John R. Sims, Jr. wrote:
 Martin; I have taken your advice and read both of the articles, but
unfortunately I have not been able to find what needs to be changed.  As I
mentioned, I am very new at this.

Could you possibly look at the script and point me in the right direction?
</head>  <?php
// Set the page title and include the HTML header.
$page_title = 'Wireless Neighborhoods';
include_once ('include/header.html');

$db_connection = mysql_connect ('', 'scfn',
'scfn75') or die (mysql_error());
$db_select = mysql_select_db('scfn') or die (mysql_error());
// If the form was submitted, process it.

if (isset($submit)) {
        $query = "insert into case_note values ('0', '$id',NOW(),
NOW(),'$cmanager', '$location', '$purpose', '$present', '$subject',
        if (@mysql_query ($query)) {
                echo 'A Case Note has been added.';
        } else {
                echo 'The case note could not be added.' . mysql_error();

It looks like you are using register_globals on your development machine. You'll likely find it easier to write safer/cleaner PHP scripts if you don't rely on this.

though register globals itself isn't strictly a security issue, it is a convenience that can cause unwanted/undue variable namespace pollution. I'd recommend you disable it on your development machine ( in your php.ini configuration file ) and then you'll have to set about changing any variables that are coming from get/post - e.g.
if (isset($submit)) {
if (isset($_POST['submit'])) {
and the likes.

It's odd that your PHP 5 installation has this enabled - the default changed to it being off in PHP 4.2.0, and certainly hasn't changed back.

- Martin Norland, Sys Admin / Database / Web Developer, International Outreach x3257
The opinion(s) contained within this email do not necessarily represent those of St. Jude Children's Research Hospital.

PHP Database Mailing List (
To unsubscribe, visit:

Reply via email to