/    Sign up×
Community /Pin to ProfileBookmark

[RESOLVED] How to adjust code for register_global disabled

Copy linkTweet thisAlerts:
May 26.2009

My hosting company just turned off register_globals and I’m having some problems with my codes. I have a big website with hundreds of pages of codes.

I’m not able to bypass this with htaccess, so I have to start redoing some of my codes.

I have an edit form that when called it will display a list of all the entries in a particular database table (mysql) with a link to edit an entry. When you click on a link the information is displayed in a form to edit it. When you submit it’s updated in the database.

You can also choose to delete the entry by clicking on a delete link. All this is handled on one page. Here’s the code:

[code=php]include(“includes/dbconnect.php”);

if(!isset($cmd)) {
$result = mysql_query(“select * from links order by id desc”);
while($r = mysql_fetch_array($result)) {
$name = stripslashes($r[‘name’]);
$link = stripslashes($r[‘link’]);
$type = stripslashes($r[‘type’]);
$id = $r[‘id’];

echo ”
<!–$id–> $name &nbsp;
<a href=’edit_link.php?cmd=edit&id=$id’>Edit</a> &nbsp;
<a href=’edit_link.php?cmd=delete&id=$id’>Delete</a>
“;
}
}

if($_GET[“cmd”]==”edit” || $_POST[“cmd”]==”edit”)
{
if (!isset($_POST[“submit”]))
{
$id = $_GET[“id”];
$sql = “SELECT * FROM links WHERE id=’$id'”;

$result = mysql_query($sql);
$myrow = mysql_fetch_array($result);

$name = stripslashes($myrow[‘name’]);
$link = stripslashes($myrow[‘link’]);
$type = stripslashes($myrow[‘type’]);
$id = $myrow[‘id’];

echo ”
<form action=’edit_link.php’ method=’post’>

–form edit entries–

<input type=’hidden’ name=’cmd’ value=’edit’>
<input type=’submit’ name=’submit’ value=’submit’>
</form>
“;
}

if ($_POST[“$submit”]) {
$name = escape_data($_POST[‘name’]);
$link = escape_data($_POST[‘link’]);
$type = escape_data($_POST[‘type’]);

$sql = “UPDATE links SET name=’$name’, link=’$link’, type=’$type’ WHERE id=’$id'”;
$result = mysql_query($sql);
echo “Link updated”;
}
}

if($_GET[“cmd”]==”delete”) {
$sql = “DELETE FROM links WHERE id=’$id'”;
$result = mysql_query($sql);

echo “Deleted”;
}[/code]

When the page is first called the database entry is displayed in a list and the list is all that is displayed. This is good. When you click on an edit link next to a name the form to edit the information is suppose to appear and the list is suppose to disappear. The form appears but the list remains.

Also, when you make the changes and hit submit the form is gone and the list is still there. I should be getting a message saying that the information has been updated or not, but I’m not – and the information is not being updated.

This edit form worked fine before register_globals was disabled but now it isn’t.

What changes should I make to fix this?

Thanks.
Alan P

to post a comment
PHP

5 Comments(s)

Copy linkTweet thisAlerts:
@ShortsMay 26.2009 — Would suggest for debugging, add a var_dump($_POST); inside your isset($_POST['submit'])

Doing the var_dump($_POST); and one for $_GET should help you see what is being sent and find out what's missing.

Looks like the $id isn't getting passed. $cmd has a hidden input, $id probably will need one too.
Copy linkTweet thisAlerts:
@NogDogMay 26.2009 — For a quick work-around, see [url=http://www.php.net/manual/en/function.import-request-variables.php]import_request_variables[/url]().
Copy linkTweet thisAlerts:
@Alan_PauthorMay 27.2009 — I know there was a problem with the "cmd" part in [code=php]edit_link.php?cmd=edit&id=$id[/code] which keep saying that it was undefined. I don't know what this means really because I thought it was being defined as "edit". I guess not.

Anyway I changed edit_links.php to this:[code=php]$name &nbsp;
[ <a href='update_link.php?id=$id'>Edit</a> ] &nbsp;
[ <a href='confirm_delete_link.php?id=$id'>Delete</a> ]<br><br>[/code]Now instead of using the "cmd" and keeping all the code on the same page the "id" is sent to another page (update_link.php) where the actual editing will take place.

However, on the update_link.php page the form is populated as it should be, but when I hit submit button the [B]name[/B], [B]link[/B] and [B]type[/B] information is deleted from the database. Only the id remains. Apparently the name, link and type variables aren't making it to the update script.

Any ideas as to what's going on? Below is the update_links.php code.
[code=php]//update_links.php
include('includes/dbconnect.php');

$id = $_GET["id"];
$query = "SELECT * FROM links WHERE id='$id'";
$result = mysql_query($query);
while ($row = mysql_fetch_array($result, MYSQL_ASSOC))
{
$name = stripslashes($row['name']);
$link = stripslashes($row['link']);
$type = stripslashes($row['type']);
$id = $row['id'];

echo "
<form action='update_link.php' method='post'>
<input type=hidden name='id' value='$id'>

Link Name:<br>
<INPUT TYPE='TEXT' NAME='name' VALUE="$name" SIZE='50'><br><br>

URL:<br>
<INPUT TYPE='TEXT' NAME='link' VALUE="$link" SIZE='50'><br><br>

Type: &nbsp;(Selected is current type)<br>
<select name='type'>
<option value='$type' selected='selected'>$type</option>

<option value='Editorial'>Editorial</option>
<option value='Informational'>Informational</option>
</select>

<br><br>

<input type='submit' name='submit' value='submit'>
</form>
";
}


if ($_POST["$submit"])
{
$id = $_POST['id'];
$name = escape_data($_POST['name']);
$link = escape_data($_POST['link']);
$type = escape_data($_POST['type']);

$query = "UPDATE links SET name='$name', link='$link', type='$type' WHERE id='$id'";
$result = mysql_query($query);
if (mysql_affected_rows() == 1)
{
echo "Link updated.";
}
else
{
echo "ERROR: Unable to updated.";
}
}[/code]

I found this on another site:

Register_globals should always be turned off; it is a security risk.

To access GET and POST variables, just use the following:
[code=php]$my_get_value = $_GET['somegetvariable'];
$my_post_value = $_POST['somepostvariable'];[/code] Outside of my using escape_data this is exactly what I'm doing, but it's not working.
Copy linkTweet thisAlerts:
@Alan_PauthorJun 04.2009 — I had my hosting company turn register_globals back on. According to what I read on the Internet on this subject I was already using the correct POST procedures[code=php]_$POST['subject'];[/code]but it still wasn't working. It works now and that's all I care about. So I'll just mark this thread resolved if I can figure out how to do so.

Thanks for all your help.

Alan P.
Copy linkTweet thisAlerts:
@ShortsJun 04.2009 — _$POST['subject']; should be $_POST['subject'];
×

Success!

Help @Alan_P spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.18,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...