----- Original Message ----- From: "Joseph, Smile Poet"
I admire your perseverance Joe :-) stick to it and we will make you some kind of a programmer!
$query="INSERT INTO contacts VALUES('','$first','$last','$phone','$mobile','$fax','$e-mail','$web') ";
php now installs by default in something called "safe mode" and will no longer take a form value 'first' and automatically create a variable $first, as it used to at the time when your tutorial was written.
This is because of register_globals being set to off by default now.
The reason is security - php would take a POST value 'first' from your form and make it $first, or it would take a GET value 'first' from a querystring and make it $first, or a cookie called 'first' and make it $first, or a session variable called $first as well. The Web page might have already put the price in $price as $100, along comes sneaky hacker and adds ?price=1 to the URL of the next page and there goes the data integrity.
So now, all POST variables go into an array called $HTTP_POST_VARS, the query string into $HTTP_GET_VARS etc and if you want to use the value of the form field 'first', you have to use $HTTP_POST_VARS["first"] (note: no dollar in front of "first" there!)
You can either change your code above to this:
$query="INSERT INTO contacts VALUES(" . "'', '$HTTP_POST_VARS["first"], " . "$HTTP_POST_VARS["last"], " . etc
...or just get the values first like this:
$first = $HTTP_POST_VARS["first"]; $last = $HTTP_POST_VARS["last"]; etc
php is trying to get away from $HTTP_GET/POST_VARS. If you're using a version in which globals are off by default, you can use the global arrays....
$_POST[] $_GET[] $_REQUEST[]
So on, and so forth. To further enhance security, and since this data is to be entered into a db, you should add slashes to the user input (stops errors when trying to insert data with certain special characters, and kills users from hijacking your db)....
$first = addslashes ( $_POST['first'] );
Course, it would be easier to write a routine which goes thru the entire _POST array to do this....
foreach ( $_POST as $key => $value ) {
$$key = addslashes ( $value );
}Now you will have variable names the same as your form input names, and you won't get any Notice's for undefined variables.
-- By-Tor.com It's all about the Rush http://www.by-tor.com
____ • The WDVL Discussion List from WDVL.COM • ____
To Join wdvltalk, Send An Email To: mailto:[EMAIL PROTECTED] Send Your Posts To: [EMAIL PROTECTED]
To set a personal password send an email to [EMAIL PROTECTED] with the words: "set WDVLTALK pw=yourpassword" in the body of the email.
To change subscription settings to the wdvltalk digest version:
http://wdvl.internet.com/WDVL/Forum/#sub
________________ http://www.wdvl.com _______________________
You are currently subscribed to wdvltalk as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED]
To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016
Please include the email address which you have been contacted with.
