Page 1 of 1

worked under php4, but not with php5, need help please.

Posted: Sat Aug 30, 2008 12:56 am
by worksite
firstly, thankyou for taking the time to read this, and i hope
that someone can point out what the problem is, and how to fix it.

the website worked fine under php4, but changing to a new hosting site which has php5 on it, resulted in it not working.

i have almost completed the site with help and guidance from a friend, but he is very busy at present,
and i can not wait weeks, before he is freed up to assist me, in completing the site upgrade.

..so any help would be very much appreciated.

in brief:- it should show a list of up to 4 workers selected; by either directly
adding them in the section or from selecting them from, some search results.

the problem is:- it will add the first worker id, ok.

but any other id added to the list, simply changes the first id added,
to the new one ( added or selected ), so there is only 1 worker id on the page every time.

it is not adding up....

this is the section of the index file out side the folder, which is used along with, the search worker file.

( meaning first folder has in it, this index file, and another folder containing the files used in this section
, which is where the search worker file is located )

hope i have not confused you to much; once again thankyou in advance.

--------------

Code: Select all

// add to selected workers cookies for worker search
if ($add) {
    if (substr($add, 0, 1) == 'W') {
        $add = substr($add, 1);
    }
 
    // check if user exists and has paid
    $sql = "SELECT * FROM workers WHERE id = $add";
    $q->query($dbc, $sql);
    $found = $q->numrows();
 
    $selectedWorkers = count($workers);
 
    // check for duplicates
    $dupe = 0;
    for ($i = 0; $i < $selectedWorkers; $i++) {
        if ($workers[$i] == $add) $dupe = 1;
    }
 
    if ($selectedWorkers < 4 && $found > 0 && !$dupe) {
        setcookie("workers[$selectedWorkers]", $add);
        $workers[$selectedWorkers] = $add;
    }
}
 
/*--------------------
this here is part of the search worker file below.
 
--------------------*/
 
                <form action="?action=searchWorkers" method="POST">
                        <tr>
                            <td height=35 colspan=3 align=center valign=top class="body">
                                Worker ID: <input type=text name="add" value="W" size=10 class="form80">
                                <input type=submit value="Add">
                            </td>
                        </tr>
                        </form>
                        <tr>
                            <td colspan=2 class="body">
                                <b>Selected workers</b> - up to 4
                            </td>
                        </tr>
                        <tr>
                            <td colspan=2 height=1>
                                <table width=298 border=0 cellpadding=0 cellspacing=0>
                                <tr>
                                    <td height=1 background="images/bg000000.gif"><img src="images/spacer.gif" width=1 height=1></td>
                                </tr>
                                </table>
                            </td>
                        </tr>
                        <form action="?action=contact" method="POST">
<?php
    if (count($workers) == 0) {
?>
                        <tr>
                            <td colspan=2 class="body">
                                No workers selected.
                            </td>
                        </tr>
<?php
    /////////////////////////////////////////////////////////////////
    // if user has selected workers to contact
    /////////////////////////////////////////////////////////////////
 
    } else {
        for ($i = 0; $i < count($workers); $i++) {
            $sql = "SELECT firstName FROM workers WHERE id = ".$workers[$i];
            $q->query($dbc, $sql);
            list($name) = $q->getrow();
 
?>
                        <tr>
                            <td class="body">
                                <input type="hidden" name="worker<?php echo $i; ?>" value="<?php echo $workers[$i]; ?>">
                                <a href='<?php echo "?action=viewWorker&id=$workers[$i]&back=searchWorkers&offset=$offset&orderby=$orderby$searchParams"; ?>'>W<?php echo $workers[$i]." - $name</a>"; ?>
                            </td>
                            <td class="body" align=right>
                                [<a href="<?php echo "?action=searchWorkers&remove=$i&offset=$offset&orderby=$orderby$searchParams"; ?>">remove</a>]
                            </td>
                        </tr>
<?php
        }
?>
                        <tr>
                            <td colspan=2 align=center><input type="submit" value="Next >>"></td>
                        </tr>
<?php
    }
?>
                        </form>

Re: worked under php4, but not with php5, need help please.

Posted: Sat Aug 30, 2008 10:41 am
by Jaxolotl
Just a doubt:
on line 3 do you mean $add as the auto global value resulting from $_POST['add'] value (input value on line 34)
if so, remember that PHP 5 is register_globals off by default so if you did not write your code in a Globals safe way you may have a not initialized/not assigned variable $add
same for action $_GET value from ?action=xxxxx on form action value


You may turn them on but I suggest you start coding with them off in a "Globals safe" way for security.
Also take care of the way you're accepting values from $_REQUEST to make your db queries, you MUST sanitize them to prevent SQLInjection by using some or all of this steps.

Use mysql_real_escape_string();

force type on the values you'll use, for example it seam you're using $add as an integer primary key value on your workers db table so

Code: Select all

 
$add = (int)$_POST['add'];
 

Use backticks and singlequotes on queries

Code: Select all

 
 $sql = "SELECT * FROM `workers` WHERE `id` = '".$add."'";