Solved

PHP Upgrade

Posted on 2013-01-29
7
599 Views
Last Modified: 2013-01-30
I'm having some weird intermentant issues where my database is not getting updated when a user submits the data from a web form that is built in PHP. I've troubleshooted the code, browser settings, etc & it is still doing it every now & then & I can not reproduce the problem. I'm to the point of thinking I may need to upgrade the PHP server software. I currently use WAMP (Windows, Apache, MySQL, PHP)....I logged into PHP admin to see what version of PHP I'm using & it shows that I'm on version 3.2.5 for PHP Admin. I'm not that up tp date on this stuff but but question is, can I upgrade the PHP admin & it will update my DB...I'm thinking my issue is DB related. Or maybe I need to just get the latest version of WAMP...any suggestions? Will upgrading to the newest version of WAMP upgrade my mysql databse?

Any other suggestions on how I can troubleshoot this or has anyone else seen this type of problem before? I've attached a screenshot of the versions I'm using.
PHPADMINN.JPG
0
Comment
Question by:wantabe2
  • 4
  • 3
7 Comments
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 38832828
That shows MySQL version 5.5.20, PHP 5.3.9, and phpMyAdmin 3.25 which are all fairly current versions.  Your issue is unlikely to be related to the versions you are running.  The WAMP page http://www.wampserver.com/en/ shows only slightly newer versions of those programs.  I would not recommend moving to PHP 5.4.3 until you find out what your current problem is.
0
 
LVL 15

Author Comment

by:wantabe2
ID: 38832908
That's what I was thinking but I'm not sure where else to turn. I will post the post I am using later this evening. Maybe a second pair of eyes looking at it will find the problem.
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 38833099
The general reason for an INSERT or UPDATE to fail is something wrong in the data.  You will probably need to implement some additional error or format checking to find the problem since most queries are working and only some are failing.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 15

Author Comment

by:wantabe2
ID: 38833474
That makes sense to me because the last few I've troubleshooted had the common denominator of the middle name field had a period in it, such as John Q. Doe instead of John Q Doe

Could a period in that field cause it not to update the database? I will have to post the code tomorrow but really appreciate your help & comments.
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 38833600
Details are important.  MySQL doesn't care if a field has a period in it but something about the code may be affected.   MySQL has a function prepare data for use in a database.  There is one each for 'mysql' and 'mysqli', both are linked on this page: http://www.php.net/manual/en/function.mysql-real-escape-string.php
0
 
LVL 15

Author Comment

by:wantabe2
ID: 38835170
Ok, please see the code below. This code is a form a user uses to input data & it is simply inserted into my MySQL database. I'm beginning to think the issue I'm having is because users are putting a . or ' in the middle or last name field. How can I edit this code so if the middle name has a . in it or the last name has a ' in it, the . or ' will be stripped out before it is inserted into the database? For instance, if someone would use this form & enter the name John Q. O'Bryan & hit submit, only John Q Obryan would be entered into the database?

<html
<head>
<title>New Case</title>
</head>
</html>

<p> <b><i>To go to the main page <a href="http://myserver/gflow/index.html">click here</a>.</b></i></p>
<b> <i> This is the initial entry page. This information <u> will not </u> notify a someone. </b> </i>

<?php
ini_set('display_errors',1);
error_reporting(E_ALL);

if( isset($_POST) && !empty($_POST) )
{

     $host	= "localhost";
     $user	= "uname";
     $pw	= "pword";
     $db	= "flow";
          
     $conn = mysql_connect( $host, $user, $pw )
     or die( "Error! Unable to connect to database server: <br/>" . mysql_error() );

     $rs = mysql_select_db( $db, $conn )
     or die( "Error! Unable to connect to database:  <br/>" . mysql_error() );
          
	foreach($_POST as $key=>$value)
	{
		${$key}=mysql_real_escape_string($value);
	}
	
     $strSQL = "INSERT INTO info
     	( fname, mname, lname, location, employee, status, oth_date, dock)
     	VALUES
     	( '" . $fname . "', '" . $mname . "', '" . $lname . "',  '" . $location . "', '" .$employee ."', '" .$status ."', '".$oth_date ."', '".$dock."')";

	 	 	 
     if (!mysql_query( $strSQL, $conn )){
     	echo( "Unable to save data to database: <br/>" . mysql_error() . "<br/>" . $strSQL . "</span><br/>" );
     }
     else{
     	header( "Location: index.html" );
		exit;
     }
}
?>
<html>

<head>
<title> PODDS </title>

<script type="text/javascript">
var valid;

function d2(v) { return (v<10)?("0"+v):v; }

function confirmation() {
		msg="You're about the enter the following information:";
		msg+="\n"; 
		msg+="\nDock: " + document.forms[0].dock.value;
        msg+="\nName: " + document.forms[0].fname.value + " " + document.forms[0].lname.value;
        msg+="\nStatus: " + document.forms[0].status.value;
		msg+="\nLocation: " + document.forms[0].location.value;
		msg+="\nEmployee: " + document.forms[0].employee.value;
		msg+="\nDate: " + document.forms[0].oth_date.value;
		msg+="\n\nIf this information is correct, click OK, if not click cancel to edit.";
		var answer = confirm(msg)
	if (answer){
		// send data to server
	}
	else{
		// don't send anything and return to your page
	}
	
	
	 if(document.forms[0].fname.value == "") {   
                alert("ATTENTION: Please enter a first name.");   
                document.forms[0].fname.focus();  
                return(false)
}

	 if(document.forms[0].mname.value == "") {   
                alert("ATTENTION: Please enter a middle name. Hasas no middle name enter 'none'");   
                document.forms[0].mname.focus();  
                return(false)
}


		 if(document.forms[0].lname.value == "") {   
                alert("ATTENTION: Please enter a last name.");   
                document.forms[0].lname.focus();  
                return(false)
}


	 if(document.forms[0].location.value == "") {   
                alert("ATTENTION: Please choose a location.");   
                document.forms[0].fname.focus();  
                return(false)
}
	
	 if(document.forms[0].employee.value == "") {   
                alert("ATTENTION: Please choose PENDING or UNASSIGNED.");   
                document.forms[0].employee.focus();  
                return(false)
}	
	
	 if(document.forms[0].oth_date.value == "") {   
                alert("ATTENTION: Please enter data in the DATE field. If there is no date, enter 0000-00-00");   
                document.forms[0].oth_date.focus();  
                return(false)
}	
	 if(document.forms[0].dock.value == "") {   
                alert("ATTENTION: Please enter dock NO. If there is no dock NO, enter NO dock");   
                document.forms[0].dock.focus();  
                return(false)
}	
	
}

</script>

</head>
<body>
<body style="background-image:url(FadedBG.png); background-repeat:no-repeat; background-attachment:fixed; background-position:center;">
<form method="post" action="new.php">

<b>dock No: (Example 12345)</b> <br />
<input type="text" name="dock" size="30" /><br />

<b>First Name:</b> <br />
<input type="text" name="fname" size="30" /><br />

<b>Middle Name:</b> <br />
<input type="text" name="mname" size="30" /><br />

<b>Last Name:</b> <br />
<input type="text" name="lname" size="30" /><br />

<b>Status:</b> <br />
<select name="status" /> <br />
<option value="Seal">Seal</option>
<option value="Fun">Fun</option>
<option value="Sent">Sent</option>
</select>
</br>

<b>Location: </b><br />
<select name="location" /> <br />
<option value="Office1">Office1</option>
<option value="Office2">Office2</option> 
<option value="Office3">Office3</option> 
</select>
</br>

<b>Unassigned or Pending:
<br> </b> 
<select name="employee" /><br />
<option value="Unassigned">Unassigned</option> 
<option value="Pending">Pending</option>
<option value="Unassigned">Unassigned</option>
</select> 
</br> 

<b>Original Date: (Example YYYY-MM-DD)</b> <br />
<input type="text" name="oth_date" size="30" /><br />

<br>

<input type="submit" value="Submit" onclick="return confirmation(this.form);"/>

</form>
</body>
</html>

Open in new window

0
 
LVL 82

Accepted Solution

by:
Dave Baldwin earned 500 total points
ID: 38836728
In order for that to work at all, you must have "register_globals on".  The piece you are missing is the the $_POST variables are copied to the "register_globals" variables like $fname before your 'foreach'.  That means your 'foreach' code has no effect on your SQL query string.  In other words, your variables in the SQL query are not 'escaped' for things like single quotes which could easily be what is causing your problems.

The next web host you use will have "register_globals off" or not even available.  It has been removed as of PHP 5.4.

http://php.net/manual/en/security.globals.php

All of my form action pages start off with long lists of code like this:
if (!isset($_POST['fname'])){$fname = "";} else {$fname = $_POST['fname'];}

Open in new window

That makes sure that there is a known value for each variable.  And where there is money involved, the variables are further checked for validity.  Is it a lot more code?  Yes, it is but that's on purpose.  The 'easy way' with "register_globals" was found to be extremely error prone.  "register_globals" creates variables you don't even know about.
0

Featured Post

Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

Join & Write a Comment

I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now