Training Help

I recently aquired a copy of the book PHP and Mysql web development by SAMS.

I have begun reading through it and it seems to be a very usefull book
however I started doing the first exersise which is a simple HTML Processor,
the HTML page is as follows:

<html>
<head>
<title>Bob's Auto Parts - Order Results</title>
</head>
<body>
<h1>Bob's Auto Parts</h1>
<form action=processorder.php method=post>
<table border=0>
<tr bgcolor=#cccccc>
<td width=150>Item</td>
<td width=15>Quantity</td>
</tr>
<tr>
<td>Tires</td>
<td align=center><input type="text" name="tireqty" size=3 maxlength=3></td>
</tr>
<tr>
<td>Oil</td>
<td align=center><input type="text" name="oilqty" size=3 maxlength=3></td>
</tr>
<tr>
<td>Spark Plugs</td>
<td align=center><input type="text" name="sparkqty" size=3 maxlength=3></td>
</tr>
<tr>
<td colspan=2 align=center><input type=submit value="Submit Order"></td>
</tr>
</table>
</form>
</body>
</html>

And the processor PHP page is:

<html>
<head>
<title>Bob's Auto Parts - Order Results</title>
</head>
<body>
<h1>Bob's Auto Parts</h1>
<h2>Order Results</h2>
<?
echo "<p>Order Processed at ";
echo date("H:i, ");
echo "on ";
echo date ("jS F");
echo "<br>";
echo "<p>Your order is as follows:";
echo "<br>";
echo $tireqty." tires<br>";
echo $oilqty." bottles of oil<br>";
echo $sparkqty." spark plugs<br>";
?>
</body>
</html>

I get an error???? this code is taken directly from the book.....

Bob's Auto Parts
Order Results
Order Processed at 21:08, on 12th September


Your order is as follows:

Notice: Undefined variable: tireqty in
c:\inetpub\wwwroot\php\processorder.php on line 16
tires

Notice: Undefined variable: oilqty in
c:\inetpub\wwwroot\php\processorder.php on line 17
bottles of oil

Notice: Undefined variable: sparkqty in
c:\inetpub\wwwroot\php\processorder.php on line 18
spark plugs


Help



Ryan

Hi Ryan,

Sounds like register_globals is turned off on your server (this is generally
a Good Thing). Rather than having all your form fields converted directly
into variables - which your book is assuming, as it's how PHP used to do
it - you'll need to access them via the $_POST array.

Try changing this line:

> echo $tireqty." tires<br>";

To this:

echo $_POST["tireqty"]. " tires<br>";

Search the manual or the list archives for "register_globals" and you'll get
loads of info about this.

Cheers
Jon

Thanks mate, problem kinda fixed, looks like this now...

<html>
<head>
<title>Bob's Auto Parts - Order Results</title>
</head>
<body>
<h1>Bob's Auto Parts</h1>
<h2>Order Results</h2>
<?
$tireqty = $_POST['tireqty'];
$oilqty = $_POST['oilqty'];
$sparkqty = $_POST['sparkqty'];
echo "<p>Order Processed at ";
echo date("H:i, ");
echo "on ";
echo date ("jS F");
echo "<br>";
echo "<p>Your order is as follows:";
echo "<br>";
echo $tireqty." tires<br>";
echo $oilqty." bottles of oil<br>";
echo $sparkqty." spark plugs<br>";
?>
</body>
</html>

Ryan


"Jon Haworth" <jon@laughing-buddha.net> wrote in message
news:008101c37920$944cee90$050a0a0a@eris...
> Hi Ryan,
>
> Sounds like register_globals is turned off on your server (this is
generally
> a Good Thing). Rather than having all your form fields converted directly
> into variables - which your book is assuming, as it's how PHP used to do
> it - you'll need to access them via the $_POST array.
>
> Try changing this line:
>
> > echo $tireqty." tires<br>";
>
> To this:
>
> echo $_POST["tireqty"]. " tires<br>";
>
> Search the manual or the list archives for "register_globals" and you'll
get
> loads of info about this.
>
> Cheers
> Jon

Hi Ryan,

> $tireqty = $_POST['tireqty'];
> $oilqty = $_POST['oilqty'];
> $sparkqty = $_POST['sparkqty'];

That'll certainly fix the problem, but it kind of defeats the point of using
$_POST :-)

Ideally you'd clean the data at this point to make sure no-one's trying to
submit anything nasty (Google on "SQL injection" for an idea of what can be
done).

Seeing as these are quantities, checking them via PHP's is_numeric()
function would probably be a good idea, and making sure they're inside
sensible ranges (between 0 and 50, say) might be worthwhile as well.

Cheers
Jon