1

Somehow when moving a site to a newer server, the php code broke. We did have it tested with a temporary site first, but it still broke.

All of the dynamic links for listings no longer work. I have a next button that does nothing except change the url. It still shows page 1 of 5 when you click next. I do know that something is right though, because at the top of this page, it gets the number of records and displays it from the database.

I've heard this code is old and that a new site is being made altogether, so all I need to do is fix the errors. I don't need to re-do the entire page, since it would be a waste of time. They will be scrapping it in the next couple months anyway.

I'm more of a .NET developer, so I'm not even really sure how to error check a PHP site. Here is the code that is broken and the function that defines those variables.

<?php
echo "<br>\n";
echo "<strong>";
if($page_num > 1) {
    $prev_page = $cur_page - 1;
    echo "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;";
    echo "<A HREF=\"$PHP_SELF?action=list_records&sort_order=$org_sort_order&order_by=$order_by&cur_page=$prev_page$search_link\">&lt;&lt; Previous</A>\n";
 }
if($page_num <  $total_num_page) {
    $next_page = $cur_page + 1;
    $last_page = $total_num_page - 1;
    echo "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;";
    echo "<A HREF=\"$PHP_SELF?action=list_records&sort_order=$org_sort_order&order_by=$order_by&cur_page=$next_page$search_link\">Next &gt;&gt;</A>";
 }
 echo "</strong>";
?>



function list_records() {global $tbl_units, $tbl_members;
global $unit_array, $location_array;
global $default_sort_order, $default_order_by, $records_per_page;
global $sort_order, $order_by, $cur_page, $search_db, $search_txt, $search_link;
global $PHP_SELF;

$query = "SELECT count(*) FROM $tbl_units 
                    INNER JOIN $tbl_members ON   $tbl_units.memberid = $tbl_members.username 
                    WHERE $tbl_members.status = 'Active' AND $tbl_units.status = 'Available' $search_db";
$result = mysql_query($query);
if(!$result) error_message(sql_error());

$query_data = mysql_fetch_row($result);
$total_num_user = $query_data[0];
$page_num = $cur_page + 1;
$total_num_page = $last_page_num 
              = ceil($total_num_user/$records_per_page);

if($total_num_user > 0) {
    echo "<CENTER><H3>$total_num_user unit(s) found. ";
    echo "Displaying the page $page_num out of $last_page_num.</H3></CENTER>\n";
} else {
    echo "<CENTER><div class='vacancy'>No vacancies at this time!</div></CENTER>\n";
}

if(!empty($search_txt)) echo $search_txt;

if(empty($order_by)) {
    $order_by_str = "ORDER BY $default_order_by";
    $order_by = $default_order_by;
}
else $order_by_str = "ORDER BY $order_by";

if(empty($sort_order)) {
    $sort_order_str = $org_sort_order = $default_sort_order;
    $hold_order = $sort_order;
    $sort_order = 'DESC';
}
else {
    $sort_order_str = $org_sort_order = $sort_order;
    $hold_order = $sort_order;
    if($sort_order == 'DESC') $sort_order = 'ASC';
    else $sort_order = 'DESC';
}

if(empty($cur_page)) {
    $cur_page = 0;
}

$limit_str = "LIMIT ". $cur_page * $records_per_page . ", $records_per_page";
$query = "SELECT $tbl_units.* FROM $tbl_units 
                    INNER JOIN $tbl_members ON $tbl_units.memberid = $tbl_members.username 
                    WHERE $tbl_members.status = 'Active' AND $tbl_units.status = 'Available' $search_db 
                    $order_by_str $sort_order_str $limit_str";
$result = mysql_query($query);   
if(!$result) error_message(sql_error());

If someone can help me figure out how to get my links to work, I would really appreciate it! I've tried a couple things here and there, but I can't get the page to redirect to the next page of results.

hakre
  • 193,403
  • 52
  • 435
  • 836
Jamie
  • 1,579
  • 8
  • 34
  • 74
  • 1
    "I'm more of a .NET developer, so I'm not even really sure how to error check a PHP site." Find the PHP error log (php_error.log) which is defined in the site's php.ini file. – Grambot Jan 18 '13 at 20:18
  • 1
    Did the old site have `register_globals` on by any chance? Make a new `info.php` file containing only ` – DCoder Jan 18 '13 at 20:20
  • 1
    Add `error_reporting(-1); ini_set('display_startup_errors', 1); ini_set('display_errors', 1);` at the beginning of the file and reload the page, you should get at least a warning if not an error. – David Kuridža Jan 18 '13 at 20:44
  • Thanks! I made a test.php, added the error_reporting (since IS has error reporting on the server turned off) and included the file that has the issues. It showed me this: `mysql_query(): No connection could be made because the target machine actively refused it.` Looks like the newer version of PHP doesn't like the sql query? – Jamie Jan 18 '13 at 21:17
  • 2
    No, you have problems connecting to MySQL itself. Check connection configuration and try connecting directly via command line for example. Did you upgrade MySQL as well? Also, check `bind-address` in my.cnf. – David Kuridža Jan 18 '13 at 21:38
  • I'm certain that the MySQL database hasn't changed at all. I will look for bind-address and try connecting the way you suggested @DavidKuridža, thank you – Jamie Jan 18 '13 at 21:47

1 Answers1

1

To put this into terms you'd understand: This is like taking a .NET 1.0 site and slapping it into a .NET 4.5 environment. [probably worse]

Some things that are breaking it:

  1. IIRC $PHP_SELF was deprecated long ago, $_SERVER['PHP_SELF'] should be equivalent, but should not be used like this unless you like XSS attacks.
  2. All those global variable declarations make me sad.
  3. Everything in #2 and the URLs being generated leads me to believe that this script was created with register_globals = On, which is horridly insecure and should be fixed. [it's Off by default since at least 5.0 and should never be turned on.] Use $_GET and/or $_POST superglobal arrays and validate your inputs.
  4. Aside from mysql_* functions being in the process of being deprecated, the way you're using them has you wide open to SQL injection. Parameterized queries with mysqli or PDO will help protect you from this.

Fixing those issues, will make the page work, but really you should just have someone rewrite it from scratch. Even for PHP 4 this code makes me feel all barfy.

Sammitch
  • 30,782
  • 7
  • 50
  • 77
  • Don't worry, this site isn't staying up long. It's getting a redesign in a little while. :) I didn't write it, I was just called on to fix it. Sigh. I will take your notes and continue working. Thanks! – Jamie Jan 18 '13 at 22:24