I have register_globals set to "Off"
I am trying to use the recommended method from Larry Ullman:
1) If possible, edit the php.ini file so that register_globals is set to On, then restart your Web server. This is the easier, but less secure, option.
2) Rewrite scripts so that instead of referring to $variable, you use $HTTP_POST_VARS['variable'], $HTTP_GET_VARS['variable'], $POST['variable'], or $GET['variable']. If your form uses the POST method, use $HTTP_POST_VARS['variable']; if your form uses the GET method (or you have the ?variable=value URL), use $HTTP_GET_VARS['variable']. If you have version 4.2 or later of PHP, use $POST and $GET accordingly.
My Form code is this:
<html>
<head>
<title>Book-O-Rama - New Book Entry</title>
</head>
<body>
<h1>Book-O-Rama - New Book Entry</h1>
<form action="insert_book.php" method="post">
<table border=0>
<tr><td>ISBN</td><td><input type=text name=isbn maxlength=13 size=13><br></td></tr>
<tr><td>Author</td><td> <input type=text name=author maxlength=30 size=30><br></td></tr>
<tr><td>Title</td><td> <input type=text name=title maxlength=60 size=30><br></td></tr>
<tr><td>Price $</td><td><input type=text name=price maxlength=7 size=7><br></td></tr>
<tr><td colspan=2><input type=submit name="bookentry" value="Register"></td></tr>
</table>
</form>
</body>
</html>
My php code is this:
<html>
<head>
<title>Book-O-Rama Book Entry Results</title>
</head>
<body>
<h1>Book-O-Rama Book Entry Results</h1>
<?
// Set the variables for the database access:
//$isbn = addslashes($isbn);
//$author = addslashes($author);
//$title = addslashes($title);
//$price = doubleval($price);
$Host = "localhost";
$User = "billbb";
$Password = "billbb";
$DBName = "books";
$TableName = "books";
$Link = mysql_connect ($Host, $User, $Password);
if (!$Link)
{
echo "Error: Could not connect to database. Please try again later.";
exit;
}
if(isset($_POST['bookentry']))
{
echo "You have entered all the required details.<BR>";
}
//for new PHP
$isbn=$_POST[isbn];
$author=$_POST[author];
$title=$_POST[title];
$price=$_POST[price];
mysql_select_db("books", $Link);
$Query = "insert into books ('isbn', 'author', 'title', 'price')
values ('$isbn','$author','$title','$price')";
print ("The query is:<BR>$Query<P>\n");
if (mysql_db_query ($DBName, $Query, $Link)) {
print ("The query was successfully executed!<BR>\n");
} else {
print ("The query could not be executed!<BR>\n");
}
?>
</body>
</html>
My error message is this:
You have entered all the required details.
The query is:
insert into books ('isbn', 'author', 'title', 'price') values ('0-677-12345-1','bill','new','10.00')
The query could not be executed!
Can you tell me what is missing in my code?
Thanks.
