0

For some reason this code works flawlessly on localhost (MAMP), but for some reason it does not work on my domain.

<?php

    require(ROOT."/resc/define.mysql.php");

    $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);

    $query = 'SELECT * FROM `Products` WHERE ID = '.mysql_real_escape_string($_GET['art']);

    $resultSet = $mysqli->query($query);

    if ($resultSet->num_rows != 0) {

        while ($row = $resultSet->fetch_assoc()) {

            foreach ($row as $key => $value) {

                $$key = $value;

            }

        }

    } else {

        echo('MySQL Error!');

    }

?>
<article class="full">
    <header><h1><?php echo($Title); ?></h1></header>
    <img style="float:right;width:60%;" src="<?php echo($ImagePath); ?>">
    <footer>
        <?php echo($Ingres); ?>
    </footer>
    <br/>
    <h4>Specs:</h4>
    <ul style="padding-left:30px;">
        <?php echo($Specs); ?>
    </ul>
    <br/>
    <p style="font-size:90%;line-height:1.5;">
        <?php echo($Article); ?>
    </p>
    <div class="clearBoth"></div>
</article>

The require() at the start gets a file that requires the script which contains the mysql login information. This is ofcourse a different file on localhost than on the webserver. This file on the webserver is located in httpd.private which is accessed like this: require($_SERVER['DOCUMENT_ROOT']."/../httpd.private/define.mysql.php");, and contains:

<?php
    define('DB_USER', 'myUsername');
    define('DB_PASS', 'myPassword');
    define('DB_HOST', 'myHostAddress');
    define('DB_NAME', 'myDatabaseName');
    define('DB_CHAR', 'utf8');
    define('DB_COLL', '');
?>

Then the script goes on to create variables for each cell in the the selected row, and then echo those variables at the apropriate place in the HTML code. The databases on my localhost and webserver are exact copies of eachother so that can't be the problem. I have tried to troubleshoot all i can think of, the login information is correct, so the conection to the database works fine, but for some reason the script does not output the information from the database when run from the webserver. However it works fine on localhost.

Thanks in advance for any help.

Isak
  • 13
  • 6
  • I'm voting to close this question as off-topic because it has nothing to do with the actual code. – Karoly Horvath Feb 03 '15 at 10:14
  • 1
    `new mysqli` and `mysql_real_escape_string`? Mixing database APIs **cannot** be helping. – Quentin Feb 03 '15 at 10:14
  • Can you please tell me where I can go to get help with this then? The question is if there is any aspect of this code that for som reason woud not work online because of some securitymeasure or some such thing? – Isak Feb 03 '15 at 10:16
  • Since 'mysql_real_escape_string' only escapes harmful code in the variable i don't see how this would interfere with the mysqli code? – Isak Feb 03 '15 at 10:21
  • @Isak mysql_real_escape_string needs a mysql_* connection, as far as I remember – Markus Müller Feb 03 '15 at 10:25
  • Is there any error message? – Markus Müller Feb 03 '15 at 10:26
  • The databases might be the same, but have you created the users? Markus is right - you can't mix mysql and mysqli functions. – Synchro Feb 03 '15 at 10:36
  • mysql_real_escape_string doesn't need connection but it is a good practice to use mysqli in every single case, as simple mysql is dead and will be removed from the language soon. – Ákos Nikházy Feb 03 '15 at 10:40
  • Thanks for the input, I have changed to the mysqli method submited by @Cristiano C. However this method presents another problem as you see in the comments on his answer. – Isak Feb 03 '15 at 11:47

1 Answers1

0

I think the mistake is the use of mysql_real_escape_string, indeed the PHP documentation is reported that the second parameter, $link_identifier, need an active link by mysql_connect():

$link_identifier: The MySQL connection. If the link identifier is not specified, the last link opened by mysql_connect() is assumed. If no such link is found, it will try to create one as if mysql_connect() was called with no arguments. If no connection is found or established, an E_WARNING level error is generated.

I think your own server is set to not display the warning.

Try to enter the error_reporting(E_ALL) before starting connection and see if you actually get the warning.

If you actually get the error I think is better to use a statement to prevent SQL Injection in this way:

$query = "SELECT * FROM `Products` WHERE ID = ?";
$stmt = $mysqli->prepare($query);
if ($stmt === FALSE) {
    die("$mysqli->error");
}

$art = $_GET['art'];
$stmt->bind_param('i', $art);
$stmt->execute();
if ($stmt->errno != 0) {
    die("SQL Error: ({$stmt->errno}), {$stmt->error}");
}

$resultSet = $stmt->get_result();
$stmt->close();
Cristiano C.
  • 36
  • 3
  • Thanks for the input, but i cant verify if this works since the script dies at `$resultSet = $stmt->get_result();`, any idea why this happens? – Isak Feb 03 '15 at 11:34
  • Fatal error: Call to undefined method mysqli_stmt::get_result() in [path to document] on line 29 (line 29: `$resultSet = $stmt->get_result();`) – Isak Feb 03 '15 at 11:42
  • this method seems to work on the server but not on localhost, the issue seems to be that the mysqlnb is not installed on the localhost, however the original problem still remains; the query does not return rows on the webserver – Isak Feb 03 '15 at 12:15
  • Can you tell me which version of php are you using (server and mamp)? mysqli_stmt::get_result need PHP version >= 5.3.0. – Cristiano C. Feb 03 '15 at 13:11
  • Another question: in `Products`, column `ID` is numeric or string? – Cristiano C. Feb 03 '15 at 13:50
  • The PHP versions are 5.6.2 for MAMP and 5.6 for the server. – Isak Feb 03 '15 at 15:53
  • ID is INT(6) with UNSIGNED ZEROFILL and A_I – Isak Feb 03 '15 at 15:58
  • basicly normal id system, exept that it counts 000001, 000002, 000003, instead of 1, 2, 3. – Isak Feb 03 '15 at 15:59
  • Your PHP version meets the requirements, plese read the accepted answer here: http://stackoverflow.com/questions/8321096/call-to-undefined-method-mysqli-stmtget-result I also modified the code to accept the ID as a numerical value. – Cristiano C. Feb 03 '15 at 16:12