Error message when using PHP with MySQL.

Wow! Good luck with that!

Are you using any global variables in your code? In other words, variable submitted via a “GET” in the address itself? The error message refers to this. Security was much improved in PHP 5.

This (=what gives the error) code is included in index.php, which uses ?p=page to know which page to include.
This is that code:

<? if(isset($_GET[‘p’])) {
if(file_exists(“includes/” .$_GET[‘p’]. ”.inc.php”)) {
include(“includes/” .$_GET[‘p’]. ”.inc.php”);
} else {
include(“includes/404.inc.php”);
}
} elseif(!isset($_GET[‘p’])) {
include(“includes/home.inc.php”);
}
?>

(bit messy, Fluther doesn’t allow tabs)

so he should revert to the “POST” command? been some time since i worked php….and i didn’t like it

Can you link the page that’s actually rendering the PHP? Not just the source, Please.

@iwamoto:

—-

How it used to be:
http://mysite.com/index.php?somevar=value

echo $somevar;

—-

The default security settings now require this:
http://mysite.com/index.php?somevar=value

echo $_GET[‘somevar’];

—-

It stops malicious users from injecting values into variables midflight.

@klaas4: Okay, that’s really strange. Some PHP setting I guess, I’m not as familiar with the config file as I would like to be but I’ll have a look. If you could give us the output that would be great.

Can you edit your php.ini ?

I don’t know.

@frankie. I’d have to give you access to my admin-panel for that…

Give me a moment…

If you can see php.ini in your root site directory you should be able to edit it, if not you can use .htaccess to turn the warning off.

Or you could use a:

ini_set(string varname, string newvalue);

Do I have to put that in the index.php page every time, or just apply it once?

I don’t see any files named php.ini in my root.
http://img236.imageshack.us/img236/1518/afbeelding1ou9.png

Is the source you specified for the entire page? Or just a snippit?

snippit

Could you post the whole source?
If there are unames and passwords you can hide those.

On my index, there is this:

<? if(isset($_GET[‘p’])) {
if(file_exists(“includes/” .$_GET[‘p’]. ”.inc.php”)) {
include(“includes/” .$_GET[‘p’]. ”.inc.php”);
} else {
include(“includes/404.inc.php”);
}
} elseif(!isset($_GET[‘p’])) {
include(“includes/home.inc.php”);
}
?>

which includes the snippit given in the startpost. Isn’t that enough?

But if you insist:
http://ole.daveyyzermans.nl/fout.php

I replaced the include-section with the contents of the error-giving-page.

If anyone has iChat and a relatively fast internet-connection, we could fix this via screensharing…

I would but I’m at work. I’m trying to break it down line by line.

Do you know what version of PHP you are using?

My host recently switched to PHP5

ini_set(“session.bug_compat_warn”, “off”); did it, but I don’t think it’s very nice, uh?

It’s kind of a round about way of doing it. I’ve found something that may help you:

“Another note about session.bug_compat_42 and bug_compat_warn.

[full error message:
“Your script possibly relies on a session side-effect which existed
until PHP 4.2.3. Please be advised that the session extension does
not consider global variables as a source of data, unless
register_globals is enabled. You can disable this functionality and
this warning by setting session.bug_compat_42 or
session.bug_compat_warn to off, respectively.”
]

The following short script causes the bug_compat_42 warning to appear.

<?php
session_start();
$_SESSION[‘var’] = NULL;
$var = “foo”;
?>

It took me an hour to find out this :-( – so I post it here to avoid
that more people need such a long time.

Conclusion and test results:

You’ll get this warning if $_SESSION[‘var’] contains NULL and you assign
anything (except NULL) to the global variable $var.

The warning will not appear:
– if $_SESSION[‘var’] contains anything else – or -
– if you don’t use a global variable named $var”

Yeah, I saw that one, but I don’t understand it so don’t know how to implement in my page.

I’m going to watch House now (on in the Netherlands). Back in an hour or so.

Try changing your if(isset($_SESSION[‘VAR’])){ to:

_if(!session_is_registered(‘VAR’]){
/**
Some Code Here
*/
}

See if that changes anything

or

<?php
session_start();
ob_start();

$ingelogd = $_SESSION[‘ingelogd’];
$bev = $_SESSION[‘bev’];

?>

and then change all your session checks to use those vars rather than $_SESSION[’’] directly.
ex:
if($bev > 3){
/**code **/
}

Found this on the PHP website:

“Warnings :
session.bug_compat_42 and bug_compat_warn

Warnings may appears even if your code is correct,
because some asumptions of the developpers.

In practice, these warnings are automatic when your code results in something like:

$_SESSION[‘var’]= NULL;

That is, the code assume that the programmer tried
to assign a unavailable (=NULL) variable because
register_globals is off.

Solution: assign anything but NULL. For example:

$_SESSION[‘var’]= is_null($var) ? 0 : $var;”

But In your code I don’t see anywhere there is a $_SESSION being set to any var.

:( I’m starting to run out of ideas.

Have you had any luck?

OK, first of all, get an up-to-date HTML tutorial as <font> is deprecated and using tables for layout is very some-years-ago ;-)

Also note that inserting user input (form fields in this case) right into MySQL queries is a security risk – see mysql_real_escape_string().

(Oh, and it’s “deze leerling” :P)

Now, as for error message: while developing, use

error_reporting(E_ALL|E_STRICT);

Then when your code goes live, change that to

error_reporting(0);

This will make sure errors are displayed and hidden, respectively.

What frankielaguna referred to might be a pointer when you have access to the source code (yay open source! ;-).

My layout uses div’s, but only the forms are tables. And what’s wrong about font? Fonty is doing so well… :-(

B.T.W. I didn’t use tutorials this time. Yay!

It’s not so much of the HTML not working, it’s the fact that web designers/programmers are trying to work towards a standard in what tags to use and a correct syntax. Which makes developing a browser that will render your page correctly no matter what, a lot easier.

Right now not all browsers are standards compliant, or 100% compliant.

I do recommend running your sites through (http://validator.w3.org/) the w3 HTML validator. It will help you make better websites, and make it even more compatible with standards based browsers.

:)

@klass4: It’s depreciated; CSS is much more powerful and people continuing to employ outdated technologies slows down development due to back-compatibility. If you don’t know much CSS, I urge you to learn!

@richardhenry Perfectly Worded!!!

@frankielaguna: Almost perfectly; the font tag is deprecated (being phased out), not depreciated (losing value over time).

I ran into this a while back. It has something to do with the way PHP used to handle session globals in 4.x, which they changed in 5.x. There’s a quick hack to bring back the old session handling, but it’s not secure, so be warned.

Add the following to your php.ini:

register_globals = on

…and your code should come back to life.

There’s more info here.

Oh no, don’t turn on register globals. As said, it’s insecure, but what’s worse: it’s insecure.

Have I said it is insecure?

Better spend some time on finding a real solution :)

Agreed, it’s a quick but very dirty solution.

OK, it magically disappear. Maybe it was because of the mind of Vincent.

Thanks ;)