Register Globals OFF - argghhh!

beardo

Ok, I understand that you need to use $_POST etc with register globals off. But what about when you need to do something like this:

$_POST[count_cl]+=1; 
    for ($i=1; $i<$_POST[count_cl]; $i++) { 

    if ($_POST[delete_$i] == "Delete") { 
    $sql = "UPDATE country SET zone_id='0', tax_rate='0', ship_to='N' WHERE country_id='$_POST[country_id_$i]'"; 
echo "$sql (x1)"; 
        $result = @mysql_query($sql,$connection) or die("Couldn't delete the line."); 
        } 
        else { 
        $sql = "UPDATE country SET tax_rate='$_POST[tax_rate_$i]' WHERE country_id='$_POST[country_id_$i]'"; 
echo "$sql (x2)"; 
        $result = @mysql_query($sql,$connection) or die("Couldn't do update!"); 
        } 
    }

I can't find out how you work with variable names that change within a loop. These have an integar appended to the end that increases by one on every loop. There seems to be no way of dealing with these with Register Globals OFF!

Thanks

Mordecai

You're missing quotes up the yin-yang. Here are examples that should shed some light:
$POST['value']
$POST['value'.$i']
$_POST['a'.$b.'c'.$d.'e'.$f]

MarkR

Firstly, it is not illegal to assign other variables to values from $_POST. Example:

$count = $_POST['count_cl'];

If you are using the same post value twice or more, you should definitely consider doing this for readability purposes.

Secondly, you should ABSOLUTELY NOT use barewords as literal strings. Quote them instead.

I'd strongly recommend that you look at your PHP error log frequently during development. Try to ensure that your application runs with no PHP notices or warnings during normal operation. This will ensure that if unexpected behaviour happens, it is noticed more easily.

If something you're doing causes a warning when it's running properly, suppress it using @

Mark

drawmack

all cleaned up

//always quote index names so you don't get notice errors
$_POST['count_cl']+=1; 
    for ($i=1; $i<$_POST[count_cl]; $i++) { 
        $del_val = 'delete_' . $i;
        $cty_val = 'country_id_' . $i;
        $tax_rate = 'tax_rate_' . $i;
        if ($_POST[$del_val] == "Delete") { 
            $sql = "UPDATE country SET zone_id='0', tax_rate='0', ship_to='N' WHERE country_id='" . $_POST[$cty_val] . "'"; 
echo "$sql (x1)"; 
            $result = @mysql_query($sql,$connection) or die("Couldn't delete the line."); 
        } else { 
            $sql = "UPDATE country SET tax_rate = '" . $_POST[$tax_rate] . "' WHERE country_id = '" . $_POST[$cty_val] . "'"; 
echo "$sql (x2)"; 
            $result = @mysql_query($sql,$connection) or die("Couldn't do update!"); 
        } //end if
    } //end for

ahundiak

You might also take a look at how php treats html elements as arrays if you add [] to the name.

<input type="text" name="city[]" />
<input type="text" name="city[]" />
...
$citys = $_POST['city']; / An array /