Need Assistance Out of Date PHP Code

Ok, and thanks for that. The changes between 5 and 7 were major and it is difficult too keep up unless you code every day I think. But guess the changes are likely for the better…

Well, Keith, missing files mean that you are either pointing at the wrong place or you are missing files.
The problem is your current setup. I will guess that your current Xampp layout is different than your older one you had in class. OR, they had extra files that you did not copy when you made your backup.

Why don’t you zip up what you have and send it as a private message to me. To do that, click on my E circle and select message and send it that way. I will put it into my editor and see what is going on. But, remember, I will not be able to see the missing files… Of course!

Well… no as there is no “HTML” folder in the older Xampp, Xampp/php, Xampp/php/pear. So the files have never been there. While the older “Table.php” is there, and it does refer to those files, I never “had” that problem in the past. So it is getting even more confusing. I renamed the older version of Xampp to Xamppold so I could install the newer version into Xampp, thus keeping the older versions intact… I just installed the latest version (hoping that it may “fix” the problem but nup same errors basically…

The new error still points to the line 68 in the Table.php file but there is a little more “information” in the error:

Warning : require_once(HTML/Common.php): Failed to open stream: No such file or directory in C:\xampp\php\pear\Table.php on line 68

Fatal error : Uncaught Error: Failed opening required ‘HTML/Common.php’ (include_path=‘C:\xampp\php\PEAR’) in C:\xampp\php\pear\Table.php:68 Stack trace: #0 C:\xampp\htdocs\ComputerSuperStore\tablelogincheck.php(10): require() #1 C:\xampp\htdocs\ComputerSuperStore\index.php(31): require(‘C:\xampp\htdocs…’) #2 {main} thrown in C:\xampp\php\pear\Table.php on line 68

Ok that information has given me a bit of an idea.
I looked at tablelogincheck.php (which hasn’t been referred to in the past) and it points to a file called table.php (which is in my folder) so I am wondering if I have to give it the full address, to point it to the one in my folder and not to the one in the php/pear folder. although why it would go there is beyond me. My table.php file only has 15 lines compared with the other one which has over a thousand lines.

That said the table.php is in the same directory / folder as the tablelogincheck.php, so one would think it should look at that first…
Rather than add a new post I figured I’d edit this one.

I simply changed the name of my table.php to tableo.php and changed the require function to the same file and it has fixed that problem… marvelous what a “seat in the Throne-room” can do lol…

The products are now displaying…

New Edit
Checked the sign in Function, and it failed, did a bit of checking and there were some components missing from the "Customer part of the Database, found them in an older file, deleted to faulty DB and Imported the complete DB but still getting an error

Fatal error : Uncaught ArgumentCountError: mysqli_real_escape_string() expects exactly 2 arguments, 1 given in C:\xampp\htdocs\ComputerSuperStore\checklogin.php:32 Stack trace: #0 C:\xampp\htdocs\ComputerSuperStore\checklogin.php(32): mysqli_real_escape_string(‘Joe’) #1 {main} thrown in C:\xampp\htdocs\ComputerSuperStore\checklogin.php on line 32

Line 25 to 53:

  1. <?php // Define $myusername and $mypassword
  2.      $myusername=$_POST['UserName'];
    
  3.      $mypassword=$_POST['Password'];
    
  4.      // To protect MySQL injection (more detail about MySQL injection)
    
  5.       $myusername = stripslashes($myusername);
    
  6.       $mypassword = stripslashes($mypassword);
    
  7.       $myusername = mysqli_real_escape_string($myusername);
    
  8.       $mypassword = mysqli_real_escape_string($mypassword);
    
  9.       $sql="SELECT * FROM customer WHERE UserName='$myusername' and Password='$mypassword'";
    
  10.       $result=mysqli_query($sql);
    
  11.         // Mysql_num_row is counting table row
    
  12.         $count=mysqli_num_rows($result);
    
  13.          //If result matched $myusername and $mypassword, table row must be 1 row
    
  14. 	     if($count==1){
    
  15.          // Register $myusername, $mypassword and redirect to file "success.php"
    
  16.          $row = mysqli_fetch_array($result);
    
  17. 		 $_SESSION["UserName"]=$row['UserName'];
    
  18. 		 $_SESSION["CustId"]=$row['CustId'];
    
  19.          //session_register("myusername");
    
  20.          //session_register("mypassword");
    
  21.          echo '<script>window.location.href="success.php"</script>';
    
  22.          }
    
  23. 	     else {
    
  24.          echo "<script> window.alert('Wrong Username and Password!'); </script>";
    
  25.          echo '<script>window.location.href="login.php"</script>';
    
  26.          }
    
  27.       ?>

Nobody really uses this anymore. To protect for MySQL injections, you just filter all of your inputs when the user posts to PHP code. To do this, it is super easy. You change the lines that get the data from the posted form, like, $myusername=$_POST['UserName"]; and change to something like this:
$myusername=filter_input(INPUT_POST, “UserName”);
This newer function takes the input from the POST command, filters out programming codes and invalid data so that is it cleaned. Next, you do not directly use that data inside the query. You need to learn about PREPARE commands. You “prepare” a query and use “?” where the data goes and then you execute the command. It is not hard to understand. But, what this does it bypass any possible attack from a hacker. They can NOT get to the data that is inserted or used in queries. So, in you example where you select data based on inputs, only the server ever has access to it.

Therefore, your next step is to alter all of your code in the entire project where they get data from the $_POST array into a variable to use the newer filter_input function. You can read up on it at php.net or w3schools.com or just Google it. Or, ask question on it here. Also, remove all the stripslashes and real escape string functions as you no longer need them. And, lastly change the queries to use prepared statements. There are many tutorials on this conversion. Here is one that explains the reasons why and how SQL Injection works. I think it will help! MySQLi Prepares

One other comment… Normally when you test a site, you place ALL sub-files and libraries under the main folder. You never keep files outside of that folder. The reason is when moving to a live server, you need to have the entire site in one folder. So, you should never use files in other folders like php/pear or others. Make sense?

Good luck! Sounds like you are making headway !

Thanks again for your assistance and advice. Unfortunately, that was the coding we were taught to use back in the day. So yes it is very outdated. As for the storage, yes all of my files for this site are in the one folder/ directory, except of course the Database files, they have to go into the sql folder/ directory. Luckily I had a copy of the site and database stored away in an old TAFE Folder. Not having touched very much on server side scripting since I left TAFE, I think I did myself an injustice not trying to follow up to keep up. I have tried to find resources to get updated scripts/ code but very difficult to find code that actually works.

As for the file outside of my folder, well I don’t know why but it automatically went to that file (Table.php) which was in the pear folder, as it should have went to the table.php in “My” folder/ directory, as it did in the past. That’s why I changed my file to tableo.php and altered the code to point it to that file. All of my php files are in the Main Directory for the site, things like images, CSS files, JavaScript Files are in their own Sub Folders/directories as we do with non server-side standard HTML Sites Thanks again, for all the help.

Sponsor our Newsletter | Privacy Policy | Terms of Service