Solved

mysql / php form works on internet but not on intranet

Posted on 2011-09-18
6
376 Views
Last Modified: 2012-08-14
I am continuing my attempt to port an established web site with mysql backend to an intranet site.  To date I have established the database and web site, with tables and data, on a stand-alone Windows 7/Wamp setup.

The intranet web site functions correctly.  I can access the database from phpmyadmin however, when I attempt to use the intranet form (php/html) to access the database I am getting an "Undefined variable" error returned.

I have made several corrections based on the "Experts" feedback.  I now need some additional assistance


Specifics:

      Internet:      MySQL 5.0, PHP 5, Apache on Linux Server

      Intranet:      MySQL 5.0.7, PHP 5.3.5, Apache 2.2.17, on Windows 7


      Error:             Undefined variable: search1 in C:\wamp\www\part\edit_pprq1.php on line 11
             Undefined variable: search2 in C:\wamp\www\part\edit_pprq1.php on line 11
 
      Code:        8.      $search=mysql_real_escape_string($_POST['search1']);
                        9.      $search=mysql_real_escape_string($_POST['search2']);
        10.      
        11.       $data = 'SELECT * FROM `PPRQ` WHERE `FN` = "'.$search1.'"
                                             AND `LN` = "'.$search2.'"';

0
Comment
Question by:dibrandt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 10

Expert Comment

by:acbxyz
ID: 36556657
It seems you have register_globals turned on on your intranet. From security and clean programming this is not a good idea.

I think in line 8 and 9, you wanted to assign the escaped strings to $search1 and $search2 instead of $search both times. This way the mysql_real_escape_string doesn't do anything useful.
0
 
LVL 2

Expert Comment

by:montasirma
ID: 36556754
Can you change the single quotes on lines 8 and 9 to double quotes, and add an echo for the search1 and search2 variables?

echo $_POST["search1"] ."<BR>\n";
$search=mysql_real_escape_string($_POST["search1"]);
echo $_POST["search2"] ."<BR>\n";
$search=mysql_real_escape_string($_POST['search2']);

Open in new window

0
 
LVL 2

Expert Comment

by:montasirma
ID: 36556774
Sorry, I misread the post.

You are assigning the $_POST variables into the same $search variable.

You should change the code to match the following:

$search1 = mysql_real_escape_string($_POST["search1"]);
$search2 = mysql_real_escape_string($_POST['search2']);

$data = 'SELECT * FROM PPRQ WHERE FN = "'. $search1 .'" AND LN = "'. $search2 .'"'; 

Open in new window

0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 10

Accepted Solution

by:
acbxyz earned 500 total points
ID: 36556776
...as I said before ;-)
0
 

Author Comment

by:dibrandt
ID: 36556952
acbxyz,

this is what I understand you to have said:

  8.      $search1=mysql_real_escape_string($_POST['search1']);
  9.      $search2=mysql_real_escape_string($_POST['search2']);
 10.      
 11.       $data = 'SELECT * FROM `PPRQ` WHERE `FN` = "'.$search1.'"
                                             AND `LN` = "'.$search2.'"';


montasirma,

I am confused.  in line 1 you have double quotes, and in line 2 you have single quotes.  is this correct?

It would also appear that you have assigned "FN" and "LN" to $search1, is this correct?
0
 
LVL 10

Expert Comment

by:acbxyz
ID: 36557015
Your last code is correct.

In this case it is unimportant if you use single or double quotes. Difference is, if you use a variable within your code or special chars like \r or \n. While in strings with double quote these will be replaced by the value of the variable or a line feed (\n => chr(10)) strings with single quotes will be taken as they are.
See http://php.net/manual/en/language.types.string.php for more information

The assignment of search1 to FN and search2 to LN is correct in all postings shown, even though in your opening question not filtered through mysql_real_escape_string.
0

Featured Post

MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Help With Simple Database Design 7 70
migrating to phpbb forum from vBulletin 4.2 3 97
Formating field inside mysql query 2 50
MySQL_Development_Traininng.. 10 21
Foreword In the years since this article was written, numerous hacking attacks have targeted password-protected web sites.  The storage of client passwords has become a subject of much discussion, some of it useful and some of it misguided.  Of cou…
Containers like Docker and Rocket are getting more popular every day. In my conversations with customers, they consistently ask what containers are and how they can use them in their environment. If you’re as curious as most people, read on. . .
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question