Could someone help me understand why this MySQL update code isn't working php 5

Here is the code. It seems to be having an issue in PHP 5. It works well in PHP 4.4.9.

if($_REQUEST['action']== "Update"){ 

    $curDate = date("Y-m-d");
    $image =$_FILES['vImage']["name"];
    $uploadedfile = $_FILES['vImage']['tmp_name'];


$sql="UPDATE businessad 
        SET iBUserID= '$_REQUEST[iBUserID]', 
            iCategoryID= '$_REQUEST[iBCategoryID]', 
            vAdTitle= '$_REQUEST[vAdTitle]', 
            tAdText= '$_REQUEST[tAdText]',
            vAdImage= '$vAdImage', 
            vAdURL= '$_REQUEST[vAdURL]', 
            dStartDate= '$_REQUEST[dStartDate]',
            dEndDate= '$_REQUEST[dEndDate]', 
            vAddress1= '$_REQUEST[vAddress1]', 
            vAddress2= '$_REQUEST[vAddress2]',
            vCity= '$_REQUEST[vCity]',
            vState= '$_REQUEST[vState]', 
            vZipCode= '$_REQUEST[vZipCode]', 
            vPhone= '$_REQUEST[vPhone]', 
            vEmail= '$_REQUEST[vEmail]', 
            eStatus='$_REQUEST[eStatus]' 

        WHERE iBusAdID='".$_REQUEST['iBusAdID']."'";

$db_sql=$obj->sql_query($sql);

if($db_sql)
{   
    $msg=MSG_UPDATE;
    header("Location:businessadview.php?var_msg=$msg");
    exit;
}
else
{
    $msg=MSG_UPDATE_ERROR;
    header("Location:businessadview.php?var_msg=$msg");
    exit;

That code doesn't update to the MySQL table, and I'm not sure why.

What precedes the above code is a form that looks like this

<form name="frmadd" method="post" action="businessadadd_a.php" enctype="multipart/form-data">
<input type="hidden" name="action" value="<?=$action;?>">
<input type="hidden" name="iBusAdID" value=<?=$iBusAdID;?>>

I check my server error logs and found out this. It mentions some errors in the globals.php, which is a part of the include call up. I'll include the include code too.

Here is the include code

<?php

@session_start();

@ob_start();

include_once("./lib/db_config.php");

include_once("./lib/myclass.php");

include_once("./lib/globals.php");

    if(!isset($obj)){

    $obj = new myclass($SERVER,$DBASE,$USERNAME,$PASSWORD);

     }

include_once("./lib/generalsettings.php");

include_once("./function/general.php");

include_once("./lib/messages.php");

getGeneralVar();

?>

Here is the globals.php code that the server error logs have an issue with

  <?php

     $glob=array("SERVER");

if(isset($GPC_vars))
{ foreach($GPC_vars as $var)
   { foreach(array("GET","POST","COOKIE") as $avar)
       if(isset($GLOBALS["HTTP_".$avar."_VARS"][$var]))
         { $$var=$GLOBALS["HTTP_".$avar."_VARS"][$var];
         }
   }               
}
else
{ $glob=array_merge(array("GET","POST","COOKIE"),$glob);
}

foreach($glob as $avar)
{ $arr=$GLOBALS["HTTP_".$avar."_VARS"];
  foreach($arr as $var => $res)
       $$var=$res;
}

foreach ($HTTP_POST_FILES as $name => $value) {
    $$name = $value["tmp_name"];
    foreach($value as $k=>$v) {
        $varname_ = $name."_".$k;
        $$varname_ = $v;
    }
}
reset($HTTP_POST_FILES);
?>

Here is what the error logs say

[Mon Mar 14 13:08:55 2011] [error] [client -] File does not exist: /public_html/favicon.ico

[Mon Mar 14 13:08:54 2011] [error] [client -] PHP Warning: reset() [function.reset]: Passed variable is not an array or object in /public_html/lib/globals.php on line 30, referer: xxx.com/admin/businessadadd.php?iBusAdID=4&action=Update

[Mon Mar 14 13:08:54 2011] [error] [client -] PHP Warning: Invalid argument supplied for foreach() in .../public_html/lib/globals.php on line 23, referer: xxx.com/admin/businessadadd.php?iBusAdID=4&action=Update

[Mon Mar 14 13:08:54 2011] [error] [client -] PHP Warning: Invalid argument supplied for foreach() in .../public_html/lib/globals.php on line 19, referer: xxx.com/admin/businessadadd.php?iBusAdID=4&action=Update

[Mon Mar 14 13:08:54 2011] [error] [client -] PHP Warning: Invalid argument supplied for foreach() in .../public_html/li开发者_Python百科b/globals.php on line 19, referer: xxx.com/admin/businessadadd.php?iBusAdID=4&action=Update

[Mon Mar 14 13:08:54 2011] [error] [client -] PHP Warning: Invalid argument supplied for foreach() in .../public_html/lib/globals.php on line 19, referer: xxx.com/admin/businessadadd.php?iBusAdID=4&action=Update

[Mon Mar 14 13:08:54 2011] [error] [client -] PHP Warning: Invalid argument supplied for foreach() in .../public_html/lib/globals.php on line 19, referer: xxx.com/admin/businessadadd.php?iBusAdID=4&action=Update

Because it's just a string. Do you execute the query? If so, what does mysql_error tell you?

And please, pretty please, Google for SQL injection. This code is very vulnerable.

The reason its failing is explained by your statement:

and I'm not sure why

1) you've cited a fragment of the code used to generate the query - but we need to see the query which gets sent to the database and the structure of the table

2) we also need to see the error message that is returned after the query fails.

3) since you are using $_REQUEST, we also need to see your variables_order setting for both PHP installations to determine how $_REQUEST is populated

I expect once you find the answers to these the solution will be obvious. But it's also worth noting that splicing user supplied data into an SQL query is a very bad idea - you're wide open to SQL injection attacks.

You might try to use the concatenation you are doing at the end within the query. It might be look at the $_REQUEST['SOMETHING'] as a string.

$sql = "UPDATE businessad 
           SET iBUserID = '".$_REQUEST['iBUserID']."',
               iCategoryID = '".$_REQUEST['iBCategoryID']."',    
               vAdTitle = '".$_REQUEST['vAdTitle']."', 
               tAdText = '".$_REQUEST['tAdText']."',
               vAdImage = '$vAdImage', 
               vAdURL = '".$_REQUEST['vAdURL']."', 
               dStartDate = '".$_REQUEST['dStartDate']."',
               dEndDate = '".$_REQUEST['dEndDate']."', 
               vAddress1 = '".$_REQUEST['vAddress1']."', 
               vAddress2 = '".$_REQUEST['vAddress2']."',
               vCity = '".$_REQUEST['vCity']."',
               vState = '".$_REQUEST['vState']."', 
               vZipCode = '".$_REQUEST['vZipCode']."', 
               vPhone = '".$_REQUEST['vPhone']."', 
               vEmail= '".$_REQUEST['vEmail']."', 
               eStatus = '".$_REQUEST['eStatus']."'    
         WHERE iBusAdID = '".$_REQUEST['iBusAdID']."'";

When you say your code works in PHP4 but stops working in PHP5, then it's easy to assume this is due to lack of magic_quotes. This feature has been disabled in the default configurations of PHP5. And your SQL query now became invalid due to lack of escaping.

At the start of your script (but after the mysql_connect) add following:

$_REQUEST = array_map("mysql_real_escape_string", $_REQUEST);

It's workaround-ish, but at least safe if it is always executed right after the database connection. Do the same for $_GET and $_POST if you must. (The correct approach would be to migrate to PDO and parameterized SQL, or at least apply the mysql_real_escape_string function wherever you concatenate SQL queries.)