Page 1 of 2 12 Last
  • Jump to page:
    #1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    55
    Rep Power
    0

    Regex randomly crashing PHP page


    The Regex below seems to be randomly crashing my PHP script on my GoDaddy account...

    PHP Code:
    // Check First Name.
    if (!empty($_POST['firstName'])){
        if (
    preg_match('/^[A-Z \'.-]{2,20}$/i'$_POST['firstName'])){
            
    $firstName $_POST['firstName'];
        }else{
            
    $errors['firstName'] = 'Must be 2-20 characters (A-Z \' . -)';
        }
    }else{
        
    $errors['firstName'] = 'Please enter your First Name.';


    I changed the delimiter to a pipe "|" and that seemed to work for a few tries and then it started crashing things again?!

    This is some of the strangest behavior I have ever seen?!

    I am now trying the pound symbol "#" as my delimiter...

    Any ideas what is wrong???



    Debbie
  2. #2
  3. Did you steal it?
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    13,986
    Rep Power
    9397
    It's 99% likely not the regex.

    Define "crash".
  4. #3
  5. life isn't we think of it
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Jul 2003
    Location
    Kiev
    Posts
    2,027
    Rep Power
    55
    Any error message?
  6. #4
  7. Permanently Banned
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2010
    Posts
    92
    Rep Power
    0
    Regex/PHP has a long history of crashing servers.... You need to search bug reports for your PHP version.

    Comments on this post

    • ManiacDan disagrees : (0) No it doesn't. The pcre functions in PHP are perfectly fine.
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    55
    Rep Power
    0
    Originally Posted by requinix
    It's 99% likely not the regex.

    Define "crash".
    My one php page quits before it gets to cURL and it doesn't come back with a response from Authorize.net.

    I just get a white page.

    The View Source shows the HTML ends at <body>.

    If I take out the Regex then my cURL script runs fine and I get a response back from Authorize.net.


    (This same script WITH my Regex works fine on my laptop. It is just when the Regex code is in my file on the Web Host that this issue appears?!)



    Debbie
  10. #6
  11. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    55
    Rep Power
    0
    Originally Posted by romalong
    Any error message?
    Nope.

    As I said, my code just stops rendering at <body>.

    I swapped out my "/" delimiter for a "|" delimiter last night and it worked for a couple of tries, and then started acting up again?!

    It is a lot of code, but would it help if I post all of my Regex??

    I just don't get how my code can work on my MacBook which doesn't even have an SSL cert and I can send the payment info to Authorize.net with cURL and get a response back from Authorize.net yet on the server it blows up?!



    Debbie
  12. #7
  13. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    55
    Rep Power
    0
    Originally Posted by Backslider
    Regex/PHP has a long history of crashing servers.... You need to search bug reports for your PHP version.
    Really?????????????


    Any idea if using certain delimiters like "/" could be the issue?

    Today I am going to try "#".

    I will add one field at a time (e.g. First Name, Middle Initial, Last name, etc) and see how my code goes...


    Debbie
  14. #8
  15. life isn't we think of it
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Jul 2003
    Location
    Kiev
    Posts
    2,027
    Rep Power
    55
    What about error reporting level and display_errors variable? Are you sure you can get error messages on your page? You can also look at web server log as well, if you have access.
  16. #9
  17. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    55
    Rep Power
    0
    Originally Posted by romalong
    What about error reporting level and display_errors variable? Are you sure you can get error messages on your page? You can also look at web server log as well, if you have access.
    This is on my web host so it is difficult.

    Error Reporting is turned off.

    Is there some way around that like using var_dump?

    (Actually this is on a VPS, but I have no clue how to use Linux, so that really isn't an option.)

    But getting back to basics...

    If my Regex code is in, I have issues ( at least with "/" as a delimiter).

    If my Regex code is out, it runs like a charm?!

    And on my MacBook it runs like a charm either way with any delimiter.



    Debbie
  18. #10
  19. life isn't we think of it
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Jul 2003
    Location
    Kiev
    Posts
    2,027
    Rep Power
    55
    DoubleDee,

    you need to make error_reporting level as high as possible (error_reporting(E_ALL | E_STRICT)) and redirect error message to log file if this is AJAX request or if it's production environment.

    This is on my web host so it is difficult.
    Say what? If it's under your control, what's the issue?

    BTW, your regex pattern is valid and there might be something else you cannot see because your PHP has been told so.
    Feel free to ask questions regarding Linux and I will be glad to help.
  20. #11
  21. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    55
    Rep Power
    0
    Originally Posted by romalong
    DoubleDee,

    you need to make error_reporting level as high as possible (error_reporting(E_ALL | E_STRICT)) and redirect error message to log file if this is AJAX request or if it's production environment.


    Say what? If it's under your control, what's the issue?

    BTW, your regex pattern is valid and there might be something else you cannot see because your PHP has been told so.
    Feel free to ask questions regarding Linux and I will be glad to help.
    Okay, first off, I apologize for asking and doing dumb things, but I am a newbie in a bad situation...

    (Am trying to *securely* get my payment form working so I can make some $$$, and don't have the resources or months to become an expert. Yet at the same time, I feel my code and set-up is very safe since I am using Authorize.net. So I think I just need to iron out a few PHP kinks *quickly*.)

    I know I forgot about this, and admittedly I don't have experience working on a live server, but YES, I do need some error-handling code so that if things like this happen, my system bows out gracefully.

    If a problem like my Regex issue happens, what I need is for customers get a message like "We are experiencing technical difficulties. Please contact the admin." and not a blank screen!!!


    As far as the server, I am working on a VPS however I do not have an SSH Client (e.g. Putty) set up, and I don't know Linux to save my life!!

    I do have Plesk, but I'm not certain how helpful that would be.

    And even if I have a Managed Server, I know my web host will only help with basic server maintenance and not Scripting or Design issues, so I'm sorta on my own.

    I'm sure if I need to change a PHP Config file, that wouldn't be too hard, but I would definitely need some help doing it!!!



    Debbie
  22. #12
  23. life isn't we think of it
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Jul 2003
    Location
    Kiev
    Posts
    2,027
    Rep Power
    55
    That sounds bad...
    I have already been posting these directives today to Devshed, but need to do it once more. Add it on top of your problematic script and make sure Web Server can write to 'your-log':
    PHP Code:
    error_reporting(E_ALL E_STRICT);
    ini_set('log_errors'1);
    ini_set('display_errors'0);
    ini_set('error_log''your-log'); 
  24. #13
  25. Sarcky
    Devshed Supreme Being (6500+ posts)

    Join Date
    Oct 2006
    Location
    Pennsylvania, USA
    Posts
    10,850
    Rep Power
    6351
    There's absolutely nothing wrong with your regex, nor is there anything wrong with regex in general. Like requinix said, it's probably not this.

    You say your error stops at <body>, yet <body> is not in your code sample here.

    Scatter echoes throughout your script to make SURE you know which line is failing.

    Add the error-reporting code that's been provided.

    Make sure you understand what's happening when this crash occurs. Errors in the logs, errors on the screen, or system errors should appear if something goes wrong.

    Your script may be segmentation faulting (which would only show up in the system error logs) but since you're getting output and I assume you're not using ob_flush, it's probably not that.

    Your script is designed to process authorizenet transactions, you say. There's a reason those are usually done asynchronously behind the scenes. As you may have already discovered, authorizenet is a big steaming pile or something unpleasant that I'm not allowed to say on here. It's possible they're simply taking so long to respond that your script times out. Adding echoes before and after the authorizenet call will help you determine this.

    Yet at the same time, I feel my code and set-up is very safe since I am using Authorize.net.
    Nonsense. Sorry, I'm not trying to be mean, but what you're saying is akin to saying "I may not know anything about construction or architecture, but the prison I just built is very secure because the locks on the doors are Master brand." Your code is only as secure as YOU can make it. Stop using authorizenet right now if you don't know enough security practices to properly secure a credit card database. You've already posted the fact that you're not good at security AND that you're processing credit cards on a public forum. I bet if I googled your username I'd figure out what website you were trying to make, and I bet even more that 15 minutes at a terminal would get me access to your database. Use google checkout or paypal until you're confident in your database security.


    This is on my web host so it is difficult. [...] And even if I have a Managed Server, I know my web host will only help with basic server maintenance and not Scripting or Design issues, so I'm sorta on my own.
    It sounds like you have an unmanaged host. You should know how to handle one if you have one, but since you don't, ask in the linux forum and/or buy a basic linux how-to book. You should be able to find and access files, move files, search for items within files, and perform basic networking tasks from the command line. Personally, I spend the majority of my day actively developing on the command line, including source control, network configuration, and systems administration.

    As a final note...there's no reason to sanitize these fields the way you're doing it at all unless authorizenet is specifically requiring you to. What if one of your customers is german and his firstname contains a ? You'll just annoy him for no reason.

    -Dan

    Comments on this post

    • romalong agrees
    HEY! YOU! Read the New User Guide and Forum Rules

    "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin

    "The greatest tragedy of this changing society is that people who never knew what it was like before will simply assume that this is the way things are supposed to be." -2600 Magazine, Fall 2002

    Think we're being rude? Maybe you asked a bad question or you're a Help Vampire. Trying to argue intelligently? Please read this.
  26. #14
  27. Permanently Banned
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2010
    Posts
    92
    Rep Power
    0
    GoDaddy may well be running Apache 1 on your server (they still do this)
  28. #15
  29. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    55
    Rep Power
    0
    Hi maniac!


    Originally Posted by ManiacDan
    There's absolutely nothing wrong with your regex, nor is there anything wrong with regex in general. Like requinix said, it's probably not this.
    That's good.

    BTW, I *think* I figured things out, but am going to read and reply to your response since you took so much time. (Thanks!!)

    (I also need help with preventing this again!!)


    Part of my problem is that I just got a VPS, know nothing about Linux, and am finding out that GoDaddy support and Plesk are useless?! (The response I keep getting is, "Go into SSH and do it yourself or pay us $50...")

    So I was able to get help finding an error_log in Plesk. (No clue what creates it or where it is in Linux?!)


    In Plesk I identified this random message...

    [Sat Apr 09 19:48:50 2011] [error] [client XXX.XXX.XXX.XXX] PHP Fatal error: Call to undefined function filter_var() in /var/www/vhosts/MyWebsite.com/httpdocs/index.php on line 198, referer: http://w w w .MyWebsite.com/

    So it is my guess that that was causing the white page because it crashed my script?!


    GoDaddy says I have PHP 5.1.6, and from my research that version apparently does not like the function filter_var()?!

    More later...



    You say your error stops at <body>, yet <body> is not in your code sample here.
    The last HTML I saw in "View Source Code" was the <body> tag...


    Your script is designed to process authorizenet transactions, you say. There's a reason those are usually done asynchronously behind the scenes. As you may have already discovered, authorizenet is a big steaming pile or something unpleasant that I'm not allowed to say on here. It's possible they're simply taking so long to respond that your script times out. Adding echoes before and after the authorizenet call will help you determine this.
    I disagree there. ("Internet Secure" is a big steaming pile... I gave up on it and switched to Authorize.net this week and it is a breeze compared to the hell I was in with "Internet Secure"!!)


    Nonsense. Sorry, I'm not trying to be mean, but what you're saying is akin to saying "I may not know anything about construction or architecture, but the prison I just built is very secure because the locks on the doors are Master brand." Your code is only as secure as YOU can make it. Stop using authorizenet right now if you don't know enough security practices to properly secure a credit card database.
    Who is using a database??? (Let's not put words into my mouth.)


    You've already posted the fact that you're not good at security AND that you're processing credit cards on a public forum. I bet if I googled your username I'd figure out what website you were trying to make, and I bet even more that 15 minutes at a terminal would get me access to your database. Use google checkout or paypal until you're confident in your database security.
    Hello...


    It sounds like you have an unmanaged host. You should know how to handle one if you have one, but since you don't, ask in the linux forum and/or buy a basic linux how-to book. You should be able to find and access files, move files, search for items within files, and perform basic networking tasks from the command line. Personally, I spend the majority of my day actively developing on the command line, including source control, network configuration, and systems administration.
    I'll get there with time...


    As a final note...there's no reason to sanitize these fields the way you're doing it at all unless authorizenet is specifically requiring you to. What if one of your customers is german and his firstname contains a ? You'll just annoy him for no reason.

    -Dan
    It *is* required and I won't have any German customers unless they live in the U.S.


    Now that we have the scolding out of the way...



    Add the error-reporting code that's been provided.

    Make sure you understand what's happening when this crash occurs. Errors in the logs, errors on the screen, or system errors should appear if something goes wrong.

    Your script may be segmentation faulting (which would only show up in the system error logs) but since you're getting output and I assume you're not using ob_flush, it's probably not that.
    What I could use help with now is this...

    Logging errors is one thing, but what I need is an error-handler that kicks in and displays "We're sorry, a system error has occurred. Please contact the administrator." and exits gracefully.

    Having a white screen appear because my code puked is unacceptable, but I'm uncertain how to create an Error-Handler on a production site.


    Some help with this would make me a better PHP programmer and have a nicer and safer site.

    Thanks,



    Debbie

    P.S. So I just wrote a Regular Expression to replace this non-supported Email Filter thingy I was hoping to use. Am testing it now and it seems to work okay.
Page 1 of 2 12 Last
  • Jump to page:

IMN logo majestic logo threadwatch logo seochat tools logo