php working locally and remotely on own hosting, but not remotely on client's hosting
I'm not good with PHP, so please bear with me. I have the following code:
<?php $thisPage="designers";
include("phpincludes/header.php") ?>
<div id="contentLeft">
<?echo "<h2><a href='designer_display.php?d_name=".$_GET['d_name']."'>" . $_GET['d_name']. "</a></h2>";?>
<?
error_reporting(0);
require_once "phpincludes/connection.php";
$designer = $_GET['d_name'];
// Category Selection Start.
$cat_qry = "SELECT DISTINCT (
`own_category`
)
FROM `products`
WHERE `designer` ='".$designer."' && own_category != ''";
$rs_qry = mysql_query($cat_qry);
$i = 0;
while($rec_qry = mysql_fetch_array($rs_qry))
{
if($i==0)
$first_cat = $rec_qry['cat_name'];
$cat_name[$i]=$rec_qry['cat_name'];
$i++;
}
// Category Selection Start.
$cat_name = $_GET['catName1'];
$cat_qry = "SELECT DISTINCT (
`own_category`
)
FROM `products`
WHERE `designer` ='".$designer."' && own_category != ''";
//"select * from categories";
$rs_qry = mysql_query($cat_qry);
$rec_no = mysql_affected_rows();
/*if($_GET["catName1"]=="")
$catName = $first_cat;
else
$catName = $cat_name;*/
$n1 = 1;
echo "<ul id=\"designers\">";
while($rec_qry = mysql_fetch_array($rs_qry))
{
$cate_name = str_replace('_',' ',$rec_qry['own_category']);
//print_r($cate_name[1]);
if($rec_qry["own_category"]!= $_GET['catName'])
echo "<li><A HREF='d_items.php?no=".$n1."&d_name=".$designer."&catName=".$rec_qry["own_category"]."'>".strtoupper($c开发者_StackOverflowate_name)."</A></li>";
else
echo "<li><A HREF='d_items.php?no=".$n1."&d_name=".$designer."&catName=".$rec_qry["own_category"]."'><font color='#8d9354'>".strtoupper($cate_name)."</font></a></li>";
if($rec_qry["own_category"]== $_GET['catName'])
{
$query="SELECT A.photo_filename, A.photo_title, B.dc_cat_name FROM displays A
LEFT JOIN displays_categories B ON B.dc_display_photos = A.photo_filename
WHERE dc_cat_name ='".$rec_qry["cat_name"]."'";
$query="SELECT B.pro_name, B.own_category, B.own_photo_filename from categories as A LEFT JOIN
products as B ON A.cat_name = B.own_category
where cat_name ='".$_GET["catName"]."' and designer ='".$designer."' order by B.pro_name";
$rs1_qry = mysql_query($query);
echo "<ul class=\"items\">";
while($row = mysql_fetch_array($rs1_qry))
{
if ($designer == "Jardan") {
$p1name = str_ireplace($designer,'',$row["pro_name"]);
$pname = substr($p1name, 0, -3);
} else {
$pname = str_ireplace($designer,'',$row["pro_name"]);
}
if($_GET['ProName'] != $row["pro_name"])
echo "<li><A HREF='d_item_details.php?d_name=".$designer."&ProName=".$row['pro_name']."&catName1=".$rec_qry['own_category']."&catName=".$rec_qry['own_category']."'>".$pname."</A></li>";
else
echo "<li><A HREF='d_item_details.php?d_name=".$designer."&ProName=".$row['pro_name']."&catName1=".$rec_qry['own_category']."&catName=".$rec_qry['own_category']."'><font color='#fff'>".$pname."</font></A></li>";
}
echo "</ul>";
}
}
echo "</ul>";
$f=1;
$recnm = $_GET['ProName'];
$owncat = $_GET['catName1'];
$photo_title = $_GET['ptitle'];
$query2="SELECT pro_code, pro_dimensions, own_photo_filename, designer_pdf, palette FROM products
WHERE pro_name ='".$recnm."' and own_category ='".$owncat."'";
$rt2=mysql_query($query2);
echo mysql_error();
?>
</div>
<div id="contentRight">
<?
while($row2 = mysql_fetch_array($rt2))
{
?>
<?$d = explode(' ',$designer);
for($p=0;$p<count($d);$p++)
{
$des.=$d[$p];
}
if ($designer == "Playstar") {
$p2name = str_ireplace($designer,'',$recnm);
$poname = substr($p2name, 0, -3);
} else {
$poname = str_ireplace($designer,'',$recnm);
}
?>
<img class="lighting" src="img/designers/<?echo $des."/".$row2['own_photo_filename'];?>.jpg" />
<div class="mailerBtn"><a href="mailto:info@clientsite.com.au?subject=<?echo $recnm;?>"><h4>ENQUIRE</h4></a>
<a href="pdf/<?echo $des."/".$row2['designer_pdf'];?>.pdf" target="_blank"><h4>Download Product PDF</h4></a></div>
<h3><?echo $poname;?></h3>
<p>
<?
echo "<b>Product code:</b> ". $row2['pro_code']."<BR>";
if ($designer == "Playstar") {
echo $row2['pro_dimensions'];
} else {
echo "<b>Dimensions:</b> ". $row2['pro_dimensions'];
} ?>
</p>
<? if($row2[4]=='yes') {
?>
<img class="palette" src="img/designers/<?echo $des."/".$row2['own_photo_filename'];?>-palette.jpg" />
<? } ?>
<?}?>
<?php include("phpincludes/base.php") ?>
Much of the code was written by someone else, but I've been modifying it in a couple of ways. It works locally (on XAMP) and on my personal site where I've been hosting it as a test site.
But when i uploaded it to the client's host, this page stops abruptly at echo "<ul class=\"items\">"; - roughly line 73. I can't see what's stopping it from running properly.
Some assistance would be gratefully received!
MTIA.
That's hard to tell. It's very obviously something with the clients setup.
Taking a wild guess, that client is still running PHP4. Because after line 73 you have a call to str_ireplace which wasn't available for that.
You would likely get a fatal error for this one. And this is the right avenue for investigation here. Add this on top for debugging (instead of error_reporting(0) which is not so helpful):
error_reporting(E_ALL|E_WARNING);
And ask for errors. Better yet, provide a custom error handler which prints out something shiny for end user-type clients. Otherwise ask for the error.log which should contain the exact error likewise.
You should avoid using the "short tags" <? and replace with the regular <?php tags. At a minimum, on that line not having a space after the "?" is asking for trouble, but overall you should just replace the short tags as they can cause trouble for various reasons and many installations do not have them enabled by default.
FYI, one specific case where they often cause trouble is for XHTML documents, if the xml declaration isn't printed with PHP, it will throw an error. Now with HTML5 I guess this will be less of an issue, but IMHO, best practice would be to avoid them.
Glad you got it working, but I wouldn't be using this code in production on your clients web host.
$f=1;
$recnm = $_GET['ProName'];
$owncat = $_GET['catName1'];
$photo_title = $_GET['ptitle'];
$query2="SELECT pro_code, pro_dimensions, own_photo_filename, designer_pdf, palette FROM products WHERE pro_name ='".$recnm."' and own_category ='".$owncat."'";
This and all the other queries here are vulnerably to sql injection. (if I passed in catName1='; DELETE * FROM products where 1=1 or '2'='2)
You need to either convert the queries to paramaterised queries, or use mysql_real_escape_string.
ie
$owncat = mysql_real_escape_string($_GET['ProName']);
加载中,请稍侯......
精彩评论