?
Solved

mysql / php form works on internet but not on intranet

Posted on 2011-09-18
6
Medium Priority
?
410 Views
Last Modified: 2012-08-14
I am continuing my attempt to port an established web site with mysql backend to an intranet site.  To date I have established the database and web site, with tables and data, on a stand-alone Windows 7/Wamp setup.

The intranet web site functions correctly.  I can access the database from phpmyadmin however, when I attempt to use the intranet form (php/html) to access the database I am getting an "Undefined variable" error returned.

I have made several corrections based on the "Experts" feedback.  I now need some additional assistance


Specifics:

      Internet:      MySQL 5.0, PHP 5, Apache on Linux Server

      Intranet:      MySQL 5.0.7, PHP 5.3.5, Apache 2.2.17, on Windows 7


      Error:             Undefined variable: search1 in C:\wamp\www\part\edit_pprq1.php on line 11
             Undefined variable: search2 in C:\wamp\www\part\edit_pprq1.php on line 11
 
      Code:        8.      $search=mysql_real_escape_string($_POST['search1']);
                        9.      $search=mysql_real_escape_string($_POST['search2']);
        10.      
        11.       $data = 'SELECT * FROM `PPRQ` WHERE `FN` = "'.$search1.'"
                                             AND `LN` = "'.$search2.'"';

0
Comment
Question by:dibrandt
  • 3
  • 2
6 Comments
 
LVL 10

Expert Comment

by:acbxyz
ID: 36556657
It seems you have register_globals turned on on your intranet. From security and clean programming this is not a good idea.

I think in line 8 and 9, you wanted to assign the escaped strings to $search1 and $search2 instead of $search both times. This way the mysql_real_escape_string doesn't do anything useful.
0
 
LVL 2

Expert Comment

by:montasirma
ID: 36556754
Can you change the single quotes on lines 8 and 9 to double quotes, and add an echo for the search1 and search2 variables?

echo $_POST["search1"] ."<BR>\n";
$search=mysql_real_escape_string($_POST["search1"]);
echo $_POST["search2"] ."<BR>\n";
$search=mysql_real_escape_string($_POST['search2']);

Open in new window

0
 
LVL 2

Expert Comment

by:montasirma
ID: 36556774
Sorry, I misread the post.

You are assigning the $_POST variables into the same $search variable.

You should change the code to match the following:

$search1 = mysql_real_escape_string($_POST["search1"]);
$search2 = mysql_real_escape_string($_POST['search2']);

$data = 'SELECT * FROM PPRQ WHERE FN = "'. $search1 .'" AND LN = "'. $search2 .'"'; 

Open in new window

0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 10

Accepted Solution

by:
acbxyz earned 2000 total points
ID: 36556776
...as I said before ;-)
0
 

Author Comment

by:dibrandt
ID: 36556952
acbxyz,

this is what I understand you to have said:

  8.      $search1=mysql_real_escape_string($_POST['search1']);
  9.      $search2=mysql_real_escape_string($_POST['search2']);
 10.      
 11.       $data = 'SELECT * FROM `PPRQ` WHERE `FN` = "'.$search1.'"
                                             AND `LN` = "'.$search2.'"';


montasirma,

I am confused.  in line 1 you have double quotes, and in line 2 you have single quotes.  is this correct?

It would also appear that you have assigned "FN" and "LN" to $search1, is this correct?
0
 
LVL 10

Expert Comment

by:acbxyz
ID: 36557015
Your last code is correct.

In this case it is unimportant if you use single or double quotes. Difference is, if you use a variable within your code or special chars like \r or \n. While in strings with double quote these will be replaced by the value of the variable or a line feed (\n => chr(10)) strings with single quotes will be taken as they are.
See http://php.net/manual/en/language.types.string.php for more information

The assignment of search1 to FN and search2 to LN is correct in all postings shown, even though in your opening question not filtered through mysql_real_escape_string.
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Creating and Managing Databases with phpMyAdmin in cPanel.
In this article, I’ll talk about multi-threaded slave statistics printed in MySQL error log file.
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…

589 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question