[snip]Martin; I have taken your advice and read both of the articles, but unfortunately I have not been able to find what needs to be changed. As I mentioned, I am very new at this.
Could you possibly look at the script and point me in the right direction?
[snip]</head> <?php // Set the page title and include the HTML header. $page_title = 'Wireless Neighborhoods'; include_once ('include/header.html');
$db_connection = mysql_connect ('db.wireless-neighborhoods.org', 'scfn', 'scfn75') or die (mysql_error()); $db_select = mysql_select_db('scfn') or die (mysql_error()); // If the form was submitted, process it.
if (isset($submit)) { $query = "insert into case_note values ('0', '$id',NOW(), NOW(),'$cmanager', '$location', '$purpose', '$present', '$subject', '$note')"; if (@mysql_query ($query)) { echo 'A Case Note has been added.'; } else { echo 'The case note could not be added.' . mysql_error(); } }
?>
It looks like you are using register_globals on your development machine. You'll likely find it easier to write safer/cleaner PHP scripts if you don't rely on this.
http://us2.php.net/register_globals
though register globals itself isn't strictly a security issue, it is a convenience that can cause unwanted/undue variable namespace pollution. I'd recommend you disable it on your development machine ( in your php.ini configuration file ) and then you'll have to set about changing any variables that are coming from get/post - e.g.
if (isset($submit)) {
becomes
if (isset($_POST['submit'])) {
and the likes.
It's odd that your PHP 5 installation has this enabled - the default changed to it being off in PHP 4.2.0, and certainly hasn't changed back.
cheers,
--
- Martin Norland, Sys Admin / Database / Web Developer, International Outreach x3257
The opinion(s) contained within this email do not necessarily represent those of St. Jude Children's Research Hospital.
-- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
