I'm trying to keep register globals turned off and am working towards changing some basic forms to be safe and correct, however im having some difficulty with 2 variables now being properly declaired. I have tried making them global
Code: Select all
global $values, $fieldnamesCode: Select all
$GLOBALS['values'] $GLOBALS['fieldnames']Notice: Undefined variable: values in /var/www/html/secure/admin/processing/action.php on line 58
Notice: Undefined variable: fieldnames in /var/www/html/secure/admin/processing/action.php on line 59
Extract from action.php [NB: the DB_SERVER etc are declared in a seperate include file]
Code: Select all
<?php
if(isset($_POST['create']))$create=$_POST['create'];
if(isset($_POST['form_type']))$form_type=$_POST['form_type'];
if(isset($_POST['refresh']))$refresh=$_POST['refresh'];
if(isset($_POST['date_updated']))$date_updated=$_POST['date_updated'];
if(isset($_POST['news_title']))$news_title=$_POST['news_title'];
if(isset($_POST['text']))$text=$_POST['text'];
// Database Connection
$link = mysql_pconnect(DB_SERVER, DB_USER, DB_PASS) or die(mysql_error());
mysql_select_db(DB_NAME) or die(mysql_error());
// Get Field and Coloum Counts
$fields = mysql_list_fields(DB_NAME, $_POST['table'], $link);
$columns = mysql_num_fields($fields);
// If form_type is CREATE
if ($_POST['form_type'] == 0) {
// Build up Field Lists and remove trailing comma etc, Also leaves field 0 blank, i.e. auto increment id.
$i = 1;
while ($i < $columns) {
if ($i == ($columns - 1)) {
$data = mysql_field_name($fields, $i);
$values .= "'" . $data . "'";
$fieldnames .= mysql_field_name($fields, $i) . "";
} else if ($i == 0) {
$data = mysql_field_name($fields, $i);
$values .= "'" . '' . "',";
$fieldnames .= mysql_field_name($fields, $i) . ",";
} else {
$data = mysql_field_name($fields, $i);
$values .= "'" . $data . "',";
$fieldnames .= mysql_field_name($fields, $i) . ",";
}
$values = str_replace("\n", "<br>", $values);
$i++;
}
$query = 'INSERT INTO `'.$_POST['table'].'` ('.$fieldnames.') VALUES('.$values.');';
$result = mysql_query($query) or die('Error: Inserting Data into `'.$_POST[table].'` <br><br>' . mysql_error());
// If form_type is UPDATE
} else if ($_POST['form_type'] == 1) {..........................Code: Select all
<form action="../processing/action.php" method="post" enctype="multipart/form-data" name="form">
<input name="news_title" type="text" id="news_title" size="70">
<textarea name="text" cols="70" rows="20" class="style_multiline_box" id="text"></textarea>
<input name="table" type="hidden" id="table" value="news">
<input name="form_type" type="hidden" id="form_type" value="0">
<input name="refresh" type="hidden" id="refresh" value="../news/editor.php">
<input name="date_updated" type="hidden" id="date_updated" value="<? echo date("d/m/Y");?>"></td>
<td><input type="submit" name="Submit" value="create">