John R. Sims, Jr. wrote:
> Martin; I have taken your advice and read both of the articles, but
> unfortunately I have not been able to find what needs to be changed. As I
> mentioned, I am very new at this.
>
> Could you possibly look at the script and point me in the right direction?
[snip]
> </head> <?php
> // Set the page title and include the HTML header.
> $page_title = 'Wireless Neighborhoods';
> include_once ('include/header.html');
>
> $db_connection = mysql_connect ('db.wireless-neighborhoods.org', 'scfn',
> 'scfn75') or die (mysql_error());
> $db_select = mysql_select_db('scfn') or die (mysql_error());
> // If the form was submitted, process it.
>
> if (isset($submit)) {
> $query = "insert into case_note values ('0', '$id',NOW(),
> NOW(),'$cmanager', '$location', '$purpose', '$present', '$subject',
> '$note')";
> if (@mysql_query ($query)) {
> ààecho 'A Case Note has been added.';
> } else {
> ààecho 'The case note could not be added.' . mysql_error();
> }
> }
>
> ?>
[snip]
It looks like you are using register_globals on your development
machine. You'll likely find it easier to write safer/cleaner PHP
scripts if you don't rely on this.
http://us2.php.net/register_globals
though register globals itself isn't strictly a security issue, it is a
convenience that can cause unwanted/undue variable namespace pollution.
I'd recommend you disable it on your development machine ( in your
php.ini configuration file ) and then you'll have to set about changing
any variables that are coming from get/post - e.g.
if (isset($submit)) {
becomes
if (isset($_POST['submit'])) {
and the likes.
It's odd that your PHP 5 installation has this enabled - the default
changed to it being off in PHP 4.2.0, and certainly hasn't changed back.
cheers,
--
- Martin Norland, Sys Admin / Database / Web Developer, International
Outreach x3257
The opinion(s) contained within this email do not necessarily represent
those of St. Jude Children's Research Hospital.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
**********************************************************************
IMPORTANT NOTICE
This communication is for the exclusive use of the intended recipient(s)
named above. If you receive this communication in error, you should
notify the sender by e-mail or by telephone (+44) 191 224 4461, delete
it and destroy any copies of it.
This communication may contain confidential information and material
protected by copyright, design right or other intellectual property
rights which are and shall remain the property of Piranha Studios
Limited. Any form of distribution, copying or other unauthorised use
of this communication or the information in it is strictly prohibited.
Piranha Studios Limited asserts its rights in this communication and
the information in it and reserves the right to take action against
anyone who misuses it or the information in it.
Piranha Studios Limited cannot accept any liability sustained as a
result of software viruses and would recommend that you carry out your
own virus checks before opening any attachment.
************************************************************************
<<<<GWAVAsig>>>>
AdmID:A00631876AE75ABACF5876E2D91276D2
**********************************************************************
IMPORTANT NOTICE
This communication is for the exclusive use of the intended recipient(s)
named above. If you receive this communication in error, you should
notify the sender by e-mail or by telephone (+44) 191 224 4461, delete
it and destroy any copies of it.
This communication may contain confidential information and material
protected by copyright, design right or other intellectual property
rights which are and shall remain the property of Piranha Studios
Limited. Any form of distribution, copying or other unauthorised use
of this communication or the information in it is strictly prohibited.
Piranha Studios Limited asserts its rights in this communication and
the information in it and reserves the right to take action against
anyone who misuses it or the information in it.
Piranha Studios Limited cannot accept any liability sustained as a
result of software viruses and would recommend that you carry out your
own virus checks before opening any attachment.
************************************************************************
<<<<GWAVAsig>>>>
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php