Help with register_globals

twkie

Hi everyone! I am new to php and am having a heck of a time with a some code which I pieced together. Here's the problem - The code works with register_globals = On but since that is a big security issue, but I can't get it to work with register_globals = Off. I googled for tips and ideas but got nothing. I check php.net but still couldn't figure it out. Any help on getting my code working would be really really appreciated!

Here is my code (some stripped out because of post length):

<?php 
if($_GET["cmd"]=="edit" || $_POST["cmd"]=="edit")
{
   //then connect as user
	//change user and password to your mySQL name and password
	mysql_connect("x","x","x"); 

//select which database you want to edit
mysql_select_db("x") or die("Unable to select database");

   if (!isset($_POST["submit"]))
   {
      $id = $_GET["id"];
      $sql = "SELECT * FROM parks WHERE id=$id";
      $result = mysql_query($sql);        

      $myrow = mysql_fetch_array($result);

?>
<html>
<head>
</head>
<body>
<form method="post" action="parksedit.php">
<input type=hidden name="id" value="<?php echo $myrow["id"] ?>"/>
  <table cellspacing="0" cellpadding="0">
    <tr>
      <td><div class="label">Park Name:</div></td>
      <td><input name="park_name" class="entry" type="text" value="<?php echo $myrow["park_name"] ?>" size="60"/></td>
    </tr>
    <tr>
      <td><div class="label">Street:</div></td>
      <td><input name="street" class="entry" type="text" value="<?php echo $myrow["street"] ?>" size="60"/></td>
    </tr>
    <tr>
      <td><div class="label">City:</div></td>
      <td><input name="city" class="entry" type="text" value="<?php echo $myrow["city"] ?>" size="40" /></td>
    </tr>
    <tr>
      <td><div class="label">State:</div></td>
      <td><select name="state">
      <option value="<?php echo $myrow["state"] ?>" selected="selected"><?php echo $myrow["state"] ?></option>
          <option value="AL">AL</option>
           ...
        </select></td>
    </tr>
    <tr>
      <td><div class="label">Zip Code:</div></td>
      <td><input name="zip" class="entry" type="text" value="<?php echo $myrow["zip"] ?>" size="10"/></td>
    </tr>
    <tr>
      <td><div class="label">Maps:</div></td>
      <td><textarea name="maps" cols="60" rows="4"><?php echo $myrow["maps"] ?></textarea></td>
    </tr>
    <tr>
      <td><div class="label">Map Iframe Code:</div></td>
      <td><textarea name="map_code" cols="60" rows="4"><?php echo $myrow["map_code"] ?></textarea></td>
    </tr>
    <tr>
      <td><div class="label">Photos:</div></td>
      <td><textarea name="photos" cols="60" rows="4"><?php echo $myrow["photos"] ?></textarea></td>
    </tr>
    <tr>
      <td><div class="label">Park Features:</div></td>
      <td><div style="float:left">
          <input name="artwork" class="entry" type="text" size="1" value="<?php echo $myrow["artwork"] ?>" />
          Artwork<br />
          <input name="baseball_fields" class="entry" type="text" size="1" value="<?php echo $myrow["baseball_fields"] ?>" />
          Baseball Fields<br />
          <input name="basketball_courts" class="entry" type="text" size="1" value="<?php echo $myrow["basketball_courts"] ?>" />
          Basketball Courts<br />
          <input name="beach_area" class="entry" type="text" size="1" value="<?php echo $myrow["beach_area"] ?>" />
          Beach Area<br />
          <input name="camping" class="entry" type="text" size="1" value="<?php echo $myrow["camping"] ?>" />
          Camping<br />
          <input name="canoeing" class="entry" type="text" size="1" value="<?php echo $myrow["canoeing"] ?>" />
          Canoeing<br />
          <input name="cross_country_skiing" class="entry" type="text" size="1" value="<?php echo $myrow["cross_country_skiing"] ?>" />
          Cross Country Skiing<br />
          <input name="dog_recreation_area" class="entry" type="text" size="1" value="<?php echo $myrow["dog_recreation_area"] ?>" />
          Dog Recreation Area<br />
          <input name="fishing" class="entry" type="text" size="1" value="<?php echo $myrow["fishing"] ?>" />
          Fishing<br />
          <input name="flower_gardens" class="entry" type="text" size="1" value="<?php echo $myrow["flower_gardens"] ?>" />
          Flower Gardens</div>
        <div style="float:left;  margin-left:45px">
          <input name="frisbee_golf" class="entry" type="text" size="1" value="<?php echo $myrow["frisbee_golf"] ?>" />
          Frisbee Golf<br />
          <input name="hiking_trails" class="entry" type="text" size="1" value="<?php echo $myrow["hiking_trails"] ?>" />
          Hiking Trails<br />
          <input name="nature_center" class="entry" type="text" size="1" value="<?php echo $myrow["nature_center"] ?>" />
          Nature Center<br />
          <input name="park_playfield" class="entry" type="text" size="1" value="<?php echo $myrow["park_playfield"] ?>" />
          Park Playfield<br />
          <input name="passive_green_space" class="entry" type="text" size="1" value="<?php echo $myrow["passive_green_space"] ?>" />
          Passive Green Space<br />
          <input name="picnic_facilities" class="entry" type="text" size="1" value="<?php echo $myrow["picnic_facilities"] ?>" />
          Picnic Facilities<br />
          <input name="playground_equipment" class="entry" type="text" size="1" value="<?php echo $myrow["playground_equipment"] ?>" />
          Playground Equipment<br />
          <input name="restrooms" class="entry" type="text" size="1" value="<?php echo $myrow["restrooms"] ?>" />
          Restrooms<br />
          <input name="shelters" class="entry" type="text" size="1" value="<?php echo $myrow["shelters"] ?>" />
          Shelters</div>
        <div style="float:left;  margin-left:45px">
          <input name="shelters_electricity" class="entry" type="text" size="1" value="<?php echo $myrow["shelters_electricity"] ?>" />
          Shelters with Electricity<br />
          <input name="skating_rinks" class="entry" type="text" size="1" value="<?php echo $myrow["skating_rinks"] ?>" />
          Skating Rinks<br />
          <input name="softball_fields" class="entry" type="text" size="1" value="<?php echo $myrow["softball_fields"] ?>" />
          Softball Fields<br />
          <input name="softball_fields_lighted" class="entry" type="text" size="1" value="<?php echo $myrow["softball_fields_lighted"] ?>" />
          Softball Fields (Lighted)<br />
          <input name="swimming" class="entry" type="text" size="1" value="<?php echo $myrow["swimming"] ?>" />
          Swimming<br />
          <input name="tennis_courts" class="entry" type="text" size="1" value="<?php echo $myrow["tennis_courts"] ?>" />
          Tennis Courts<br />
          <input name="tennis_courts_lighted" class="entry" type="text" size="1" value="<?php echo $myrow["tennis_courts_lighted"] ?>" />
          Tennis Courts Lighted<br />
          <input name="volleyball" class="entry" type="text" size="1" value="<?php echo $myrow["volleyball"] ?>" />
          Volleyball<br />
          <input name="zoo" class="entry" type="text" size="1" value="<?php echo $myrow["zoo"] ?>" />
          Zoo</div></td>
    </tr>
    <tr>
      <td><div class="label">Information:</div></td>
      <td><textarea name="information" cols="60" rows="4" style="width:500px"><?php echo $myrow["information"] ?></textarea></td>
    </tr>
    <tr>
      <td colspan="2"><div style="text-align:center">
      	  <input type="hidden" name="cmd" value="edit"/>
          <input name="submit" type="submit" value="UPDATE"/>
        </div></td>
    </tr>
  </table>
</form>
</body>
</html>

<?php } ?>

<?php
   if ($_POST["$submit"])
   {

//convert all the posts to variables:
$park_name = addslashes($_POST['park_name']);
$street = addslashes($_POST['street']);
$city = addslashes($_POST['city']);
$state = $_POST['state'];
$zip = $_POST['zip'];
$maps = addslashes($_POST['maps']);
$map_code = $_POST['map_code'];
$photos = addslashes($_POST['photos']);
$artwork = $_POST['artwork'];
$baseball_fields = $_POST['baseball_fields'];
$basketball_courts = $_POST['basketball_courts'];
$beach_area = $_POST['beach_area'];
$camping = $_POST['camping'];
$canoeing = $_POST['canoeing'];
$cross_country_skiing = $_POST['cross_country_skiing'];
$dog_recreation_area = $_POST['dog_recreation_area'];
$fishing = $_POST['fishing'];
$flower_gardens = $_POST['flower_gardens'];
$frisbee_golf = $_POST['frisbee_golf'];
$hiking_trails = $_POST['hiking_trails'];
$nature_center = $_POST['nature_center'];
$park_playfield = $_POST['park_playfield'];
$passive_green_space = $_POST['passive_green_space'];
$picnic_facilities = $_POST['picnic_facilities'];
$playground_equipment = $_POST['playground_equipment'];
$restrooms = $_POST['restrooms'];
$shelters = $_POST['shelters'];
$shelters_electricity = $_POST['shelters_electricity'];
$skating_rinks = $_POST['skating_rinks'];
$softball_fields = $_POST['softball_fields'];
$softball_fields_lighted = $_POST['softball_fields_lighted'];
$swimming = $_POST['swimming'];
$tennis_courts = $_POST['tennis_courts'];
$tennis_courts_lighted = $_POST['tennis_courts_lighted'];
$volleyball = $_POST['volleyball'];
$zoo = $_POST['zoo'];
$information = addslashes($_POST['information']);

   //Insert the values into the correct database with the right fields
   $sql = "UPDATE parks SET (park_name='$park_name',street='$street',...,information='$information' WHERE id=$id";
      //replace news with your table name above
      $result = mysql_query($sql);
      echo "<strong>$park_name</strong> has been updated!<br /><br /><a href=\"adminparklist.php\">&laquo; Return to MAIN</a>";
	}
}
?>

dagon

if ($_POST["$submit"])

should be

if ($_POST["submit"])

nothing else strikes me, how about describing the exact problem.

twkie

Thanks for the quick reply. I took out the $ from $submit and now the page actually displays, however the database is not updated. With register_globals = On and the "if ($POST["$submit"])" the page updates the database. Do you have any ideas on why the info is not being updated with register_globals = Off and "if ($POST["submit"])"? I would hate to use globals but the most important thing is to be able to update my database.

If you have any other suggestions on how I could accomplish this, please let me know.

dagon

change
$result = mysql_query($sql);

$result = mysql_query($sql) or die('ERROR -- sql_bounce' . mysql_error());

and echo out the $sql.

twkie

Ok. I did what you said and got "ERROR -- sql_bounceYou have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '(park_name='bobs park',street='811',city='Manju',state='DC',zip='46777',maps='',' at line 1".

I have MySQL version 5.1.3. Still haven't figured out what I did wrong. If it helps I have attached my db table structure. Thanks.

dagon

look at the proper syntax for update

twkie

I looked at the syntax and from what I can see it is correct. The only thing I am not sure about is if it matters the mysql data type I am trying to update.

dagon, thanks for all the help, but I think I might have to through in the towel and make updates to the db and php files by hand. I just can't figure it out.

dagon

post your $sql.

twkie

I took out the parentheses in my UPDATE parks SET ( ... ) WHERE id=$id because it looked wrong.

Now this is $sql:
ERROR -- sql_bounceYou have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

I have attached an example of the type of data I that is stored and I am trying to update.

dagon

look at the single and double quotes

twkie

Would that be a problem with the
$sql = "UPDATE parks SET...
or the values in my database so I would need something like mysql_real_escape_string() when adding the values to the db?