We help IT Professionals succeed at work.

PHP form stopped working when upgrading server from PHP v.4 to v.5

granholmen
granholmen asked
on
Medium Priority
290 Views
Last Modified: 2012-08-13
Please go to http://www.ergonomikonsulentene.no/bestillinger/ 

The form doesworks fine until you push the order-button at bottom of the page. It is supposed to send the customers input by email and also show a message confirming the order. It stopped working when the server was upgraded from php4 to php 5.2.14.

Please see the attached files.
bestilling.php
index.php
skjema.php
Comment
Watch Question

Most Valuable Expert 2011
Author of the Year 2014

Commented:
Please add error_reporting(E_ALL) to the top of all the scripts and tell us what you mean by "stopped working" -- thanks.
Most Valuable Expert 2011
Author of the Year 2014

Commented:
Also, you might not want to be upgrading to PHP 5.2.X.  To quote from the PHP web site at php.net:

"All PHP users should note that the PHP 5.2 series is NOT supported anymore. All users are strongly encouraged to upgrade to PHP 5.3.6."

Author

Commented:
Stopped working means that when the button for sending the order, it is supposed to email the order to someone, which it stopped doing, and also the users are supposed to get a message confirming the order.

Author

Commented:
I have added error_reporting(E_ALL);  as you asked, which resulted in a lot of error messages

Author

Commented:
I am not able to upgrade the server, bc the server is managed by the company hosting our web-page
Most Valuable Expert 2011
Author of the Year 2014

Commented:
a lot of error messages - Good!  The undefined variables may provide us important information.

It looks like the index.php script depends on register_globals.  This is a security exposure that needs to be fixed by changing the program code.  See this link for more:
http://php.net/manual/en/security.globals.php

For better or worse, PHP is a loosely typed language.  That means undefined variables can usually be used the same way as empty, NULL or FALSE and in some cases, Zero.  This was supposed to make it easier to write PHP programs, and for the vast majority of novice programmers it was a big help.  Most of the time.  What it means to professional programmers is that an accidental typographical error, such as the misspelling of a variable name, is very hard to find.  With error_reporting(E_ALL) you can get a notice-level message about the undefined variables.  This is a notice and not an "error" - those are different levels of information in PHP.
Most Valuable Expert 2011
Author of the Year 2014

Commented:
For now, you can lower the error_reporting to this:

error_reporting(E_ALL ^ E_NOTICE);

Next, install this script on the old and new version of the web server and compare the outputs carefully to see if any PHP features have changed.  They almost certainly have changed.  Look for register_globals, allow_url_fopen, Suhosin, magic_quotes - these seem to be some of the things that programmers have unwittingly relied on in older versions of PHP.
<?php phpinfo();

Open in new window

Author

Commented:
I have changed the error_reporting, but I am not able to install and test on an old version of a server. Forgive me for asking, but it is not possible to read the files I posted and suggest changes in relation to the new way of typing code in php v5 ?
You need to update the way that you handle post data.
from the index.php page
if ($sendmail != JA)
else if ($sendmail == JA){

Open in new window

this needs to change to
if($_POST['sendmail']!='JA')
else if($_POST['sendmail']=='JA')

Open in new window

That should solve some of your problems.
If you are not actually dealing with post data on the index.php page than assuming that $sendmail is supposed to contain a string then the JA should have quotes around it to tell php that it is a string otherwise it assumes an integer and you should have been getting errors about mismatched types.
Most Valuable Expert 2011
Author of the Year 2014

Commented:
It might be $_POST or it might be $_GET.  You can find either one (usually) if you use $_REQUEST['sendmail'] and you can use var_dump() to see what any variable contains.  Example:

var_dump($_POST);
Most Valuable Expert 2011
Author of the Year 2014

Commented:
"then the JA should have quotes around it to tell php that it is a string..."

Actually, PHP will not try to cast this as an integer.  It will first try to find JA as a defined constant, and then if that fails it will try to assume the program wanted to use 'JA' as a string.  Most of the time that works the way the programmers intended.
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
Though it looks like it can't decide whether it wants to be a post string as the method says or a get string as the ?sendmail=JA would seem to indicate.
Maybe cleaning that out would help.
Most Valuable Expert 2011
Author of the Year 2014

Commented:
looks like it can't decide whether it wants to be a post string -- Ha!  Very true.  Maybe our Author would use var_dump($_REQUEST) and then use var_dump($_GET) and var_dump($_POST) to isolate the true location of the data.

@granholmen, if this were my issue I would hire a professional programmer to rewrite these scripts from the ground up, using modern principles and good programming practices.  The functionality does not appear to have a great many moving parts, but the software depends on the old server configuration, which because it was PHP4 has a lot of security holes.  Patching this piecemeal would probably take longer and cost more than just doing it right with a re-write.

Author

Commented:
I understand Mr. Paseur. Thank you for very good advice. In this case I will try to use the tips you and Mr. haloexpertsexchange has written, and try hard to make it work. But I will confront the customer with all the comments from both of you. Hopefully I will make it work, which is first priority in this case.
Most Valuable Expert 2011
Author of the Year 2014
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
@Ray Paseur; You did in did find the key problem when you told me about the register_globals....it certainly looks like that is the biggest issue here!!!!

Thank you for outstanding and very professional comments and help!!!!!!!!!
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.