Hi all,
Im reposting this question to the database forum as I think it may be a more appropriate place for it. . .

Im having some trouble with the following code. It seems to work fine with php4 but not php5. When the code runs on php5, instead of the values of the variables getting stored in the database, Im getting the variable name stored instead. Can anyone tell me what's going on? Also I should point out that the system that ran the code fine was winxp, apache2x, php4.4.3 and mysql versions 4.1 and 5. The system im having trouble getting it to work on is a fedora core 4 server, apache 2x, php5 and mysql ver4.1.

Thanks
Jeremy

<?php

// include the configuration script
include("../admin/config.php");

// connect to the database
include("connection.php");

// $comment_id = $_REQUEST['comment_id']; // not used
$comment_name = $_REQUEST['comment_name'];
$comment_email = $_REQUEST['comment_email'];
$comment_url = $_REQUEST['comment_url'];
// $comment_date = $_REQUEST['comment_date']; // not used
$comment_related_entry = $_REQUEST['comment_related_entry'];
$comment_text = $_REQUEST['comment_text'];

$serv_remote = $_SERVER['REMOTE_ADDR'];

$comment_ip_address = gethostbyaddr($serv_remote);
$comment_hostname = gethostbyname($serv_remote);

$query = "
    INSERT INTO
        blog_comments
        (
            comment_date,
            comment_name,
            comment_email,
            comment_url,
            comment_text,
            comment_related_entry
        )
        values
        (
            NOW(),
            '$comment_name',
            '$comment_email',
            '$comment_url',
            '$comment_text',
            '$comment_related_entry'
        )";

//run the query
mysql_query($query, $link) or die (mysql_error());

//close the sql connection.
mysql_close($link);

//redirect back to control panel
header("location: ../detail.php?id=$comment_related_entry");

?> 

We can't test your application for you; please post a specific question, or include some more information, such as:

• All error messages you get, including those on the PHP error log (if display_errors off)
• The versions of things where it works
• The versions of things where it fails
• Any ideas you have as to why it may not work

Mark

NB: The above script contains many SQL injection vulnerabilities, if run with magic_quotes off.

Hi thanks for the reply.
Im relativly new to php etc, my apologies for a poorly formulated question.

• The versions of things where it works
  winxp, apache2x, php4.4.3 and mysql versions 4.1 and 5.

• The versions of things where it fails
  fedora core 4 server, apache 2x, php5 and mysql ver4.1

• Any ideas you have as to why it may not work
  .. I suspect it may have somthing to do with differences in the way php deals with variables between versions 4 and 5, also possibly to do with differences between php/mysql on linux vs windows (I think this may be less likly though ...)

for example,
in a variable that holds a query statement,

$query = "SELECT '$var1' from '$var2';"

Where $var1 = '*' and $var2 = 'table'

Are there any differences in the way that php interprets the string between versions 4 and 5?

PHP4 seems to interpret $query as

SELECT * from table;

and Im guessing that PHP5 is reading $query as

SELECT $var1 from $var2;

Im hoping somone with more experience than I could give some indication that this may or may not be the case.

• All error messages you get, including those on the PHP error log (if display_errors off)
  I dont have access to the php error log at the moment ..

Thanks
Jeremy

Obviously what is happening is that the string quoting syntax varies from one php version to another. In php 4 embedding a $var in a double-quoted string is ok because the $var gets substituted with the var value. Apparently in php 5 this has changed and the $var is not interpretted, I say apparently cos I don't use php 5.

Now, this just goes to prove my point that you all need to stop being lazy and use explicit string concatenation no matter what quoting syntax you choose.

$query = "
    INSERT INTO
        blog_comments
        (
            comment_date,
            comment_name,
            comment_email,
            comment_url,
            comment_text,
            comment_related_entry
        )
        values
        (
            NOW(),
            '" . $comment_name . "',
            '" . $comment_email . "',
            '" . $comment_url . "',
            '" . $comment_text . "',
            '" . $comment_related_entry . "'
        )";

Not only does that make your code far more legible and hence maintainable, it looks like it also makes your code 'future-proof'. Bad coding habits are bug-vectors.

Thanks for the suggestion Mr.Ramjet!
Ill try it out later today.

Best Regards
Jeremy

No, string interpretation has NOT change from PHP4 to PHP5 - I use this in PHP5 all the time.

The error you're making is developing your application on a different OS to the one you host it on.

Get the same versions of everything on your development server, then you'll have access to the logs etc.

If you are not competent to set up a dev server with a given OS (say Linux), then you shouldn't be using one in a production environment - it is unreasonable to assume that an application will work with totally different versions of everything.

Mark

Ah! Now I was surprised at the idea that something as basic as string interpretation had changed. I just took Jeremy's word for it - assuming he had done the fundamentals like echo the query string.

Still, it is a non-problem if you just use explicit string-concatenation whatever the version or platform. Yet another justification for my pedantry over something as 'trivial' as string quoting.