4.3.11 vs 4.4.4

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
jimster
Forum Newbie
Posts: 5
Joined: Tue Jun 26, 2007 11:51 pm

4.3.11 vs 4.4.4

Post by jimster »

Hi all .. i'm a newbie ...

I have a simple PHP script that works in 4.3.11 but not in 4.4.4

It's a script that receives variables from a Flash movie and passes them on to MySQL.

Does anyone know if there are any big differences between the 2 versions that I need to be aware of?

Thanks!
User avatar
Gente
Forum Contributor
Posts: 252
Joined: Wed Jun 13, 2007 9:43 am
Location: Ukraine, Kharkov
Contact:

Re: 4.3.11 vs 4.4.4

Post by Gente »

jimster wrote:Does anyone know if there are any big differences between the 2 versions that I need to be aware of?
php.net knows. Check here
jimster wrote:It's a script that receives variables from a Flash movie and passes them on to MySQL.
You can clear all unnecessary and put your code.
jimster
Forum Newbie
Posts: 5
Joined: Tue Jun 26, 2007 11:51 pm

Post by jimster »

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Thanks! I had looked at that page from phpnet before, in particular the changelog for 4.4, but found nothing that could be causing the problem.

Here's what the code looks like. I think it's the BuildQuery portion that's causing me grief. Any suggestions at all will be appreciated!

Code: Select all

<?php
// Define database connection details
$dbHost = "xxx";
$dbUser = "xxx";
$dbPass = "xxx";
$dbName = "xxx";

// Attempt to connect to MySQL server
$link = @mysql_connect($dbHost, $dbUser, $dbPass);

// If the connection was unsuccessful...
if (!$link)
{
    // Report error to Flash and exit
    print "&result=Fail";
    print "&errorMsg=" . urlencode("Could not connect to server");
    exit;
}

// Attempt to connect to MySQL server
$link = @mysql_connect($dbHost, $dbUser, $dbPass);

// If the connection was unsuccessful...
if (!$link)
{
    // Report error to Flash and exit
    print "&result=Fail";
    print "&errorMsg=" . urlencode("Could not connect to database");
    exit;
}

// Attempt to select database. If unsuccessfull...
if (!@mysql_select_db($dbName))
{
    // Report error to Flash and exit
    print "&result=Fail";
    print "&errorMsg=" . urlencode("Could not select $dbName database");
    exit;
}


// Build Query
$query = "INSERT INTO petition (username, continent, country, email)
          VALUES('$userName', '$userContinent', '$userCountry', '$userEmail')";


// Execute Query
$result = @mysql_query($query);

if($userContinent=="Asia"){
// Build Asia Query
$cont1_query = "INSERT INTO petition_as (username, country, email)
          VALUES('$userName', '$userCountry', '$userEmail')";

// Execute Query
$result = @mysql_query($cont1_query);
}

if($userContinent=="Australia"){
// Build Australia Query
$cont2_query = "INSERT INTO petition_oz (username, country, email)
          VALUES('$userName', '$userCountry', '$userEmail')";

// Execute Query
$result = @mysql_query($cont2_query);
}

if($userContinent=="Africa"){
// Build Africa Query
$cont3_query = "INSERT INTO petition_af (username, country, email)
          VALUES('$userName', '$userCountry', '$userEmail')";

// Execute Query
$result = @mysql_query($cont3_query);
}

if($userContinent=="Europe"){
// Build Europe Query
$cont4_query = "INSERT INTO petition_uk (username, country, email)
          VALUES('$userName', '$userCountry', '$userEmail')";

// Execute Query
$result = @mysql_query($cont4_query);
}

if($userContinent=="North America"){
// Build North America Query
$cont5_query = "INSERT INTO petition_na (username, country, email)
          VALUES('$userName', '$userCountry', '$userEmail')";

// Execute Query
$result = @mysql_query($cont5_query);
}

if($userContinent=="South America"){
// Build South America Query
$cont6_query = "INSERT INTO petition_sa (username, country, email)
          VALUES('$userName', '$userCountry', '$userEmail')";

// Execute Query
$result = @mysql_query($cont6_query);
}


// If query was successful
if ($result)
{
    // Report success back to Flash movie
    print "&result=Okay";
}
else
{
    // Otherwise, tell Flash we stuffed up
    print "&result=Fail";
    print "&errorMsg=" . urlencode("Failed to submit petition, please try again later.");
}

// Close the connection
mysql_close($link);
?>

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

While I do not see anything in that snippet you posted that would suggest it wouldn't work in PHP 4.4, I do see SQL injection and code duplication.
jimster
Forum Newbie
Posts: 5
Joined: Tue Jun 26, 2007 11:51 pm

Post by jimster »

wow ... sounds serious. will they actually prevent my code from working on one server running 4.4.4 when it works on another server running 4.3.11?
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

Ah, I know why it's not working: you're using register globals (I was wondering where all the variables were coming from). Are you using get or post to submit the form?
jimster
Forum Newbie
Posts: 5
Joined: Tue Jun 26, 2007 11:51 pm

Post by jimster »

We're using POST
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

Alright. The first thing to do is make sure that the $_POST variable is filled with values. Read up on what the $_POST superglobal is, then show me you assigning the local variables from this array.
jimster
Forum Newbie
Posts: 5
Joined: Tue Jun 26, 2007 11:51 pm

Post by jimster »

Thanks! I sent you a PM, not sure if you received it.

To anyone else, I'm willing to pay to get this sorted out. Anyone confident of fixing this pls send me a PM.
Post Reply