesworks fine until you push the order-button at bottom of the page. It is supposed to send the customers input by email and also show a message confirming the order. It stopped working when the server was upgraded from php4 to php 5.2.14.

Please see the attached files.
bestilling.php
index.php
skjema.php
0
Comment
Question by:granholmen
  • 8
  • 6
  • 3
17 Comments
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 35475065
Please add error_reporting(E_ALL) to the top of all the scripts and tell us what you mean by "stopped working" -- thanks.
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 35475080
Also, you might not want to be upgrading to PHP 5.2.X.  To quote from the PHP web site at php.net:

"All PHP users should note that the PHP 5.2 series is NOT supported anymore. All users are strongly encouraged to upgrade to PHP 5.3.6."
0
 

Author Comment

by:granholmen
ID: 35475218
Stopped working means that when the button for sending the order, it is supposed to email the order to someone, which it stopped doing, and also the users are supposed to get a message confirming the order.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:granholmen
ID: 35475303
I have added error_reporting(E_ALL);  as you asked, which resulted in a lot of error messages
0
 

Author Comment

by:granholmen
ID: 35475644
I am not able to upgrade the server, bc the server is managed by the company hosting our web-page
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 35475742
a lot of error messages - Good!  The undefined variables may provide us important information.

It looks like the index.php script depends on register_globals.  This is a security exposure that needs to be fixed by changing the program code.  See this link for more:
http://php.net/manual/en/security.globals.php

For better or worse, PHP is a loosely typed language.  That means undefined variables can usually be used the same way as empty, NULL or FALSE and in some cases, Zero.  This was supposed to make it easier to write PHP programs, and for the vast majority of novice programmers it was a big help.  Most of the time.  What it means to professional programmers is that an accidental typographical error, such as the misspelling of a variable name, is very hard to find.  With error_reporting(E_ALL) you can get a notice-level message about the undefined variables.  This is a notice and not an "error" - those are different levels of information in PHP.
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 35475781
For now, you can lower the error_reporting to this:

error_reporting(E_ALL ^ E_NOTICE);

Next, install this script on the old and new version of the web server and compare the outputs carefully to see if any PHP features have changed.  They almost certainly have changed.  Look for register_globals, allow_url_fopen, Suhosin, magic_quotes - these seem to be some of the things that programmers have unwittingly relied on in older versions of PHP.
<?php phpinfo();

Open in new window

0
 

Author Comment

by:granholmen
ID: 35479038
I have changed the error_reporting, but I am not able to install and test on an old version of a server. Forgive me for asking, but it is not possible to read the files I posted and suggest changes in relation to the new way of typing code in php v5 ?
0
 
LVL 13

Expert Comment

by:haloexpertsexchange
ID: 35479104
You need to update the way that you handle post data.
from the index.php page
if ($sendmail != JA)
else if ($sendmail == JA){

Open in new window

this needs to change to
if($_POST['sendmail']!='JA')
else if($_POST['sendmail']=='JA')

Open in new window

That should solve some of your problems.
If you are not actually dealing with post data on the index.php page than assuming that $sendmail is supposed to contain a string then the JA should have quotes around it to tell php that it is a string otherwise it assumes an integer and you should have been getting errors about mismatched types.
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 35479323
It might be $_POST or it might be $_GET.  You can find either one (usually) if you use $_REQUEST['sendmail'] and you can use var_dump() to see what any variable contains.  Example:

var_dump($_POST);
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 35479340
"then the JA should have quotes around it to tell php that it is a string..."

Actually, PHP will not try to cast this as an integer.  It will first try to find JA as a defined constant, and then if that fails it will try to assume the program wanted to use 'JA' as a string.  Most of the time that works the way the programmers intended.
0
 
LVL 13

Assisted Solution

by:haloexpertsexchange
haloexpertsexchange earned 600 total points
ID: 35479374
Fair enough, but it is still somewhat more accident prone to use it with out, if nothing else it will be more obvious to the next person that has to maintain these files what exactly is happening if you always use quotes around strings.
I assumed that sendmail was a post value because of this line
 <FORM ACTION="index.php?sendmail=JA" METHOD="post" TARGET="_self" NAME="prodForm">

Open in new window

in the skjema.php file, which is also why I assumed that JA was meant to be a string value instead of a defined constant.
0
 
LVL 13

Expert Comment

by:haloexpertsexchange
ID: 35479382
Though it looks like it can't decide whether it wants to be a post string as the method says or a get string as the ?sendmail=JA would seem to indicate.
Maybe cleaning that out would help.
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 35483057
looks like it can't decide whether it wants to be a post string -- Ha!  Very true.  Maybe our Author would use var_dump($_REQUEST) and then use var_dump($_GET) and var_dump($_POST) to isolate the true location of the data.

@granholmen, if this were my issue I would hire a professional programmer to rewrite these scripts from the ground up, using modern principles and good programming practices.  The functionality does not appear to have a great many moving parts, but the software depends on the old server configuration, which because it was PHP4 has a lot of security holes.  Patching this piecemeal would probably take longer and cost more than just doing it right with a re-write.
0
 

Author Comment

by:granholmen
ID: 35486032
I understand Mr. Paseur. Thank you for very good advice. In this case I will try to use the tips you and Mr. haloexpertsexchange has written, and try hard to make it work. But I will confront the customer with all the comments from both of you. Hopefully I will make it work, which is first priority in this case.
0
 
LVL 111

Accepted Solution

by:
Ray Paseur earned 1400 total points
ID: 35486254
Well, good luck with it.  As I wrote, it is my professional opinion that "Patching this piecemeal would probably take longer and cost more than just doing it right with a re-write."  Sometimes it makes more sense to upgrade your technology rather than keep running the old technology.  You will have to upgrade eventually.  Why deny yourself the benefits that you can get right now?  All the best, ~Ray
0
 

Author Comment

by:granholmen
ID: 35486655
@Ray Paseur; You did in did find the key problem when you told me about the register_globals....it certainly looks like that is the biggest issue here!!!!

Thank you for outstanding and very professional comments and help!!!!!!!!!
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Part of the Global Positioning System A geocode (https://developers.google.com/maps/documentation/geocoding/) is the major subset of a GPS coordinate (http://en.wikipedia.org/wiki/Global_Positioning_System), the other parts being the altitude and t…
These days socially coordinated efforts have turned into a critical requirement for enterprises.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
Suggested Courses
Course of the Month14 days, 18 hours left to enroll

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question