Solved

mysql / php form works on internet but not on intranet

Posted on 2011-09-18
6
367 Views
Last Modified: 2012-08-14
I am continuing my attempt to port an established web site with mysql backend to an intranet site.  To date I have established the database and web site, with tables and data, on a stand-alone Windows 7/Wamp setup.

The intranet web site functions correctly.  I can access the database from phpmyadmin however, when I attempt to use the intranet form (php/html) to access the database I am getting an "Undefined variable" error returned.

I have made several corrections based on the "Experts" feedback.  I now need some additional assistance


Specifics:

      Internet:      MySQL 5.0, PHP 5, Apache on Linux Server

      Intranet:      MySQL 5.0.7, PHP 5.3.5, Apache 2.2.17, on Windows 7


      Error:             Undefined variable: search1 in C:\wamp\www\part\edit_pprq1.php on line 11
             Undefined variable: search2 in C:\wamp\www\part\edit_pprq1.php on line 11
 
      Code:        8.      $search=mysql_real_escape_string($_POST['search1']);
                        9.      $search=mysql_real_escape_string($_POST['search2']);
        10.      
        11.       $data = 'SELECT * FROM `PPRQ` WHERE `FN` = "'.$search1.'"
                                             AND `LN` = "'.$search2.'"';

0
Comment
Question by:dibrandt
  • 3
  • 2
6 Comments
 
LVL 10

Expert Comment

by:acbxyz
ID: 36556657
It seems you have register_globals turned on on your intranet. From security and clean programming this is not a good idea.

I think in line 8 and 9, you wanted to assign the escaped strings to $search1 and $search2 instead of $search both times. This way the mysql_real_escape_string doesn't do anything useful.
0
 
LVL 2

Expert Comment

by:montasirma
ID: 36556754
Can you change the single quotes on lines 8 and 9 to double quotes, and add an echo for the search1 and search2 variables?

echo $_POST["search1"] ."<BR>\n";
$search=mysql_real_escape_string($_POST["search1"]);
echo $_POST["search2"] ."<BR>\n";
$search=mysql_real_escape_string($_POST['search2']);

Open in new window

0
 
LVL 2

Expert Comment

by:montasirma
ID: 36556774
Sorry, I misread the post.

You are assigning the $_POST variables into the same $search variable.

You should change the code to match the following:

$search1 = mysql_real_escape_string($_POST["search1"]);
$search2 = mysql_real_escape_string($_POST['search2']);

$data = 'SELECT * FROM PPRQ WHERE FN = "'. $search1 .'" AND LN = "'. $search2 .'"'; 

Open in new window

0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 10

Accepted Solution

by:
acbxyz earned 500 total points
ID: 36556776
...as I said before ;-)
0
 

Author Comment

by:dibrandt
ID: 36556952
acbxyz,

this is what I understand you to have said:

  8.      $search1=mysql_real_escape_string($_POST['search1']);
  9.      $search2=mysql_real_escape_string($_POST['search2']);
 10.      
 11.       $data = 'SELECT * FROM `PPRQ` WHERE `FN` = "'.$search1.'"
                                             AND `LN` = "'.$search2.'"';


montasirma,

I am confused.  in line 1 you have double quotes, and in line 2 you have single quotes.  is this correct?

It would also appear that you have assigned "FN" and "LN" to $search1, is this correct?
0
 
LVL 10

Expert Comment

by:acbxyz
ID: 36557015
Your last code is correct.

In this case it is unimportant if you use single or double quotes. Difference is, if you use a variable within your code or special chars like \r or \n. While in strings with double quote these will be replaced by the value of the variable or a line feed (\n => chr(10)) strings with single quotes will be taken as they are.
See http://php.net/manual/en/language.types.string.php for more information

The assignment of search1 to FN and search2 to LN is correct in all postings shown, even though in your opening question not filtered through mysql_real_escape_string.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Fore-Foreword Today (2016) Maxmind has a new approach to the distribution of its data sets.  This article may be obsolete.  Instead of using the examples here, have a look at the MaxMind API (https://www.maxmind.com/en/geolite2-developer-package). …
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question