General Question

klaas4's avatar

Error message when using PHP with MySQL.

Asked by klaas4 (2194points) April 22nd, 2008

I’m designing this website, but when I press submit, it gives me this error message which I don’t understand:

“Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively.”

What the heck is going on? Everything works, and everything is entered in the database too, but it gives me this error message, and I want to get rid of it.

This is my code: http://ole.daveyyzermans.nl/foutcode.php

If someone would take the time to look trough my code, and say what’s going on, I’d be very greatful. You can also have a place on the site.

Davey.

Observing members: 0 Composing members: 0

39 Answers

Babo's avatar

Wow! Good luck with that!

richardhenry's avatar

Are you using any global variables in your code? In other words, variable submitted via a “GET” in the address itself? The error message refers to this. Security was much improved in PHP 5.

klaas4's avatar

This (=what gives the error) code is included in index.php, which uses ?p=page to know which page to include.
This is that code:

<? if(isset($_GET[‘p’])) {
if(file_exists(“includes/” .$_GET[‘p’]. ”.inc.php”)) {
include(“includes/” .$_GET[‘p’]. ”.inc.php”);
} else {
include(“includes/404.inc.php”);
}
} elseif(!isset($_GET[‘p’])) {
include(“includes/home.inc.php”);
}
?>

(bit messy, Fluther doesn’t allow tabs)

iwamoto's avatar

so he should revert to the “POST” command? been some time since i worked php….and i didn’t like it

frankielaguna's avatar

Can you link the page that’s actually rendering the PHP? Not just the source, Please.

richardhenry's avatar

@iwamoto:

—-

How it used to be:
http://mysite.com/index.php?somevar=value

echo $somevar;

—-

The default security settings now require this:
http://mysite.com/index.php?somevar=value

echo $_GET[‘somevar’];

—-

It stops malicious users from injecting values into variables midflight.

richardhenry's avatar

@klaas4: Okay, that’s really strange. Some PHP setting I guess, I’m not as familiar with the config file as I would like to be but I’ll have a look. If you could give us the output that would be great.

glial's avatar

Can you edit your php.ini ?

klaas4's avatar

I don’t know.

klaas4's avatar

@frankie. I’d have to give you access to my admin-panel for that…

klaas4's avatar

Give me a moment…

glial's avatar

If you can see php.ini in your root site directory you should be able to edit it, if not you can use .htaccess to turn the warning off.

frankielaguna's avatar

Or you could use a:

ini_set(string varname, string newvalue);

klaas4's avatar

Do I have to put that in the index.php page every time, or just apply it once?

klaas4's avatar

I don’t see any files named php.ini in my root.
http://img236.imageshack.us/img236/1518/afbeelding1ou9.png

frankielaguna's avatar

Is the source you specified for the entire page? Or just a snippit?

frankielaguna's avatar

Could you post the whole source?
If there are unames and passwords you can hide those.

klaas4's avatar

On my index, there is this:

<? if(isset($_GET[‘p’])) {
if(file_exists(“includes/” .$_GET[‘p’]. ”.inc.php”)) {
include(“includes/” .$_GET[‘p’]. ”.inc.php”);
} else {
include(“includes/404.inc.php”);
}
} elseif(!isset($_GET[‘p’])) {
include(“includes/home.inc.php”);
}
?>

which includes the snippit given in the startpost. Isn’t that enough?

klaas4's avatar

But if you insist:
http://ole.daveyyzermans.nl/fout.php

I replaced the include-section with the contents of the error-giving-page.

klaas4's avatar

If anyone has iChat and a relatively fast internet-connection, we could fix this via screensharing…

frankielaguna's avatar

I would but I’m at work. I’m trying to break it down line by line.

Do you know what version of PHP you are using?

klaas4's avatar

My host recently switched to PHP5

klaas4's avatar

ini_set(“session.bug_compat_warn”, “off”); did it, but I don’t think it’s very nice, uh?

frankielaguna's avatar

It’s kind of a round about way of doing it. I’ve found something that may help you:

“Another note about session.bug_compat_42 and bug_compat_warn.

[full error message:
“Your script possibly relies on a session side-effect which existed
until PHP 4.2.3. Please be advised that the session extension does
not consider global variables as a source of data, unless
register_globals is enabled. You can disable this functionality and
this warning by setting session.bug_compat_42 or
session.bug_compat_warn to off, respectively.”
]

The following short script causes the bug_compat_42 warning to appear.

<?php
session_start();
$_SESSION[‘var’] = NULL;
$var = “foo”;
?>

It took me an hour to find out this :-( – so I post it here to avoid
that more people need such a long time.

Conclusion and test results:

You’ll get this warning if $_SESSION[‘var’] contains NULL and you assign
anything (except NULL) to the global variable $var.

The warning will not appear:
– if $_SESSION[‘var’] contains anything else – or -
– if you don’t use a global variable named $var”

klaas4's avatar

Yeah, I saw that one, but I don’t understand it so don’t know how to implement in my page.

I’m going to watch House now (on in the Netherlands). Back in an hour or so.

frankielaguna's avatar

Try changing your if(isset($_SESSION[‘VAR’])){ to:

_if(!session_is_registered(‘VAR’]){
/**
Some Code Here
*/
}

See if that changes anything

frankielaguna's avatar

or

<?php
session_start();
ob_start();

$ingelogd = $_SESSION[‘ingelogd’];
$bev = $_SESSION[‘bev’];

?>

and then change all your session checks to use those vars rather than $_SESSION[’’] directly.
ex:
if($bev > 3){
/**code **/
}

frankielaguna's avatar

Found this on the PHP website:

“Warnings :
session.bug_compat_42 and bug_compat_warn

Warnings may appears even if your code is correct,
because some asumptions of the developpers.

In practice, these warnings are automatic when your code results in something like:

$_SESSION[‘var’]= NULL;

That is, the code assume that the programmer tried
to assign a unavailable (=NULL) variable because
register_globals is off.

Solution: assign anything but NULL. For example:

$_SESSION[‘var’]= is_null($var) ? 0 : $var;”

But In your code I don’t see anywhere there is a $_SESSION being set to any var.

:( I’m starting to run out of ideas.

Have you had any luck?

Vincentt's avatar

OK, first of all, get an up-to-date HTML tutorial as <font> is deprecated and using tables for layout is very some-years-ago ;-)

Also note that inserting user input (form fields in this case) right into MySQL queries is a security risk – see mysql_real_escape_string().

(Oh, and it’s “deze leerling” :P)

Now, as for error message: while developing, use

error_reporting(E_ALL|E_STRICT);

Then when your code goes live, change that to

error_reporting(0);

This will make sure errors are displayed and hidden, respectively.

What frankielaguna referred to might be a pointer when you have access to the source code (yay open source! ;-).

klaas4's avatar

My layout uses div’s, but only the forms are tables. And what’s wrong about font? Fonty is doing so well… :-(

B.T.W. I didn’t use tutorials this time. Yay!

frankielaguna's avatar

It’s not so much of the HTML not working, it’s the fact that web designers/programmers are trying to work towards a standard in what tags to use and a correct syntax. Which makes developing a browser that will render your page correctly no matter what, a lot easier.

Right now not all browsers are standards compliant, or 100% compliant.

I do recommend running your sites through (http://validator.w3.org/) the w3 HTML validator. It will help you make better websites, and make it even more compatible with standards based browsers.

:)

richardhenry's avatar

@klass4: It’s depreciated; CSS is much more powerful and people continuing to employ outdated technologies slows down development due to back-compatibility. If you don’t know much CSS, I urge you to learn!

frankielaguna's avatar

@richardhenry Perfectly Worded!!!

sumul's avatar

@frankielaguna: Almost perfectly; the font tag is deprecated (being phased out), not depreciated (losing value over time).

chaosrob's avatar

I ran into this a while back. It has something to do with the way PHP used to handle session globals in 4.x, which they changed in 5.x. There’s a quick hack to bring back the old session handling, but it’s not secure, so be warned.

Add the following to your php.ini:

register_globals = on

…and your code should come back to life.

There’s more info here.

Vincentt's avatar

Oh no, don’t turn on register globals. As said, it’s insecure, but what’s worse: it’s insecure.

Have I said it is insecure?

Better spend some time on finding a real solution :)

chaosrob's avatar

Agreed, it’s a quick but very dirty solution.

klaas4's avatar

OK, it magically disappear. Maybe it was because of the mind of Vincent.

Thanks ;)

Answer this question

Login

or

Join

to answer.

This question is in the General Section. Responses must be helpful and on-topic.

Your answer will be saved while you login or join.

Have a question? Ask Fluther!

What do you know more about?
or
Knowledge Networking @ Fluther