Solved

PHP Upgrade

Posted on 2013-01-29
7
603 Views
Last Modified: 2013-01-30
I'm having some weird intermentant issues where my database is not getting updated when a user submits the data from a web form that is built in PHP. I've troubleshooted the code, browser settings, etc & it is still doing it every now & then & I can not reproduce the problem. I'm to the point of thinking I may need to upgrade the PHP server software. I currently use WAMP (Windows, Apache, MySQL, PHP)....I logged into PHP admin to see what version of PHP I'm using & it shows that I'm on version 3.2.5 for PHP Admin. I'm not that up tp date on this stuff but but question is, can I upgrade the PHP admin & it will update my DB...I'm thinking my issue is DB related. Or maybe I need to just get the latest version of WAMP...any suggestions? Will upgrading to the newest version of WAMP upgrade my mysql databse?

Any other suggestions on how I can troubleshoot this or has anyone else seen this type of problem before? I've attached a screenshot of the versions I'm using.
PHPADMINN.JPG
0
Comment
Question by:wantabe2
  • 4
  • 3
7 Comments
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 38832828
That shows MySQL version 5.5.20, PHP 5.3.9, and phpMyAdmin 3.25 which are all fairly current versions.  Your issue is unlikely to be related to the versions you are running.  The WAMP page http://www.wampserver.com/en/ shows only slightly newer versions of those programs.  I would not recommend moving to PHP 5.4.3 until you find out what your current problem is.
0
 
LVL 15

Author Comment

by:wantabe2
ID: 38832908
That's what I was thinking but I'm not sure where else to turn. I will post the post I am using later this evening. Maybe a second pair of eyes looking at it will find the problem.
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 38833099
The general reason for an INSERT or UPDATE to fail is something wrong in the data.  You will probably need to implement some additional error or format checking to find the problem since most queries are working and only some are failing.
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 
LVL 15

Author Comment

by:wantabe2
ID: 38833474
That makes sense to me because the last few I've troubleshooted had the common denominator of the middle name field had a period in it, such as John Q. Doe instead of John Q Doe

Could a period in that field cause it not to update the database? I will have to post the code tomorrow but really appreciate your help & comments.
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 38833600
Details are important.  MySQL doesn't care if a field has a period in it but something about the code may be affected.   MySQL has a function prepare data for use in a database.  There is one each for 'mysql' and 'mysqli', both are linked on this page: http://www.php.net/manual/en/function.mysql-real-escape-string.php
0
 
LVL 15

Author Comment

by:wantabe2
ID: 38835170
Ok, please see the code below. This code is a form a user uses to input data & it is simply inserted into my MySQL database. I'm beginning to think the issue I'm having is because users are putting a . or ' in the middle or last name field. How can I edit this code so if the middle name has a . in it or the last name has a ' in it, the . or ' will be stripped out before it is inserted into the database? For instance, if someone would use this form & enter the name John Q. O'Bryan & hit submit, only John Q Obryan would be entered into the database?

<html
<head>
<title>New Case</title>
</head>
</html>

<p> <b><i>To go to the main page <a href="http://myserver/gflow/index.html">click here</a>.</b></i></p>
<b> <i> This is the initial entry page. This information <u> will not </u> notify a someone. </b> </i>

<?php
ini_set('display_errors',1);
error_reporting(E_ALL);

if( isset($_POST) && !empty($_POST) )
{

     $host	= "localhost";
     $user	= "uname";
     $pw	= "pword";
     $db	= "flow";
          
     $conn = mysql_connect( $host, $user, $pw )
     or die( "Error! Unable to connect to database server: <br/>" . mysql_error() );

     $rs = mysql_select_db( $db, $conn )
     or die( "Error! Unable to connect to database:  <br/>" . mysql_error() );
          
	foreach($_POST as $key=>$value)
	{
		${$key}=mysql_real_escape_string($value);
	}
	
     $strSQL = "INSERT INTO info
     	( fname, mname, lname, location, employee, status, oth_date, dock)
     	VALUES
     	( '" . $fname . "', '" . $mname . "', '" . $lname . "',  '" . $location . "', '" .$employee ."', '" .$status ."', '".$oth_date ."', '".$dock."')";

	 	 	 
     if (!mysql_query( $strSQL, $conn )){
     	echo( "Unable to save data to database: <br/>" . mysql_error() . "<br/>" . $strSQL . "</span><br/>" );
     }
     else{
     	header( "Location: index.html" );
		exit;
     }
}
?>
<html>

<head>
<title> PODDS </title>

<script type="text/javascript">
var valid;

function d2(v) { return (v<10)?("0"+v):v; }

function confirmation() {
		msg="You're about the enter the following information:";
		msg+="\n"; 
		msg+="\nDock: " + document.forms[0].dock.value;
        msg+="\nName: " + document.forms[0].fname.value + " " + document.forms[0].lname.value;
        msg+="\nStatus: " + document.forms[0].status.value;
		msg+="\nLocation: " + document.forms[0].location.value;
		msg+="\nEmployee: " + document.forms[0].employee.value;
		msg+="\nDate: " + document.forms[0].oth_date.value;
		msg+="\n\nIf this information is correct, click OK, if not click cancel to edit.";
		var answer = confirm(msg)
	if (answer){
		// send data to server
	}
	else{
		// don't send anything and return to your page
	}
	
	
	 if(document.forms[0].fname.value == "") {   
                alert("ATTENTION: Please enter a first name.");   
                document.forms[0].fname.focus();  
                return(false)
}

	 if(document.forms[0].mname.value == "") {   
                alert("ATTENTION: Please enter a middle name. Hasas no middle name enter 'none'");   
                document.forms[0].mname.focus();  
                return(false)
}


		 if(document.forms[0].lname.value == "") {   
                alert("ATTENTION: Please enter a last name.");   
                document.forms[0].lname.focus();  
                return(false)
}


	 if(document.forms[0].location.value == "") {   
                alert("ATTENTION: Please choose a location.");   
                document.forms[0].fname.focus();  
                return(false)
}
	
	 if(document.forms[0].employee.value == "") {   
                alert("ATTENTION: Please choose PENDING or UNASSIGNED.");   
                document.forms[0].employee.focus();  
                return(false)
}	
	
	 if(document.forms[0].oth_date.value == "") {   
                alert("ATTENTION: Please enter data in the DATE field. If there is no date, enter 0000-00-00");   
                document.forms[0].oth_date.focus();  
                return(false)
}	
	 if(document.forms[0].dock.value == "") {   
                alert("ATTENTION: Please enter dock NO. If there is no dock NO, enter NO dock");   
                document.forms[0].dock.focus();  
                return(false)
}	
	
}

</script>

</head>
<body>
<body style="background-image:url(FadedBG.png); background-repeat:no-repeat; background-attachment:fixed; background-position:center;">
<form method="post" action="new.php">

<b>dock No: (Example 12345)</b> <br />
<input type="text" name="dock" size="30" /><br />

<b>First Name:</b> <br />
<input type="text" name="fname" size="30" /><br />

<b>Middle Name:</b> <br />
<input type="text" name="mname" size="30" /><br />

<b>Last Name:</b> <br />
<input type="text" name="lname" size="30" /><br />

<b>Status:</b> <br />
<select name="status" /> <br />
<option value="Seal">Seal</option>
<option value="Fun">Fun</option>
<option value="Sent">Sent</option>
</select>
</br>

<b>Location: </b><br />
<select name="location" /> <br />
<option value="Office1">Office1</option>
<option value="Office2">Office2</option> 
<option value="Office3">Office3</option> 
</select>
</br>

<b>Unassigned or Pending:
<br> </b> 
<select name="employee" /><br />
<option value="Unassigned">Unassigned</option> 
<option value="Pending">Pending</option>
<option value="Unassigned">Unassigned</option>
</select> 
</br> 

<b>Original Date: (Example YYYY-MM-DD)</b> <br />
<input type="text" name="oth_date" size="30" /><br />

<br>

<input type="submit" value="Submit" onclick="return confirmation(this.form);"/>

</form>
</body>
</html>

Open in new window

0
 
LVL 83

Accepted Solution

by:
Dave Baldwin earned 500 total points
ID: 38836728
In order for that to work at all, you must have "register_globals on".  The piece you are missing is the the $_POST variables are copied to the "register_globals" variables like $fname before your 'foreach'.  That means your 'foreach' code has no effect on your SQL query string.  In other words, your variables in the SQL query are not 'escaped' for things like single quotes which could easily be what is causing your problems.

The next web host you use will have "register_globals off" or not even available.  It has been removed as of PHP 5.4.

http://php.net/manual/en/security.globals.php

All of my form action pages start off with long lists of code like this:
if (!isset($_POST['fname'])){$fname = "";} else {$fname = $_POST['fname'];}

Open in new window

That makes sure that there is a known value for each variable.  And where there is money involved, the variables are further checked for validity.  Is it a lot more code?  Yes, it is but that's on purpose.  The 'easy way' with "register_globals" was found to be extremely error prone.  "register_globals" creates variables you don't even know about.
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
converting numbers with php 3 32
phpmailer in WHILE loop - weird results 10 29
configure dependency in POM for new database 3 18
Why do people dis php? 5 23
If your site has a few sections that need to be secure when data is transmitted between the server and local computer, such as a /order/ section for ordering or /customer/ which contains customer data, etc it would of course be recommended to secure…
This article discusses how to create an extensible mechanism for linked drop downs.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now