Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

mysql / php form works on internet but not on intranet

Posted on 2011-09-18
6
Medium Priority
?
392 Views
Last Modified: 2012-08-14
I am continuing my attempt to port an established web site with mysql backend to an intranet site.  To date I have established the database and web site, with tables and data, on a stand-alone Windows 7/Wamp setup.

The intranet web site functions correctly.  I can access the database from phpmyadmin however, when I attempt to use the intranet form (php/html) to access the database I am getting an "Undefined variable" error returned.

I have made several corrections based on the "Experts" feedback.  I now need some additional assistance


Specifics:

      Internet:      MySQL 5.0, PHP 5, Apache on Linux Server

      Intranet:      MySQL 5.0.7, PHP 5.3.5, Apache 2.2.17, on Windows 7


      Error:             Undefined variable: search1 in C:\wamp\www\part\edit_pprq1.php on line 11
             Undefined variable: search2 in C:\wamp\www\part\edit_pprq1.php on line 11
 
      Code:        8.      $search=mysql_real_escape_string($_POST['search1']);
                        9.      $search=mysql_real_escape_string($_POST['search2']);
        10.      
        11.       $data = 'SELECT * FROM `PPRQ` WHERE `FN` = "'.$search1.'"
                                             AND `LN` = "'.$search2.'"';

0
Comment
Question by:dibrandt
  • 3
  • 2
6 Comments
 
LVL 10

Expert Comment

by:acbxyz
ID: 36556657
It seems you have register_globals turned on on your intranet. From security and clean programming this is not a good idea.

I think in line 8 and 9, you wanted to assign the escaped strings to $search1 and $search2 instead of $search both times. This way the mysql_real_escape_string doesn't do anything useful.
0
 
LVL 2

Expert Comment

by:montasirma
ID: 36556754
Can you change the single quotes on lines 8 and 9 to double quotes, and add an echo for the search1 and search2 variables?

echo $_POST["search1"] ."<BR>\n";
$search=mysql_real_escape_string($_POST["search1"]);
echo $_POST["search2"] ."<BR>\n";
$search=mysql_real_escape_string($_POST['search2']);

Open in new window

0
 
LVL 2

Expert Comment

by:montasirma
ID: 36556774
Sorry, I misread the post.

You are assigning the $_POST variables into the same $search variable.

You should change the code to match the following:

$search1 = mysql_real_escape_string($_POST["search1"]);
$search2 = mysql_real_escape_string($_POST['search2']);

$data = 'SELECT * FROM PPRQ WHERE FN = "'. $search1 .'" AND LN = "'. $search2 .'"'; 

Open in new window

0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 10

Accepted Solution

by:
acbxyz earned 2000 total points
ID: 36556776
...as I said before ;-)
0
 

Author Comment

by:dibrandt
ID: 36556952
acbxyz,

this is what I understand you to have said:

  8.      $search1=mysql_real_escape_string($_POST['search1']);
  9.      $search2=mysql_real_escape_string($_POST['search2']);
 10.      
 11.       $data = 'SELECT * FROM `PPRQ` WHERE `FN` = "'.$search1.'"
                                             AND `LN` = "'.$search2.'"';


montasirma,

I am confused.  in line 1 you have double quotes, and in line 2 you have single quotes.  is this correct?

It would also appear that you have assigned "FN" and "LN" to $search1, is this correct?
0
 
LVL 10

Expert Comment

by:acbxyz
ID: 36557015
Your last code is correct.

In this case it is unimportant if you use single or double quotes. Difference is, if you use a variable within your code or special chars like \r or \n. While in strings with double quote these will be replaced by the value of the variable or a line feed (\n => chr(10)) strings with single quotes will be taken as they are.
See http://php.net/manual/en/language.types.string.php for more information

The assignment of search1 to FN and search2 to LN is correct in all postings shown, even though in your opening question not filtered through mysql_real_escape_string.
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Does the idea of dealing with bits scare or confuse you? Does it seem like a waste of time in an age where we all have terabytes of storage? If so, you're missing out on one of the core tools in every professional programmer's toolbox. Learn how to …
Containers like Docker and Rocket are getting more popular every day. In my conversations with customers, they consistently ask what containers are and how they can use them in their environment. If you’re as curious as most people, read on. . .
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question