i switched host and went from php 4 to php 5. I don't get the if statement to work

if ($go=="edit") }

gives me a blank page.

<?
include ("header.php");
if ($go=="edit") {
	$queryconf = "select * from news_config";
	$qryconf = @mysql_query($queryconf,$connect) or die ("Wrong Query");
	$rowconf = mysql_fetch_array ($qryconf);

?>
&nbsp;<br />
<table width="500" border="0" cellspacing="0" cellpadding="1" bgcolor="#9D9D00" align="center">
  <tr>
    <td>

<table width="500" border="0" cellspacing="2" cellpadding="2" align="center" bgcolor="#E7E7CF">
  <tr>
    <td colspan="2" align="center" class="newstitle">SITE CONFIGURATION</td>
  </tr>
  <form action="?go=process" method="post" name="configform">
  <tr bgcolor="#C6C68C">
    <td width="150">[META] Keyword
	<div class="newsdate">saparate by comma</div>
	</td>
	<td>&nbsp; <textarea name="keyword" cols="55" rows="3" class="textbox"><? echo "$rowconf[keyword]"; ?></textarea></td>
  </tr>
  <tr bgcolor="#C6C68C">
    <td>[META] Description
	<div class="newsdate"></div>
	</td>
	<td>&nbsp; <textarea name="description" cols="55" rows="3" class="textbox"><? echo "$rowconf[description]"; ?></textarea></td>
  </tr>
  <tr bgcolor="#C6C68C">
    <td>Site Title
	</td>
	<td>&nbsp; <input type="text" name="site_title" size="56" value="<? echo "$rowconf[site_title]"; ?>" class="textbox"></td>
  </tr>
  <tr bgcolor="#C6C68C">
    <td>Site Slogan
	</td>
	<td>&nbsp; <input type="text" name="site_slogan" size="56" value="<? echo "$rowconf[site_slogan]"; ?>" class="textbox"></td>
  </tr>
  <tr bgcolor="#C6C68C">
    <td>How many news on page
	</td>
	<td>&nbsp; <input type="text" name="numnews" size="2" value="<? echo "$rowconf[numnews]"; ?>" class="textbox" maxlength="2"></td>
  </tr>
  <tr bgcolor="#C6C68C">
    <td>Max. news photo size
	</td>
	<td>&nbsp; <input type="text" name="maxgfx" size="7" value="<? echo "$rowconf[maxgfx]"; ?>" class="textbox" maxlength="7"> bytes</td>
  </tr>
  <tr bgcolor="#C6C68C">
    <td>Allow click count on news page
	<div class="newsdate">
	Current: <b>
	<?
	if ($rowconf[allow_click] == 1) {
		echo "Yes";
	} else {
		echo "No";
	}
	?>
	</b></div>
	</td>
	<td>&nbsp; <input type="checkbox" value="1" name="allow_click" checked> Yes</td>
  </tr>
  <tr bgcolor="#C6C68C">
    <td>Allow user comment
	<div class="newsdate">
	Current: <b>
	<?
	if ($rowconf[allow_com] == 1) {
		echo "Yes";
	} else {
		echo "No";
	}
	?>
	</b></div>
	</td>
	<td>&nbsp; <input type="checkbox" value="1" name="allow_com" checked> Yes</td>
  </tr>
  <tr bgcolor="#C6C68C">
    <td>If comment is allowed, it must
	<div class="newsdate">
	Current: <br /><b>
	<?
	if ($rowconf[auto_com] == 1) {
		echo "Permited by administrator";
	} else {
		echo "Didn't need verify by administrator";
	}
	?>
	</b></div>
	</td>
	<td>&nbsp; <input type="radio" value="1" name="auto_com" checked> Verify by administrator<br>
	&nbsp; <input type="radio" value="0" name="auto_com"> Didn't need verify by administrator</td>
  </tr>
  <tr bgcolor="#C6C68C">
    <td>Max. comment
	</td>
	<td>&nbsp; <input type="text" name="max_com" size="7" value="<? echo "$rowconf[max_com]"; ?>" class="textbox" maxlength="5"> characters</td>
  </tr>
  <tr bgcolor="#C6C68C">
    <td>News date format
	<div class="newsdate">Curent: <br /><b>
	<?
	print date("$rowconf[date_format]");
	?></b></div>
	</td>
	<td><div class="newsdate">&nbsp; <input type="text" name="date_format" size="12" value="<? echo "$rowconf[date_format]"; ?>" class="textbox">
	 &nbsp; ex: <b>d F Y h:i a</b> for <? print date("d F Y h:i a"); ?></div></td>
  </tr>
  <tr>
    <td align="center" colspan="2">
	<input type="submit" value="Update" class="boxlook"> &nbsp; 
	<input type="reset" value="Reset" class="boxlook">
	</td>
  </tr>
  </form>
</table>
</td>
  </tr>
</table>
<? 
} 
if ($go=="process") {
	@mysql_query("update news_config set keyword='$keyword',description='$description',site_title='$site_title',site_slogan='$site_slogan',numnews='$numnews',maxgfx='$maxgfx',allow_click='$allow_click',allow_com='$allow_com',auto_com='$auto_com',max_com='$max_com',date_format='$date_format'") or die ("There's something wrong");
	echo "&nbsp;<center>Updating site configuration was success<br>
	Please wait for a second, or <a href=\"?go=edit\">click here</a> if your browser doesn't refresh automatically";
	echo "<meta http-equiv=\"refresh\" content=\"1;URL=?go=edit\">";
}

include ("footer.php");
?>

Any help would be great!
thanks
S.

    1. When posting PHP code, please use the [PHP][/PHP] bbcode tags (not just the CODE tags) as they make your code much easier to read and analyze.

    2. You should never use the deprecated '<?' (or '<?=$var?>') short tags - change all of these to the standard '<?php' tags.

    3. Where is $go ever defined? If you're trying to access a variable from the query string (e.g. "?go=edit"), then use the $_GET[/man] superglobal. More information on these variables can be found here: [man]varibles.predefined[/man]. It looks like your script depended upon register_globals, which has long ago been deprecated in light of security exploits.

    4. Array indexes should be strings (unless you really know what a [man]constant[/man] is and are intended to use one), so code such as $rowconf[allow_click] isn't correct. Use strings for your indexes (e.g. ['allow_click']).

    5. User-supplied data should never be placed directly into a SQL query! Escape it first with a function such as [man]mysql_real_escape_string/man.

      thanks,
      thats why i'm called a newbie 😉

      The code was provided to me last year from an opensource code. I don't even know why the actual coder is, i only know it worked on my site.
      You basicly tell me the scripts has security issues and should be completly rewritten?

      thanks for the advise.
      S.

        Yeah, that script is either quite old or written by someone who is not up-to-date with PHP versions and configuration defaults for the last 3 years or so. Your two biggest problems right now are the register_globals issue and SQL injection potential. For the former, you need to set variables such as $go, $keyword, $description, and any others that are intended to come from user inputs to be set from the appropriate super-global array value (probably $POST or $GET). For the latter you need to use [man]mysql_real_escape_string/man on any user-supplied values before putting them into a MySQL query string.

          sorry i should've explained that this particlar code is part of a bigger admin part and only an admin can access this page.

          conf.php?go=edit

            So you will need to either reference $GET['go'] instead of $go in your script, or if that is too much of a pain then set $go = $GET['go'] at the top of the script before any other reference is made to $go. This might be true of other variables if they come from the query string, or if they come from a form that uses the "post" method then from the $_POST array.

            Or if you are able to change the PHP configuration you could "cheat" and turn register_globals on, but then the default was changed to off many versions (and several years) ago for a reason.

              thanks!
              i think im to much of a newbie to go thru the entire code. i added $_GET['go'] and the site configuration shows. Editing and updating the page: COLOR="Blue"[/COLOR] doesn't get stored in the database.

              I think its better to look for a more updated and secure news system.
              :bemused:

                I agree. 🙂 Look for one that says it supports PHP 5, and see if you can ascertain from its documentation or by asking the provider if it is designed to run without register_globals.

                  thanks, it sucks since most news systems seem to miss something.

                  hey, shouldn't u be at BonJovi tonite 😉

                    soulburn wrote:

                    ...
                    hey, shouldn't u be at BonJovi tonite 😉

                    Nah, I'm too old. I'm from the Pink Floyd / Yes / Genesis generation.

                      Write a Reply...