Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

PHP Upgrade

Posted on 2013-01-29
7
Medium Priority
?
613 Views
Last Modified: 2013-01-30
I'm having some weird intermentant issues where my database is not getting updated when a user submits the data from a web form that is built in PHP. I've troubleshooted the code, browser settings, etc & it is still doing it every now & then & I can not reproduce the problem. I'm to the point of thinking I may need to upgrade the PHP server software. I currently use WAMP (Windows, Apache, MySQL, PHP)....I logged into PHP admin to see what version of PHP I'm using & it shows that I'm on version 3.2.5 for PHP Admin. I'm not that up tp date on this stuff but but question is, can I upgrade the PHP admin & it will update my DB...I'm thinking my issue is DB related. Or maybe I need to just get the latest version of WAMP...any suggestions? Will upgrading to the newest version of WAMP upgrade my mysql databse?

Any other suggestions on how I can troubleshoot this or has anyone else seen this type of problem before? I've attached a screenshot of the versions I'm using.
PHPADMINN.JPG
0
Comment
Question by:wantabe2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 38832828
That shows MySQL version 5.5.20, PHP 5.3.9, and phpMyAdmin 3.25 which are all fairly current versions.  Your issue is unlikely to be related to the versions you are running.  The WAMP page http://www.wampserver.com/en/ shows only slightly newer versions of those programs.  I would not recommend moving to PHP 5.4.3 until you find out what your current problem is.
0
 
LVL 15

Author Comment

by:wantabe2
ID: 38832908
That's what I was thinking but I'm not sure where else to turn. I will post the post I am using later this evening. Maybe a second pair of eyes looking at it will find the problem.
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 38833099
The general reason for an INSERT or UPDATE to fail is something wrong in the data.  You will probably need to implement some additional error or format checking to find the problem since most queries are working and only some are failing.
0
Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

 
LVL 15

Author Comment

by:wantabe2
ID: 38833474
That makes sense to me because the last few I've troubleshooted had the common denominator of the middle name field had a period in it, such as John Q. Doe instead of John Q Doe

Could a period in that field cause it not to update the database? I will have to post the code tomorrow but really appreciate your help & comments.
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 38833600
Details are important.  MySQL doesn't care if a field has a period in it but something about the code may be affected.   MySQL has a function prepare data for use in a database.  There is one each for 'mysql' and 'mysqli', both are linked on this page: http://www.php.net/manual/en/function.mysql-real-escape-string.php
0
 
LVL 15

Author Comment

by:wantabe2
ID: 38835170
Ok, please see the code below. This code is a form a user uses to input data & it is simply inserted into my MySQL database. I'm beginning to think the issue I'm having is because users are putting a . or ' in the middle or last name field. How can I edit this code so if the middle name has a . in it or the last name has a ' in it, the . or ' will be stripped out before it is inserted into the database? For instance, if someone would use this form & enter the name John Q. O'Bryan & hit submit, only John Q Obryan would be entered into the database?

<html
<head>
<title>New Case</title>
</head>
</html>

<p> <b><i>To go to the main page <a href="http://myserver/gflow/index.html">click here</a>.</b></i></p>
<b> <i> This is the initial entry page. This information <u> will not </u> notify a someone. </b> </i>

<?php
ini_set('display_errors',1);
error_reporting(E_ALL);

if( isset($_POST) && !empty($_POST) )
{

     $host	= "localhost";
     $user	= "uname";
     $pw	= "pword";
     $db	= "flow";
          
     $conn = mysql_connect( $host, $user, $pw )
     or die( "Error! Unable to connect to database server: <br/>" . mysql_error() );

     $rs = mysql_select_db( $db, $conn )
     or die( "Error! Unable to connect to database:  <br/>" . mysql_error() );
          
	foreach($_POST as $key=>$value)
	{
		${$key}=mysql_real_escape_string($value);
	}
	
     $strSQL = "INSERT INTO info
     	( fname, mname, lname, location, employee, status, oth_date, dock)
     	VALUES
     	( '" . $fname . "', '" . $mname . "', '" . $lname . "',  '" . $location . "', '" .$employee ."', '" .$status ."', '".$oth_date ."', '".$dock."')";

	 	 	 
     if (!mysql_query( $strSQL, $conn )){
     	echo( "Unable to save data to database: <br/>" . mysql_error() . "<br/>" . $strSQL . "</span><br/>" );
     }
     else{
     	header( "Location: index.html" );
		exit;
     }
}
?>
<html>

<head>
<title> PODDS </title>

<script type="text/javascript">
var valid;

function d2(v) { return (v<10)?("0"+v):v; }

function confirmation() {
		msg="You're about the enter the following information:";
		msg+="\n"; 
		msg+="\nDock: " + document.forms[0].dock.value;
        msg+="\nName: " + document.forms[0].fname.value + " " + document.forms[0].lname.value;
        msg+="\nStatus: " + document.forms[0].status.value;
		msg+="\nLocation: " + document.forms[0].location.value;
		msg+="\nEmployee: " + document.forms[0].employee.value;
		msg+="\nDate: " + document.forms[0].oth_date.value;
		msg+="\n\nIf this information is correct, click OK, if not click cancel to edit.";
		var answer = confirm(msg)
	if (answer){
		// send data to server
	}
	else{
		// don't send anything and return to your page
	}
	
	
	 if(document.forms[0].fname.value == "") {   
                alert("ATTENTION: Please enter a first name.");   
                document.forms[0].fname.focus();  
                return(false)
}

	 if(document.forms[0].mname.value == "") {   
                alert("ATTENTION: Please enter a middle name. Hasas no middle name enter 'none'");   
                document.forms[0].mname.focus();  
                return(false)
}


		 if(document.forms[0].lname.value == "") {   
                alert("ATTENTION: Please enter a last name.");   
                document.forms[0].lname.focus();  
                return(false)
}


	 if(document.forms[0].location.value == "") {   
                alert("ATTENTION: Please choose a location.");   
                document.forms[0].fname.focus();  
                return(false)
}
	
	 if(document.forms[0].employee.value == "") {   
                alert("ATTENTION: Please choose PENDING or UNASSIGNED.");   
                document.forms[0].employee.focus();  
                return(false)
}	
	
	 if(document.forms[0].oth_date.value == "") {   
                alert("ATTENTION: Please enter data in the DATE field. If there is no date, enter 0000-00-00");   
                document.forms[0].oth_date.focus();  
                return(false)
}	
	 if(document.forms[0].dock.value == "") {   
                alert("ATTENTION: Please enter dock NO. If there is no dock NO, enter NO dock");   
                document.forms[0].dock.focus();  
                return(false)
}	
	
}

</script>

</head>
<body>
<body style="background-image:url(FadedBG.png); background-repeat:no-repeat; background-attachment:fixed; background-position:center;">
<form method="post" action="new.php">

<b>dock No: (Example 12345)</b> <br />
<input type="text" name="dock" size="30" /><br />

<b>First Name:</b> <br />
<input type="text" name="fname" size="30" /><br />

<b>Middle Name:</b> <br />
<input type="text" name="mname" size="30" /><br />

<b>Last Name:</b> <br />
<input type="text" name="lname" size="30" /><br />

<b>Status:</b> <br />
<select name="status" /> <br />
<option value="Seal">Seal</option>
<option value="Fun">Fun</option>
<option value="Sent">Sent</option>
</select>
</br>

<b>Location: </b><br />
<select name="location" /> <br />
<option value="Office1">Office1</option>
<option value="Office2">Office2</option> 
<option value="Office3">Office3</option> 
</select>
</br>

<b>Unassigned or Pending:
<br> </b> 
<select name="employee" /><br />
<option value="Unassigned">Unassigned</option> 
<option value="Pending">Pending</option>
<option value="Unassigned">Unassigned</option>
</select> 
</br> 

<b>Original Date: (Example YYYY-MM-DD)</b> <br />
<input type="text" name="oth_date" size="30" /><br />

<br>

<input type="submit" value="Submit" onclick="return confirmation(this.form);"/>

</form>
</body>
</html>

Open in new window

0
 
LVL 84

Accepted Solution

by:
Dave Baldwin earned 2000 total points
ID: 38836728
In order for that to work at all, you must have "register_globals on".  The piece you are missing is the the $_POST variables are copied to the "register_globals" variables like $fname before your 'foreach'.  That means your 'foreach' code has no effect on your SQL query string.  In other words, your variables in the SQL query are not 'escaped' for things like single quotes which could easily be what is causing your problems.

The next web host you use will have "register_globals off" or not even available.  It has been removed as of PHP 5.4.

http://php.net/manual/en/security.globals.php

All of my form action pages start off with long lists of code like this:
if (!isset($_POST['fname'])){$fname = "";} else {$fname = $_POST['fname'];}

Open in new window

That makes sure that there is a known value for each variable.  And where there is money involved, the variables are further checked for validity.  Is it a lot more code?  Yes, it is but that's on purpose.  The 'easy way' with "register_globals" was found to be extremely error prone.  "register_globals" creates variables you don't even know about.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses how to implement server side field validation and display customized error messages to the client.
By, Vadim Tkachenko. In this article we’ll look at ClickHouse on its one year anniversary.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…

664 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question