declaration of variables conffusion
Posted: Sat Aug 04, 2007 9:55 am
Hi there,
I'm trying to keep register globals turned off and am working towards changing some basic forms to be safe and correct, however im having some difficulty with 2 variables now being properly declaired. I have tried making them global and calling them in my query but i'm still getting the following warnings plus the values "news_title" and "text" appear in the columns "news_title" and "text" in my MySQL db.
Notice: Undefined variable: values in /var/www/html/secure/admin/processing/action.php on line 58
Notice: Undefined variable: fieldnames in /var/www/html/secure/admin/processing/action.php on line 59
Extract from action.php [NB: the DB_SERVER etc are declared in a seperate include file]
form part of posting document:
Any sugestions as to how best to handle these variables would be much appreciated 
I'm trying to keep register globals turned off and am working towards changing some basic forms to be safe and correct, however im having some difficulty with 2 variables now being properly declaired. I have tried making them global
Code: Select all
global $values, $fieldnamesCode: Select all
$GLOBALS['values'] $GLOBALS['fieldnames']Notice: Undefined variable: values in /var/www/html/secure/admin/processing/action.php on line 58
Notice: Undefined variable: fieldnames in /var/www/html/secure/admin/processing/action.php on line 59
Extract from action.php [NB: the DB_SERVER etc are declared in a seperate include file]
Code: Select all
<?php
if(isset($_POST['create']))$create=$_POST['create'];
if(isset($_POST['form_type']))$form_type=$_POST['form_type'];
if(isset($_POST['refresh']))$refresh=$_POST['refresh'];
if(isset($_POST['date_updated']))$date_updated=$_POST['date_updated'];
if(isset($_POST['news_title']))$news_title=$_POST['news_title'];
if(isset($_POST['text']))$text=$_POST['text'];
// Database Connection
$link = mysql_pconnect(DB_SERVER, DB_USER, DB_PASS) or die(mysql_error());
mysql_select_db(DB_NAME) or die(mysql_error());
// Get Field and Coloum Counts
$fields = mysql_list_fields(DB_NAME, $_POST['table'], $link);
$columns = mysql_num_fields($fields);
// If form_type is CREATE
if ($_POST['form_type'] == 0) {
// Build up Field Lists and remove trailing comma etc, Also leaves field 0 blank, i.e. auto increment id.
$i = 1;
while ($i < $columns) {
if ($i == ($columns - 1)) {
$data = mysql_field_name($fields, $i);
$values .= "'" . $data . "'";
$fieldnames .= mysql_field_name($fields, $i) . "";
} else if ($i == 0) {
$data = mysql_field_name($fields, $i);
$values .= "'" . '' . "',";
$fieldnames .= mysql_field_name($fields, $i) . ",";
} else {
$data = mysql_field_name($fields, $i);
$values .= "'" . $data . "',";
$fieldnames .= mysql_field_name($fields, $i) . ",";
}
$values = str_replace("\n", "<br>", $values);
$i++;
}
$query = 'INSERT INTO `'.$_POST['table'].'` ('.$fieldnames.') VALUES('.$values.');';
$result = mysql_query($query) or die('Error: Inserting Data into `'.$_POST[table].'` <br><br>' . mysql_error());
// If form_type is UPDATE
} else if ($_POST['form_type'] == 1) {..........................Code: Select all
<form action="../processing/action.php" method="post" enctype="multipart/form-data" name="form">
<input name="news_title" type="text" id="news_title" size="70">
<textarea name="text" cols="70" rows="20" class="style_multiline_box" id="text"></textarea>
<input name="table" type="hidden" id="table" value="news">
<input name="form_type" type="hidden" id="form_type" value="0">
<input name="refresh" type="hidden" id="refresh" value="../news/editor.php">
<input name="date_updated" type="hidden" id="date_updated" value="<? echo date("d/m/Y");?>"></td>
<td><input type="submit" name="Submit" value="create">