•  28-09-2022
  •  | 
  •  

Question

I have been programming for years with various programming languages. I also have some experience with markup and scripting languages. I am new to PHP though. I am trying to fix my dad's website for him and I'm learning a lot as I go. I have fixed much of it but am currently stuck. A upgrade to the PHP host that my dad uses from 5.1 to 5.4 broke the website. I noticed that one of the changes is that variables needed to be defined now. The database is updating to not be link to the picture any longer. Here is the PHP:

if ($act=="update"){
    $id = $_POST['id'];
    $email = $_POST['email'];
    $aim = $_POST['aim'];
    $icq = $_POST['icq'];
    $yahoo = $_POST['yahoo'];
    $homepage = $_POST['homepage'];
    $myip = $_POST['myip'];

    if (!$myip) 
        $myip = $ip;

    $email2 = $_POST['email2'];
    $password = $_POST['password'];
    $title = $_POST['title'];
    $download = $_POST['download'];
    $approved = $_POST['approved'];
    $allowdelete = $_POST['allowdelete'];
    $author = $_POST['author'];
    $facebook = $_POST['facebook'];

    if (isset($_POST['piclink'])) 
        $piclink = $_POST['piclink'];

    $domain = $_POST['domain'];
    $option3 = $_POST['option3'];
    $secret = $_POST['secret'];

    if (isset($piclink)){
        $picfile = "";
        $download = "0";
        $domain = parse_url_domain($piclink);
    }

    $myip = $_REQUEST['ip'];

    if (!$myip) 
        $myip = $ip;

    $email=addslashes($email);
    $aim=addslashes($aim);
    $icq=addslashes($icq);
    $yahoo=addslashes($yahoo);
    $homepage=addslashes($homepage);
    $picfile=addslashes($picfile);

    if (isset($dt))
        $dt=addslashes($dt);

    $myip=addslashes($myip);
    $email2=addslashes($email2);
    $password=addslashes($password);
    $title=addslashes($title);
    $download=addslashes($download);
    $approved=addslashes($approved);
    $allowdelete=addslashes($allowdelete);
    $author=addslashes($author);
    $facebook=addslashes($facebook);
    $piclink=addslashes($piclink);
    $domain=addslashes($domain);
    $option3=addslashes($option3);
    $secret=addslashes($secret);

    //die("IP =".$myip);

    $q="update $table set     email='$email',aim='$aim',icq='$icq',yahoo='$yahoo',homepage='$homepage',picfile='$picfile'  ,ip='$myip',email2='$email2',password='$password',title='$title',download='$download',appro    ved='$approved',allowdelete='$allowdelete',author='$author',facebook='$facebook',piclink='$    piclink',domain='$domain',option3='$option3',secret='$secret' where id='$id'";
    $result=mysql_query($q);
    //dt='$dt' was removed from update as it blanked out date

}

if ($piclink) {
    $url1 = $piclink;
} else {
    $url1 = "http://plankingaround.com/pics/";  
    $url1 .= $picfile; 
}

Everything else updates except the piclink and/or picfile columns in the database.

Any help would be greatly appreciated!

Was it helpful?

Solution

It is considered extremely bad practice to use mysql. You should upgrade the mysql -> mysqli... this will help you prevent SQL Injection, and solve some of your problems. As mysql will soon by deprecated with newer PHP updates.

Here is an example of how to do this:

 $query = "UPDATE $table 
      SET 
           email=?, 
           aim=?, 
           icq=?, 
           yahoo=?, 
           homepage=?, 
           picfile=?, 
           ip=?, 
           email2=?, 
           password=?, 
           title=?, 
           download=?, 
           approved=?, 
           allowdelete=?, 
           author=?, 
           facebook=?, 
           piclink=?, 
           domain=?, 
           option3=?, 
           secret=? 
      WHERE id=?";

if($stmt = $mysqli->prepare($query)){
    $stmt->bind_param('sssssssssssssssssssi', $email, $aim, $icq, $yahoo, $homepage, $picfile, $myip, $email2, $password, $title, $download, $approved, $allowdelete, $author, $facebook, $pic link, $domain, $option3, $secret, $id);
    $stmt->execute();
}else die("Failed to prepare stmt");

OTHER TIPS

It's not what you have asked but site you are working has a serious security issue - SQL Injection.

http://shiflett.org/blog/2006/jan/addslashes-versus-mysql-real-escape-string

Following part of that update SQL would fail:

appro    ved='$approved',

You can echo the error with mysql_error(), right after mysql_query($q);

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top