Comparison failing after PHP upgrade

Question

This code used to work in earlier versions of PHP4 but no longer works on my website now that the hosting server has been upgraded to PHP5. Any easy way to alter this code to make it work again?

<?
if ($info == "file1") {include ("file1.html");}
if ($info == "file2") {include ("file2.html");}
if ($info == "file3") {include ("file3.html");}
if ($info == "file4") {include ("file4.html");}
if ($info == "file5") {include ("file5.html");}
?>

EDIT: yes, this is the code I have on the final website (not a PHP pro here). I call the "$info=_" just in a simple link (I'm wanting to return www.website.com/?info=file), ie:

<a href="?info=file1">Click here to read File 1</a>

And where does `$info` come from? You aren't expecting it to come from the querystring via register_globals, are you? (like `example.com/index.php?info=file5`) — Michael Berkowski, Sep 07 '12 at 17:22
Yes, where does $info come from? There is no difference in that code between PHP4 and PHP5. — frustratedtech, Sep 07 '12 at 17:26
@Bgi - no error, just nothing shows up now (it's not including the file) — codeview, Sep 07 '12 at 23:18
@MichaelBerkowski - yes, your example is how it was working before. I'm guess from your comment that is not proper? — codeview, Sep 07 '12 at 23:19
@MarcB - that was just a posting error. It's in there in the code (edited post too). — codeview, Sep 07 '12 at 23:20

score 7 · Answer 1 · answered Sep 07 '12 at 17:25

7

If this is the actual code, your issue is the use of the short tags, <? at the start of your PHP block. These are no longer supported by default in PHP5. Instead use

<?php ...code here... ?>

Alternatively, you can ask your provider to set the "short_open_tag" option in php.ini.

answered Sep 07 '12 at 17:25

ski4404

311
1
6

Yes, this is actual code. Is it bad code structure? Or just not proper at all? It was quite a few years ago that I originally implemented it. I've tried with the opening " – codeview Sep 07 '12 at 23:25

jeroen · Accepted Answer · 2012-09-07T23:31:33.257

3

Based on your edit, it seems that the problem is that you had register_globals on in your old version of php in the php.ini file.

register_globals extracts all global variables so where you normally use $_GET['info'], with register_globals on, you can simply use $info.

This functionality is deprecated in php 5.3 and removed from php 5.4 as it poses a huge security risk.

To solve your problem, you can set the variable before your conditions:

$info = $_GET['info'];
if ($info == "file1") {include ("file1.html");}
...

edited Sep 07 '12 at 23:31

answered Sep 07 '12 at 23:24

jeroen

88,615
21
107
128

1

Luckily if they are all wrapped in if statements, the directory traversal attack is mitigated – Michael Berkowski Sep 07 '12 at 23:30
@Michael Berkowski I just removed my comment about sanitizing input as it was not really justified here... – jeroen Sep 07 '12 at 23:32
@jeroen - you genius of a man! Thank you! That was exactly the problem. Thank you for the explanation...so using "$info = $_GET['info'];" is secure? – codeview Sep 08 '12 at 00:28

Mike Mackintosh · Answer 3 · 2012-09-07T17:44:54.317

2

By default, short tags <? ?> are not enabled.

Without knowing your error, try using <?php instead of <?

Update: Since you are obviously including the page with the short open tags, in your calling page, you can call:

ini_set('short_open_tag', '1');

I doubt your service provider will set the short open tags attribute for you.

edited Sep 07 '12 at 17:44

answered Sep 07 '12 at 17:25

Mike Mackintosh

13,156
6
54
83

Thanks for the response. I've tried with the opening " – codeview Sep 07 '12 at 23:26
no error, the content just doesn't show now (the file is not included where it used to be). – codeview Sep 08 '12 at 00:25

score -1 · Answer 4 · answered Sep 07 '12 at 17:24

-1

There's an error in your code. Change this:

if ($info == "file5") {include ("file5html");}

To this:

if ($info == "file5") {include ("file5.html");}

answered Sep 07 '12 at 17:24

user1477388

19,139
26
125
240

It is obvious that it isn't his production code, but just an example (or at least I hope so) – Bgi Sep 07 '12 at 17:25
2

Wow, you guys are ridiculous for all those downvotes. We have no way of knowing whether or not this is production code. The answer above even says, "If this is the actual code..." – user1477388 Sep 07 '12 at 17:26
He didn't say the problem was only with file5! He would have mention it. – Bgi Sep 07 '12 at 17:27
@Bgi: Correction: He might have mentioned it. Again, there is no way of knowing so I answered the most obvious problem first. – user1477388 Sep 07 '12 at 17:28
2

This could or could not be the answer, so I don't see the need of down votes on this. Maybe comment on the question to see if it's actual code? – Shaz Sep 07 '12 at 17:29
You were down voted because it's his code that isn't working. The user would have complained about that specific line if all but that line was working. Also, there is nothing wrong with including files that don't have an extension. Including a file can have any extension and it will be processed through the php script anyway. – frustratedtech Sep 07 '12 at 17:29
Thank you Shaz, my thoughts exactly. – user1477388 Sep 07 '12 at 17:32
@user1477388 - thanks for the response. But yes the missing period was just a typo in the stackoverflow post. It is there in the actual code. Thank you for the response, though. – codeview Sep 07 '12 at 23:27
@Bgi - I take it this is bad code :) If you think it's obvious it's not production code. It was a few years ago I originally implemented it (and not a PHP pro here). Any thoughts on how to do this properly? – codeview Sep 07 '12 at 23:29
@ryanderson: The first way to redo it I can think of would be to put all the filenames into an array, then loop through them. You can put each of the data they have into an array, too. This way, you have more control over the data. – user1477388 Sep 08 '12 at 11:43

Comparison failing after PHP upgrade

4 Answers4