...

View Full Version : Coding problem moving from php versions



wayland
12-28-2007, 05:21 AM
I have a online dating site. I am moving it from PHP Version 4.3.10 To PHP version 5.2.5
After installing the script I noticed the pictures would not post after upload. I think the problem is in the file below. Can anyone see a problem I am missing?
What I have been getting when I try to upload picture is User not Specified.
<?php
session_start();

// Database connection variables
require("./config.php");

$dbServer = $server1;
$dbUser = $username1;
$dbPass = $password1;
$dbDatabase = $database1;
$active1=$ShowPicture;
$pixallowed=$PicsAllowed;

//echo "****" . $UserID;

$sConn = mysql_connect($dbServer, $dbUser, $dbPass)
or die("Couldn't connect to database server");

$dConn = mysql_select_db($dbDatabase, $sConn)
or die("Couldn't connect to database $dbDatabase");

if($UserID == "")
{
die("User Not Specified.");
}

$dbQuery = "SELECT * FROM date_images Where User_ID = '" . $UserID . "'";
$result=mysql_query($dbQuery);
$num_results=mysql_num_rows($result);
if ($num_results<=$pixallowed)
{
//echo "Allowed";
if($fileUpload1 == "")
{
}
else
{
$fileHandle = fopen($fileUpload1, "r");
$fileContent1 = fread($fileHandle, filesize($fileUpload1));
$fileContent1 = addslashes($fileContent1);
$dbQuery = "INSERT INTO date_images (User_ID, Picture1, pactive) VALUES ('" . $UserID . "','" . $fileContent1 . "','" . $active1 . "')";
mysql_query($dbQuery) or die("Couldn't add file to database");
}
}
else
{
//echo "Not Allowed";
die("Maximum allowed pictures already uploaded. Use the Member Menu to delete uploaded pictures.");
}


//echo " " . $dbQuery;

echo "<h1>File(s) Uploaded</h1>";
echo "Return to the Home page by clicking below:<br><br>";
echo "<a href='Main.php'>Home</a>";

?>

Inigoesdr
12-28-2007, 05:35 AM
I don't see an error in that code, and PHP isn't giving any syntax errors. Make sure you have error reporting on.

ini_set('display_errors', 1);
error_reporting(E_ALL);

Fou-Lu
12-28-2007, 05:36 AM
Likely a simple solution.
I cannot remember exactly when the changed it, but the default for the ini directive: register_globals is now OFF.
This is a move by php to help secure variable instantiation. Now you can no longer access undefined variables without the use of a superglobal (or a registered long array in older versions, and if still enabled - will also be gone with version 6).
So, when you call things like:
$userID
This has to come from somewhere, likely a post request from a form. With this in mind, you now have to access it through a superglobal known as $_POST (or you can use $_REQUEST if you know how to control it better than its defaults).
These:
$dbServer = $server1;
$dbUser = $username1;
$dbPass = $password1;
$dbDatabase = $database1;
$active1=$ShowPicture;
$pixallowed=$PicsAllowed;
Likely come from the configuration files. So they are ok, they have been initialized, assigned a value, and registered into the current scope with your inclusion. However, things that you would get from the user, yep, you guessed it, need to be accessed through the superglobals.
So:
$userID
is now accessed from
$_POST['userID'];
Assuming its through the form.

Of course, you *could* always re-enable your globals, but not only is that insecure, it will also kill every script when php 6 is rolled out.
Hope that helps you, and hope you don't have too much work ahead of you!



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum