Below mentioned PHP code was perfect on vertrigo_222 (and also on livehost).
Now I am trying to upgrade my localhost to vertrigo_230.
I am facing following undefined variable error or warning:
Here is code (line # 30 is mentioned):
<?php
ob_start();
session_start();
include_once("PHP_Code/db_connection.php");
if(isset($_REQUEST['data']))
$data = $_REQUEST['data'];
//Fetch All Important Information from Database in Variables
if($_SESSION['id'] && $_SESSION['pw']) //Login Must for This Informatiion
{
if(isset($_REQUEST['city_id']))
{
if($_REQUEST['city_id'])
{
$city_id = $_REQUEST['city_id'];
}
else
{
$query = "SELECT * FROM cities WHERE user_id = '$_SESSION[id]'";
$c = mysql_query($query) or die(mysql_error()." in query $query");
$city = mysql_fetch_array($c);
$city_id = $city['city_id'];
}
//Setting Current/Opened City in Session
$_SESSION['city_id'] = $city_id;
}
}
//Secure Page
if($data == "") //Line # 30
$data = "loginPage";
Please give me some solution.
define the $data as global variable and you have to use mysqli insted because mysql Officially deprecated
ob_start();
session_start();
include_once("PHP_Code/db_connection.php");
$data = '';
//your code
Related
I'm working on an e-commerce project, currently on back end on the project where you can add or remove menus or sub-menues of categories .
I have checked dlls are enabled
That's the error I'm getting
Fatal error: Call to undefined function sanitize() in C:\xampp\htdocs\project\admin\categories.php on line 15
Here is the code
<?php
require_once $_SERVER['DOCUMENT_ROOT'].'/project/core/init.php';
include 'includes/head.php';
include 'includes/navigation.php';
$sql = "SELECT * FROM categories WHERE parent = 0";
$result = $db->query($sql);
$errors = array();
// when the form is cick process
$Category = '';
$parent= '';
if(isset($_POST) && !empty($_POST)){
$parent = sanitize($_POST['parent']);
$category = sanitize($_POST['category']);
$sqlform = "SELECT * FROM categories WHERE category ='$category' AND parent = '$parent'";
$fresult = $db->query($sqlform);
$count = mysqli_num_rows($fresult);
//if category is blank
if($category == ''){
$errors[] .= 'The category cannot be left blank';
}
//if it already exixt in database
if($count > 0){
$errors[] .= $category.' Already exits please choose a new category';
}
//display error or update database
if(!empty($errors)){
$display = display_errors($errors);?>
<script>
jQuery('document').ready(function(){
jQuery ('#errors').html('<?php $display;?>');
});
</script>
<?php } else{
//update database
$updatesql = "INSERT INTO categories(category,parent)VALUES ('$category','$parent')";
$db->query($updatesql);
header('location:categories.php');
}
}
?>
It seems to me that, sanitize isn't defined in scope. It's not a standard function so it should be somewhere within your code. You can most likely substitute it directly with mysqli_real_escape_string like this:
$parent = mysqli_real_escape_string($_POST['parent']);
$category = mysqli_real_escape_string($_POST['category']);
You should use PDO instead, that would be much better!
Hope this helps!
When i run my php file with the following code:
<?php
//configurution of server
$serve = mysql_connect('localhost', 'root', 'password');
if (!$serve) { echo 'error' ; }
$db = mysql_select_db('record', $serve);
//action to include
if($_GET['action'] == 'include') {
$name = $_GET ['name'];
$lastname = $_GET['lastname'];
$SQL = "insert into user (name, lastname) VALUES ('$name', '$lastname')";
$re = mysql_query($SQL, $serve);
}
//action list
if($_GET['action'] == 'userlist') {
$SQL = "SELECT * FROM user";
$re = mysql_query($SQL, $serve);
$num = mysql_num_rows($re);
if($num > 0) {
//view screen
while ($Line = mysql_fetch_object($re)) {
echo "<b>Name: </b> {$Line->name} <b><br></b>
<b>Lastname: </b> {$Line->lastname} </br><hr>";
}
}
else {
echo 'no user recorded';
}
}
?>
This error appears:
Fatal error: Call to undefined function mysql_connect() in C:\xampp\htdocs\xampp\record\www\connect.php on line 5
I have ran the php file below to check my extension list to see if '[xx] => mysql' is displayed which it isn't. I have added 'extension=php_mysql.dll' to 'php.ini' and restarted apache & mysql but this still isn't working. I have also added 'C:\xampp\php\ext' into the 'path' environmental variable. I have checked the internet but can't seem to find a solution to my problem, can anyone please help me. Thank-you.
<?php // extensions_list.php
$list = get_loaded_extensions();
$list2 = array_map('strtolower',$list);
sort($list2);
echo '<pre>'.print_r($list2,true).'</pre>';
?>
mysql_xxx functions are deprecated, use mysqli_xxx or PDO instead.
http://php.net/manual/en/function.mysqli-connect.php
http://php.net/manual/en/book.pdo.php
Currently the use of mysql_connect function is not advisable because it is deprecated. Use mysqli or pdo instead.
For example:
$connection = new mysqli($dbhost,$username,$password,$dbname);
$query = "SAMPLE QUERY";
$connection->query($query);
or
Look here for PDO
Objective: I am in the process of creating a php login script.
Problem: I can't seem to be able to make my includes recognize the $connection variable even though it should be clearly defined in connection.php. As a result the value of my variable is nothing / NULL.
What I tried: I started with mysql but quickly noticed that it was the wrong approach and converted my code to mysqli. I checked for typos in all the $connection variables I have. I made sure the paths are correct. As a last resort I did a Google search but didn't find an answer or any useful hint to my scenario.
Problem: What is the reason for my variable not being defined?
Error Messages:
All those messages are related to this single variable no being defined for some reason:
Php Notice: Undefined variable: connection in C:\xampp\htdocs\aspie\Php\Core\Common.php on line 4
Php Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, null given in C:\xampp\htdocs\aspie\Php\Core\Common.php on line 4
Php Notice: Undefined variable: connection in C:\xampp\htdocs\aspie\Php\Core\Functions\Members.php on line 4
Php Warning: mysqli_query() expects parameter 1 to be mysqli, null given in C:\xampp\htdocs\aspie\Php\Core\Functions\Members.php on line 4
Php Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, null given in C:\xampp\htdocs\aspie\Php\Core\Functions\Members.php on line 5
// INITIALIZER
<?php
session_start();
// error_reporting(NULL);
include 'Connection.php';
include 'Common.php';
include 'Functions/Members.php';
?>
**// ERROR MESSAGES **
<?php
$connection_error = 'Our website is experiencing technical issues, please come back later.';
$wrong_login = 'Password and name are wrong.';
$member_registered = 'Access has been denied. You do not seem to be a registered user.';
?>
**// CONNECTION **
<?php
include 'Errors.php';
$connection = mysqli_connect('localhost', 'root', '', 'project') or exit ($connection_error);
?>
**// COMMON **
<?php
error_reporting();
function sanitize($connection, $data) {
global $connection;
global $data;
return mysqli_real_escape_string($connection, $data);
}
?>
**// MEMBERS **
<?php
function member_registered($connection, $name) {
$name = sanitize($connection, $name);
$query = mysqli_query($connection, "SELECT COUNT(`id`) FROM `members` WHERE `name` = '$name'");
return (mysqli_num_rows($query) == 1) ? true : false;
}
?>
**// LOGIN **
<?php
include 'Php/Core/Initializer.php';
if (member_registered($connection, 'ee')) {
echo "exists";
}
die("eee");
echo error_reporting();
if (empty($_POST) == false) {
$name = $_POST['name'];
$password = $_POST['name'];
if (empty($name) OR empty($password)) {
echo $wrong_login;
}
else if (member_registered($connection, $name) == false) {
echo $member_registered;
}
}
?>
UPDATE:
Now what I get: existseee;
The conditional doesnt work now even though its all set up right. Username doesnt exist so it should'nt echo "exists:
if (member_registered($connection, 'ee')) {
echo "exists";
}
die("eee");
In your case, the $connection variable inside your sanitize function isn't reachable.
Try to pass the $connection variable into your function, like this:
function sanitize($data, $connection) {
return mysqli_real_escape_string($connection, $data);
}
Read more about it here: http://php.net/manual/en/language.variables.scope.php
UPDATE
In **// MEMBERS ** you need to include the new parameter as well:
function member_registered($name, $connection) {
$name = sanitize($name, $connection);
$query = mysqli_query($connection, "SELECT COUNT(`id`) FROM `members` WHERE `name` = '$name'");
return (mysqli_num_rows($query) == 1) ? true : false;
}
and because of that your **// LOGIN ** should be updated as well:
include 'Php/Core/Initializer.php';
if (member_registered('ee', $connection)) {
echo "exists";
}
die("eee");
echo error_reporting();
if (empty($_POST) == false) {
$name = $_POST['name'];
$password = $_POST['name'];
if (empty($name) OR empty($password)) {
echo $wrong_login;
}
else if (member_registered($name, $connection) == false) {
echo $member_registered;
}
}
And make sure that the $connection variable is reachable everywhere where you need it.
UPDATE #2
Answer to your update:
it should be like this:
if (member_registered('ee', $connection)) {
echo "exists";
}
and not like this:
if (member_registered($connection, 'ee')) {
echo "exists";
}
the $connection is the second parameter.
I am getting the id from another page but i am not being able to pass it to the sql query. If i define any value to $id instead of 0 then the query works but otherwise it fails.
Secondly, i would like to display the values of the array in respective input fields. I tried using
<?php
echo $result_array['institutename'][0];
?>
in the body part but it didnt work out.
My rest code is as follows:
(I know the mysql functions are deprecated but i would move on to mysqli as soon as i have solved this problem)
<?php
include 'connect.php';
$id=0;
$result_array=array();
if(isset($_REQUEST['id'])){
$id=(int)$_REQUEST['id'];
//$uid=$id;
if(!empty($id)){
$sql = "SELECT * FROM institute WHERE id =$id";
$result = mysql_query($sql);
while($row = mysql_fetch_assoc($result)){
$result_array[]=$row;
}
}
}
if ($_SERVER['REQUEST_METHOD'] == 'POST' && $_POST['form_institutedetails'] == 'saveinstitutedetails')
{
$mysql_table='institute';
$institutename = $_POST['institutename'];
$established = $_POST['established'];
$regno = $_POST['reg_no'];
$branch = $_POST['branch'];
$initials = $_POST['initials'];
$address=$_POST['address'];
$pin=$_POST['pin'];
$contact1=$_POST['contact1'];
$contact2=$_POST['contact2'];
$contact3=$_POST['contact3'];
$fax1=$_POST['fax1'];
$fax2=$_POST['fax2'];
$email=$_POST['email'];
$website=$_POST['website'];
if(isset($_POST['head_office'])){
$head_office=$_POST['head_office'];
}
else{
$head_office="Branch";
}
if (!preg_match("/^.+#.+\..+$/", $email))
{
$error_message = 'Email is not a valid email address. Please check and try again.';
}
if (empty($error_message))
{
$newinstitutename = mysql_real_escape_string($institutename);
$newestablished = mysql_real_escape_string($established);
$newregno = mysql_real_escape_string($regno);
$newbranch = mysql_real_escape_string($branch);
$newaddress = mysql_real_escape_string($address);
$newpin = mysql_real_escape_string($pin);
$newemail = mysql_real_escape_string($email);
$newwebsite = mysql_real_escape_string($website);
$ho = mysql_real_escape_string($head_office);
include 'connect.php';
$sql = "UPDATE `".$mysql_table."` SET `institutename`='$newinstitutename', `established`='$newestablished', `regno`='$newregno', `branch`='$newbranch', `initials`='$initials', `address`='$newaddress', `pin`='$newpin', `contact1`='$contact1', `contact2`='$contact2', `contact3`='$contact3', `fax1`='$fax1', `fax2`='$fax2', `email`='$newemail', `website`='$newwebsite', `head_office`='$ho' WHERE `id`=$id";
$result = mysql_query($sql, $db);
mysql_close($db);
$error_message='Updated Successfully!.';
}
}
?>
When you are unsure about the structure of an array, you can always do a print_r during development.
print_r($result_array);
In this case, it is an index array of associative arrays.
To access the first record's institutename (and probably the only record since it looks like you used an unique key in your query), you can use
echo $result_array[0]['institutename'];
Here it's I have a problem with my PHP Code + Oracle Login form.
In this PHP file, I make login function. But I have an error like this :
Warning: oci_num_rows() expects parameter 1 to be resource, string given in C:\xampp\htdocs\developers\it\session.php on line 12
Wrong
-
<?php
session_start();
include ("config.php");
$username = $_POST['username'];
$password = $_POST['password'];
$do = $_GET['do'];
if($do=="login")
{
$cek = "SELECT PASSWORD, USER_LEVEL FROM T_USERS WHERE USERNAME='$username' AND PASSWORD='$password'";
$result = oci_parse($conn, $cek);
oci_execute($result);
if(oci_num_rows($cek)==1)
{
$c = oci_fetch_array($result);
$_SESSION['username'] = $c['username']; ociresult($c,"USERNAME");
$_SESSION['USER_LEVEL'] = $c['USER_LEVEL']; ociresult($c,"USER_LEVEL");
if($c['USER_LEVEL']=="ADMINISTRATOR")
{
header("location:supervisor.php");
}
else if($c['user_level']=="User")
{
header("location:user.php");
}
else if($c['user_level']=="Root")
{
header("location:administrator.php");
}
else if($c['user_level']=="Manager")
{
header("location:manager.php");
}
else if($c['user_level']=="Admin")
{
header("location:admin.php");
}
else if($c['user_level']=="Director")
{
header("location:director.php");
}
}
else
{
echo "Wrong";
}
}
?>
I have tried to search in google, but still don't find anything.
Someone knows, what's the problem ?
Thanks for advance.
According to your script instead of
if(oci_num_rows($cek)==1)
you should call
if(oci_num_rows($result)==1)
You probably want to use $result and not $cek when you're asking for the number of rows returned from oci_num_rows(). However, you really want to avoid using $username and $password directly in the string like that. It'll make you wide open for SQL injection attacks, so look into using oci_parse together with oci_bind_by_name.
After that you should also always call exit() after the sequence of redirects, as the script will continue running if you don't (and that might be a security issue other places).
I also got the same case, so I tricked it with a script like this, but I don't know whether there was an impact or not. because the session and validation went smoothly.
$username =$_POST['username'];
$password = $_POST['password'];
$conn = oci_connect('xxx', 'xxx', 'localhost/MYDB');
$pass_encription = md5($password);
$query = "SELECT * from *table_name* WHERE *field1*='".$username."' and *field2*='".$password."'";
$result = oci_parse($conn, $query);
oci_execute($result);
$exe = oci_fetch($result);
if ($exe > 0)
{
oci_close($conn);
oci_execute($result);
$row =oci_fetch_array($result);
$sid = $row['field_1_parameter'];
$snama = $row['field_2_parameter'];
$sjab = $row['field_3_parameter'];
$session = array (
'field_1_array' =>$sid,
'field_2_array' =>$snama,
'field_3_array' =>$sjab
);
if($sjab == 'Administrator')
{
$this->session->set_userdata($session);
redirect('redirecting_page');
}
`