Converting old register_globals code
Results 1 to 11 of 11

Thread: Converting old register_globals code

  1. #1
    Junior Member
    Join Date
    Mar 2014
    Posts
    10

    Converting old register_globals code

    I am a newb working on some old code written written by a retired colleague. We use the site internally every day, but it requires register_globals so we are stuck on the old PHP. So far I have made various levels of progress with PHP 5. Someone wrote some wrapper code for me to switch to PDO. But my latest problem is all of the extract() calls fail.

    PHP Code:
    $tablename $_REQUEST['tablename'];

    $name  ucfirst($tablename);
    $normal strpos($tablename'surplus');

    // Config: Database lookup using 'tablename'
    $info_hash getAssetInfo($tablename);

    var_dump($info_hash);

    // Auto Set Variable Names Based on Column Names
    extract($info_hash); 
    Code:
    object(DBIDataRow)#6 (1) { ["container":protected]=> array(24) { ["asset_info_id"]=> string(1) "3" [0]=> string(1) "3" ["table_name"]=> string(8) "customer" [1]=> string(8) "customer" ["col1"]=> string(11) "customer_id" [2]=> string(11) "customer_id" ["col2"]=> string(8) "lastname" [3]=> string(8) "lastname" ["template"]=> string(2) "no" [4]=> string(2) "no" ["required"]=> string(27) "lastname,groupname,building" [5]=> string(27) "lastname,groupname,building" ["defaults"]=> string(49) "lastname,firstname,groupname,building,email,phone" [6]=> string(49) "lastname,firstname,groupname,building,email,phone" ["log_max"]=> string(1) "3" [7]=> string(1) "3" ["dropfield"]=> string(32) "lastname,groupname,building,room" [8]=> string(32) "lastname,groupname,building,room" ["sort_default"]=> string(0) "" [9]=> string(0) "" ["protect"]=> string(4) "NEMS" [10]=> string(4) "NEMS" ["date_mod"]=> string(19) "2006-03-06 15:54:05" [11]=> string(19) "2006-03-06 15:54:05" } } Warning: extract() expects parameter 1 to be array, object given in /var/www/html/ebony/irm4/users/general-index.php on line 53 Notice: Undefined variable: required in /var/www/html/ebony/irm4/users/general-index.php on line 56 Notice: Undefined variable: defaults in /var/www/html/ebony/irm4/users/general-index.php on line 57 Notice: Undefined variable: dropfield in /var/www/html/ebony/irm4/users/general-index.php on line 58 Notice: Undefined variable: display in /var/www/html/ebony/irm4/users/general-index.php on line 66 Notice: Undefined variable: display in /var/www/html/ebony/irm4/users/general-index.php on line 68object(DBIDataRow)#6 (1) { ["container":protected]=> array(24) { ["asset_info_id"]=> string(1) "3" [0]=> string(1) "3" ["table_name"]=> string(8) "customer" [1]=> string(8) "customer" ["col1"]=> string(11) "customer_id" [2]=> string(11) "customer_id" ["col2"]=> string(8) "lastname" [3]=> string(8) "lastname" ["template"]=> string(2) "no" [4]=> string(2) "no" ["required"]=> string(27) "lastname,groupname,building" [5]=> string(27) "lastname,groupname,building" ["defaults"]=> string(49) "lastname,firstname,groupname,building,email,phone" [6]=> string(49) "lastname,firstname,groupname,building,email,phone" ["log_max"]=> string(1) "3" [7]=> string(1) "3" ["dropfield"]=> string(32) "lastname,groupname,building,room" [8]=> string(32) "lastname,groupname,building,room" ["sort_default"]=> string(0) "" [9]=> string(0) "" ["protect"]=> string(4) "NEMS" [10]=> string(4) "NEMS" ["date_mod"]=> string(19) "2006-03-06 15:54:05" [11]=> string(19) "2006-03-06 15:54:05" } } Warning: extract() expects parameter 1 to be array, object given in /var/www/html/ebony/irm4/users/general-index.php on line 53 Notice: Undefined variable: required in /var/www/html/ebony/irm4/users/general-index.php on line 56 Notice: Undefined variable: defaults in /var/www/html/ebony/irm4/users/general-index.php on line 57 Notice: Undefined variable: dropfield in /var/www/html/ebony/irm4/users/general-index.php on line 58 Notice: Undefined variable: display in /var/www/html/ebony/irm4/users/general-index.php on line 66 Notice: Undefined variable: display in /var/www/html/ebony/irm4/users/general-index.php on line 68object(DBIDataRow)#6 (1) { ["container":protected]=> array(24) { ["asset_info_id"]=> string(1) "3" [0]=> string(1) "3" ["table_name"]=> string(8) "customer" [1]=> string(8) "customer" ["col1"]=> string(11) "customer_id" [2]=> string(11) "customer_id" ["col2"]=> string(8) "lastname" [3]=> string(8) "lastname" ["template"]=> string(2) "no" [4]=> string(2) "no" ["required"]=> string(27) "lastname,groupname,building" [5]=> string(27) "lastname,groupname,building" ["defaults"]=> string(49) "lastname,firstname,groupname,building,email,phone" [6]=> string(49) "lastname,firstname,groupname,building,email,phone" ["log_max"]=> string(1) "3" [7]=> string(1) "3" ["dropfield"]=> string(32) "lastname,groupname,building,room" [8]=> string(32) "lastname,groupname,building,room" ["sort_default"]=> string(0) "" [9]=> string(0) "" ["protect"]=> string(4) "NEMS" [10]=> string(4) "NEMS" ["date_mod"]=> string(19) "2006-03-06 15:54:05" [11]=> string(19) "2006-03-06 15:54:05" } } Warning: extract() expects parameter 1 to be array, object given in /var/www/html/ebony/irm4/users/general-index.php on line 53 Notice: Undefined variable: required in /var/www/html/ebony/irm4/users/general-index.php on line 56 Notice: Undefined variable: defaults in /var/www/html/ebony/irm4/users/general-index.php on line 57 Notice: Undefined variable: dropfield in /var/www/html/ebony/irm4/users/general-index.php on line 58 Notice: Undefined variable: display in /var/www/html/ebony/irm4/users/general-index.php on line 66 Notice: Undefined variable: display in /var/www/html/ebony/irm4/users/general-index.php on line 68

  2. #2
    Pedantic Curmudgeon Weedpacket's Avatar
    Join Date
    Aug 2002
    Location
    General Systems Vehicle "Thrilled To Be Here"
    Posts
    21,840
    Your problem has nothing to do with register_globals; you've already dealt with that by using $_REQUEST.

    Your problem is probably because you're using extract on a DBIDataRow object (however that's defined) instead of using that object's methods to get at its contents. There may, for example, be one that provides something you can use for the value of $display.
    THERE IS AS YET INSUFFICIENT DATA FOR A MEANINGFUL ANSWER
    FAQs! FAQs! FAQs! Most forums have them!
    Search - Debugging 101 - Collected Solutions - General Guidelines - Getting help at all

  3. #3
    Junior Member
    Join Date
    Mar 2014
    Posts
    10
    Quote Originally Posted by Weedpacket View Post
    Your problem has nothing to do with register_globals; you've already dealt with that by using $_REQUEST.

    Your problem is probably because you're using extract on a DBIDataRow object (however that's defined) instead of using that object's methods to get at its contents. There may, for example, be one that provides something you can use for the value of $display.
    Thanks, here is the PDO stuff that was written for me:

    PHP Code:
    <?php

    class DBIStatement extends \PDOStatement
    {
        public function 
    fetchrow_hash()
        {
            
    $rows $this->fetchAll();
            return (
    count($rows) == 1) ? new DBIDataRow($rows[0]) : new DBIDataRow(array());
        }
        public function 
    fetchrow_array()
        {
            
    $rows $this->fetchAll(\PDO::FETCH_NUM);
            return (
    count($rows) == 1) ? $rows[0] : array();
        }
        public function 
    finish() { }
    }
    class 
    DBI
    {
        public 
    $dbh;
        
        public function 
    __construct($type$host$name$user$pass)
        {   
            
    $dsn sprintf('%s:host=%s;dbname=%s',$type,$host,$name);
            
    $this->dbh = new \PDO($dsn,$user,$pass,array(
                \
    PDO::ATTR_ERRMODE,           PDO::ERRMODE_EXCEPTION,
                \
    PDO::ATTR_DEFAULT_FETCH_MODE,PDO::FETCH_ASSOC,
            ));
            
    $this->dbh->setAttribute(\PDO::ATTR_STATEMENT_CLASS,array('DBIStatement'));
        }
        public function 
    prepare($sql)
        {
            return 
    $this->dbh->prepare($sql);
        }
    }
    class 
    DBIDataRow implements \ArrayAccess,\Countable
    {
        protected 
    $container;
        
        public function 
    __construct(Array $data) { $this->container $data; }
        
        public function 
    __get($offset)
        {
            return isset(
    $this->container[$offset]) ? $this->container[$offset] : null;
        }
        public function 
    __set($offset,$value)
        {
            
    $this->container[$offset] = $value;
            return 
    $this;
        }
        public function 
    offsetSet($offset$value
        {    
            
    $this->container[$offset] = $value;
            return 
    $this;
        }
        public function 
    offsetExists($offset
        {
            return isset(
    $this->container[$offset]);
        }
        public function 
    offsetUnset($offset
        {
            unset(
    $this->container[$offset]);
        }
        public function 
    offsetGet($offset
        {
            return isset(
    $this->container[$offset]) ? $this->container[$offset] : null;
        }
        public function 
    count() 
        { 
            return 
    count($this->container); 
        }
    }

    ?>

  4. #4
    Pedantic Curmudgeon Weedpacket's Avatar
    Join Date
    Aug 2002
    Location
    General Systems Vehicle "Thrilled To Be Here"
    Posts
    21,840
    So you'd refer to things like $info_hash->container['asset_info_id'] and the other items named in that dump. None of them are 'display', however, and it's currently anyone's guess where $display is supposed to gets its value from ($_REQUEST['display']? Did the old code return it from the database?)
    THERE IS AS YET INSUFFICIENT DATA FOR A MEANINGFUL ANSWER
    FAQs! FAQs! FAQs! Most forums have them!
    Search - Debugging 101 - Collected Solutions - General Guidelines - Getting help at all

  5. #5
    Junior Member
    Join Date
    Mar 2014
    Posts
    10
    Quote Originally Posted by Weedpacket View Post
    So you'd refer to things like $info_hash->container['asset_info_id'] and the other items named in that dump. None of them are 'display', however, and it's currently anyone's guess where $display is supposed to gets its value from ($_REQUEST['display']? Did the old code return it from the database?)
    I'll try to fill in a few more blanks.

    PHP Code:
    // Config: Database lookup using 'tablename'
    $info_hash getAssetInfo($tablename); 
    calls:

    PHP Code:
    <?php
    error_reporting
    (E_ALL);
    ini_set('display_errors''1');

    $tablename $_REQUEST['tablename'];

    function 
    getAssetInfo$tablename )
    {
      global 
    $USERPREFIX$adb;

      
    $query "SELECT * FROM asset_info WHERE table_name = '$tablename'";
      
    $sth $adb->prepare($query);
      
    $res $sth->execute() or die( mysql_error().': '.$query );
      
    $info $sth->fetchrow_hash();
      
    $sth->finish();

      return(
    $info);

    // End getAssetInfo

    ?>
    asset_info is a db table that determines the displayed default check boxes selected for each asset category to search.

    Next:

    PHP Code:
    $sort || $sort $sort_default;

    // Auto Set Variable Names Based on Column Names
    extract($info_hash);

    // Create Page title
    $name ucfirst($tablename);

    commonHeader("Daedalus $name - Search Results");

    // Call Function to Create Paged Information HTML Table
    $return  TrackingSearchView($tablename$logical$value$test$match$field,
                                  
    $sort$col1$col2$display$page$limit); 
    Which calls:


    PHP Code:
    <?php

    function TrackingSearchView($tablename$logical$value
                                
    $test$match$field,
                                
    $sort$col1$col2,
                                
    $display$page$limit)
    {

      include_once(
    "../include/func.strings");

      
    // Declare Global variables for database handle 
      
    global $adb$PHP_SELF;

      
    // Change Input Arrays to String
      
    if ( is_string($logical) ) $logical explode("|"$logical);
      if ( 
    is_string($value) )   $value   explode("|"$value);
      if ( 
    is_string($test) )    $test    explode("|"$test);
      if ( 
    is_string($match) )   $match   explode("|"$match);
      if ( 
    is_string($field) )   $field   explode("|"$field);
      if ( 
    is_string($display) ) $display explode("|"$display);

      
    // Setup Labels

      // Add to Display Array any Search Fields
       
    $dpy_field[] = $field[0];

       
    // Build $dpy_field array
       
    while ( ++$count count($value) ) {
        (
    $value[$count] != '') && $dpy_field[] = $field[$count];
       } 
    // End While

      // Build Display Array with Sort, Search and Display
    #  $labels_tmp = array_merge(array($col1,$col2,$sort), $dpy_field, $display);
      
    $labels_tmp array_merge($dpy_field$display);

      
    // Delete Duplicate Fields and Collapse Array
      
    $labels array_values(array_unique($labels_tmp));

      
    // Remove col1 from array
      
    if (in_array($col1$labels)) {
         
    $index array_search$col1$labels);
         
    array_splice($labels $index1);
      }

      
    // Remove col2 from array
      
    if (in_array($col2$labels)) {
         
    $index array_search$col2$labels);
         
    array_splice($labels $index1);
      }
      
    // Remove sort from array
      
    if (in_array($sort$labels)) {
         
    $index array_search$sort$labels);
         
    array_splice($labels $index1);
      }

      
    // Move comments to end of list
      
    if (in_array('comments'$labels)) {
         
    $index array_search'comments'$labels);
         
    array_splice($labels $index1);
         
    array_push($labels'comments');
      }

      
    // Move summary to end of list
      
    if (in_array('summary'$labels)) {
         
    $index array_search'summary'$labels);
         
    array_splice($labels $index1);
         
    array_push($labels'summary');
      }

      
    // Move contents to end of list
      
    if (in_array('contents'$labels)) {
         
    $index array_search'contents'$labels);
         
    array_splice($labels $index1);
         
    array_push($labels'contents');
      }

      
    // Only Add Sort if not equal to Col1 or Col2
      
    if ( $sort != $col1 && $sort != $col2 ) {
         
    $labels array_merge(array($sort), $labels); 
      } 

      
    //  Add Col1 and Col2 to Front of Array
      
    $display_labels array_merge(array($col1$col2), $labels);

      
    $logical_str implode("|"$logical);
      
    $value_str   implode("|"$value);
      
    $test_str    implode("|"$test);
      
    $match_str   implode("|"$match);
      
    $field_str   implode("|"$field);
      
    $display_str implode("|"$display_labels);

      if (!(
    $limit)){
      
    $limit 10;} // Default results per-page.
      
    if (!($page)){
      
    $page 0;} // Default page value.

      
    $link "$PHP_SELF?tablename=$tablename&logical=$logical_str&value=$value_str&test=$test_str&match=$match_str&field=$field_str&sort=$sort&col1=$col1&col2=$col2&display=$display_str";

      
    $link1 "$PHP_SELF?tablename=$tablename&logical=$logical_str&value=$value_str&test=$test_str&match=$match_str&field=$field_str&col1=$col1&col2=$col2&display=$display_str";


      
    // Setup Where Clause
      // -------------------------------------------

      
    if ( $match[0] == 'contains' ) {
        
    $value[0] = " '%$value[0]%' ";
      } else {
        
    $value[0] = " '$value[0]' ";
      } 

      
    $where $field[0] $test[0] $value[0] ";

      
    array_unshift($logical'');

      foreach ( 
    range(1count($test)) as $i) {
      
        if ( 
    $value[$i] == '' ) { continue; }

        if ( 
    $match[$i] == 'contains' ) {
           
    $value[$i] = " '%$value[$i]%' ";
        } else {
           
    $value[$i] = " '$value[$i]' ";
        } 
        
    $where .= $logical[$i] $field[$i] $test[$i] $value[$i] ";
      }

      
    // Setup Querys
      // -------------------------------------------
      
    $query_count "SELECT COUNT(*) 
                        FROM 
    $tablename 
                       WHERE 
    $where";

      
    $list implode(","$display_labels);

      
    $query_data "SELECT $list
              FROM 
    $tablename ";

      
    $query_data .= " WHERE $where ";

      
    $query_data .= " ORDER BY $sort ASC 
                   LIMIT 
    $page$limit";

      
    // -------------------------------------------

      
    $sth $adb->prepare($query_count);
      
    $res $sth->execute() or die( mysql_error().': '.$query_count );

      
    // Number of rows returned from above query.
      
    list($numrows) = $sth->fetchrow_array();

    if (
    $numrows == 0){
       return(
    1);
    }

    $pages intval($numrows/$limit); // Number of results pages.

    // $pages now contains int of pages, unless there is a remainder from division.

    if ($numrows%$limit) {
    $pages++;} // has remainder so add one page

    $current intval($page/$limit) + 1// Current page number.

    if (!isset($page) || $page 0) {
    $total 1;} // If $pages is less than one or equal to 0, total pages is 1.

    else {
    $total $pages;} // Else total pages is $pages value.

    $first $page 1// The first result.

    if (!((($page $limit) / $limit) >= $pages) && $pages != 1) {
    $last $page $limit;} //If not last results page, last result equals $page plus $limit.
     
    else{
    $last $numrows;} // If last results page, last result equals total number of results.

    //escape from PHP mode.
    ?>

    <table width="100%" border="0">
     <tr>
      <td class=white align="left">
    Results <b><?=$first?></b> - <b><?=$last?></b> of <b><?=$numrows?></b>
      </td>
      <td class=white align="center">

    Results per-page: <a href="<?=$link?>&page=<?=$page?>&limit=5">5</a> | 
                      <a href="<?=$link?>&page=<?=$page?>&limit=10">10</a> | 
                      <a href="<?=$link?>&page=<?=$page?>&limit=20">20</a> | 
                      <a href="<?=$link?>&page=<?=$page?>&limit=50">50</a> |
            <a href="<?=$link?>&page=<?=$page?>&limit=<?=$numrows?>">All</a>
      </td>
      <td class=white align="right">
    Page <b><?=$current?></b> of <b><?=$total?></b>
      </td>
     </tr>
    </table>

    <?
      
    //Go back into PHP mode.

      
    echo "<table width=100% border=1> <tr>";

      
    $label1 = ( $col1 == "${tablename}_id" ) ? 'ID' "$col1";
      
    $label2 = ( $col2 == "${tablename}_id" ) ? 'ID' "$col2";

      echo 
    "<th><a href=\"${link1}&sort=$col1\">"ucfirst("$label1"), "</a></th>";
      echo 
    "<th><a href=\"${link1}&sort=$col2\">"ucfirst("$label2"), "</a></th>";

      foreach (
    $labels as $label) {
         
    $label1 = ( $label == "${tablename}_id" ) ? 'ID' "$label";
         echo 
    "<th><a href=\"${link1}&sort=$label\">",ucfirst($label1),"</a></th>";
      }

      echo 
    "</tr>";

    // Now we can display results.

      
    $sth $adb->prepare($query_data);
      
    $results $sth->execute() or die( mysql_error().': '.$query_data );

    while (
    $data $sth->fetchrow_array($results)) {

      
    $data1 array_shift($data);
      
    $data2 array_shift($data);

      
    $form 'tracking-info.php';
      
    $anchor1 "<a href=\"$form?tablename=$tablename&ID=$data1\">$data1</a>";

    -->> 
    snip for length

  6. #6
    Junior Member
    Join Date
    Mar 2014
    Posts
    10
    This is a var_dump($info_hash); from the old working code:

    Code:
    array(12) { ["asset_info_id"]=> string(1) "5" ["table_name"]=> string(8) "tracking" ["col1"]=> string(2) "ID" ["col2"]=> string(6) "status" ["template"]=> string(2) "no" ["required"]=> string(0) "" ["defaults"]=> string(39) "date,assign,author,computer_id,contents" ["log_max"]=> string(1) "3" ["dropfield"]=> string(26) "id,status,assign,groupname" ["sort_default"]=> string(2) "ID" ["protect"]=> string(0) "" ["date_mod"]=> string(19) "2005-12-02 13:33:57" }
    And this from a var_dump inserted in the same spot with the PDO wrapper:

    Code:
    object(DBIDataRow)#6 (1) { ["container":protected]=> array(24) { ["asset_info_id"]=> string(1) "5" [0]=> string(1) "5" ["table_name"]=> string(8) "tracking" [1]=> string(8) "tracking" ["col1"]=> string(2) "ID" [2]=> string(2) "ID" ["col2"]=> string(6) "status" [3]=> string(6) "status" ["template"]=> string(2) "no" [4]=> string(2) "no" ["required"]=> string(0) "" [5]=> string(0) "" ["defaults"]=> string(39) "date,assign,author,computer_id,contents" [6]=> string(39) "date,assign,author,computer_id,contents" ["log_max"]=> string(1) "3" [7]=> string(1) "3" ["dropfield"]=> string(26) "id,status,assign,groupname" [8]=> string(26) "id,status,assign,groupname" ["sort_default"]=> string(2) "ID" [9]=> string(2) "ID" ["protect"]=> string(0) "" [10]=> string(0) "" ["date_mod"]=> string(19) "2005-12-02 13:33:57" [11]=> string(19) "2005-12-02 13:33:57" } }

  7. #7
    Junior Member
    Join Date
    Mar 2014
    Posts
    10
    $display is a boolean in our software table to determine if a record is "active" or archived. If archived it is not offered for selection to assign to a computer asset. So it only exists in one table, but the generic index builds the search page for any tablename.

  8. #8
    Junior Member
    Join Date
    Mar 2014
    Posts
    10
    Quote Originally Posted by Weedpacket View Post
    So you'd refer to things like $info_hash->container['asset_info_id'] and the other items named in that dump. None of them are 'display', however, and it's currently anyone's guess where $display is supposed to gets its value from ($_REQUEST['display']? Did the old code return it from the database?)
    If I try var_dump($info_hash->container['protected']; or var_dump($info_hash->container['table_name']; I get NULL.

  9. #9
    Junior Member
    Join Date
    Mar 2014
    Posts
    10
    I added FETCH_ASSOC to the PDO wrapper for fetchrow_hash and the array looks much closer to the old one.

  10. #10
    Junior Member
    Join Date
    Mar 2014
    Posts
    10
    Now my issue is with a boolean.

    PHP Code:
    // Now we can display results.

      
    $sth $adb->prepare($query_data);
      
    $results $sth->execute() or die( mysql_error().': '.$query_data );

    while (
    $data $sth->fetchrow_array($results)) {

      
    $data1 array_shift($data);
      
    $data2 array_shift($data);

      
    $form 'tracking-info.php';
      
    $anchor1 "<a href=\"$form?tablename=$tablename&ID=$data1\">$data1</a>";
     
      
    // Number of followups for ID
      
    $query1 "SELECT COUNT(*) FROM followups WHERE tracking = $data1";
      
    $sth1 $adb->prepare($query1); 
      
    $res1 $sth1->execute() or die( mysql_error().': '.$query1 );
      list(
    $followups) = $sth1->fetchrow_array();

      echo 
    "<tr>";

      echo 
    "<td>$anchor1</td>";

      
    $value2 $data2 "$data2 [$followups]" "&nbsp;";
      echo 
    "<td>$value2</td>";

       foreach (
    $data as $value) {    
          
    $value $value "$value"&nbsp;";
          
    $value snippet($value500);
          echo 
    "<td>$value</td>";
       }   
       echo 
    "</tr>";

    In the old code $results = int(1) and in the new it is boolean(true). So the while loop seems to fail, and no results are displayed. At least I think I have it narrowed to that.

  11. #11
    Junior Member
    Join Date
    Mar 2014
    Posts
    10
    Meh, now it seems that $data never gets set to begin with so I have to track that down. I think it's back to the PDO DBI wrapper again.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •