works in php4 but not php5 ...?!?

Jeremy_North

Hi all,
Im having some trouble with the following code. It seems to work fine with php4 but not php5. When the code runs on php5, instead of the values of the variables getting stored in the database, Im getting the variable name stored instead. Can anyone tell me what's going on?


$query = "
	INSERT INTO 
		blog_comments 
		( 
			comment_date, 
			comment_name, 
			comment_email, 
			comment_url, 
			comment_text, 
			comment_related_entry
		)
        values 
		( 
			NOW(), 
			'$comment_name', 
			'$comment_email', 
			'$comment_url', 
			'$comment_text', 
			'$comment_related_entry'
		)";

//run the query
mysql_query($query, $link) or die (mysql_error());

MarkR

Without seeing the rest of your script, it is impossible to know what the problem is. I assume that all these variables $comment_name etc are being properly captured, validated and escaped etc, before you do the insert?

Mark

Houdini

From where do $comment_name, $comment_email, $comment_url, $comment_text, $comment_related_entry come.

Jeremy_North

Sorry about that....

The variables are comming from a form on a web page. Ive posted the entire script below.

In the place of an actual comment, what is getting submitted to the database is the text: comment_text.

As mentioned, this script works fine with php 4.4.3, but not with php5.

Thanks
Jeremy

<?php

// include the configuration script
include("../admin/config.php");

// connect to the database
include("connection.php");

// $comment_id = $_REQUEST['comment_id']; // not used
$comment_name = $_REQUEST['comment_name'];
$comment_email = $_REQUEST['comment_email'];
$comment_url = $_REQUEST['comment_url'];
// $comment_date = $_REQUEST['comment_date']; // not used
$comment_related_entry = $_REQUEST['comment_related_entry'];
$comment_text = $_REQUEST['comment_text'];

$serv_remote = $_SERVER['REMOTE_ADDR'];

$comment_ip_address = gethostbyaddr($serv_remote);
$comment_hostname = gethostbyname($serv_remote);

$query = "
	INSERT INTO 
		blog_comments 
		( 
			comment_date, 
			comment_name, 
			comment_email, 
			comment_url, 
			comment_text, 
			comment_related_entry
		)
        values 
		( 
			NOW(), 
			'$comment_name', 
			'$comment_email', 
			'$comment_url', 
			'$comment_text', 
			'$comment_related_entry'
		)";

//run the query
mysql_query($query, $link) or die (mysql_error());

//close the sql connection.
mysql_close($link);

//redirect back to control panel
header("location: ../detail.php?id=$comment_related_entry");

?>