Hi all. I'm struggling a bit, but digging this PHP stuff. I'm writing a couple scripts for adding, deleting and modifying data to a mySQL database (how unique, eh?). Below is the add script. It's my first ever, so I would appreciate feedback on how to accomplish what I'm attempting in a more elegant way (I'm assuming my script is not, er, elegant ;) ).

It works fine on a system that has register_globals turned on, but not so on one without. I can provide an URL for anyone wanting to see it in action, but don't want to publish it here.

I appreciate any feedback you might have to help me a) make this better and b) learn to be a better PHP coder.


<html><head><title>Add Text Vignette</title></head>
<body>
<H3>Add A New Text Vignette</H3>
<BR>
<?
// SET VARIABLES (at production, move those that are security-related to an include ('non-public-directory/config.php') file
$version="0.2b";
$dbName="uccscob";
$tableName="tVignette";
$username="edited";
$password="edited";
$hostname="127.0.0.1";
$today = date('Y-m-d');

if (!$textItem1){
drawForm();
}

function drawForm(){ // GET CATEGORIES from vCategory table

global $dbName,$username,$password,$hostname,$today,$version;
$tableName="vCategory";

/*$dbName="uccscob";
$username="root";
$password="";
$hostname="127.0.0.1";
global $today; */

// MAKE DB CONNECTION
$conn = mysql_connect("$hostname", "$username", "$password");
if (!$conn) {
echo "Unable to connect to DB: " . mysql_error();
exit;
}
mysql_select_db("$dbName", $conn);
if (!mysql_select_db("$dbName")) {
echo "Unable to select $dbName: " . mysql_error();
exit;
}

//CREATE AND SUBMIT QUERY
$query = "SELECT * FROM $tableName";
$categories = mysql_query($query, $conn);
if (!$categories) {
$errors[] = "Could not run query ($query) against $tableName, to get category names.";
exit;
}

//CREATE FORM
print <<<HERE
<form method ="post" action ="add_tvignette.php">
<input type ="hidden" name ="tVignetteID" value ="">
<input type ="hidden" name ="userID" value ="1">

<font face=arial,helvetica size=2><B>Fill out the form below to create a new Text Vignette:</b>
</font><BR><BR>
<font face=arial,helvetica size=2><B>Text Item 1: </b></font>
<input type ="text" name ="textItem1" value ="" size="35" maxlength="35"><BR>
<font face=arial,helvetica size=2><B>Text Item 2: </b></font>
<input type ="text" name ="textItem2" value ="" size="35" maxlength="35"><BR>
<font face=arial,helvetica size=2><B>Text Item 3: </b></font>
<input type ="text" name ="textItem3" value ="" size="35" maxlength="35"><BR><BR>
<font face=arial,helvetica size=2><B>URL to Link To: </b></font>
<input type ="text" name ="linkURL" size="45" maxlength="255" value ="http://"><BR><BR>
HERE;
print "<font face=arial,helvetica size=2><B>Category: </b></font><SELECT NAME=\"vCategoryID\">";
print "<OPTION VALUE=\"\" SELECTED>Choose one";
while ($row = mysql_fetch_assoc($categories)){
extract($row);
print "<OPTION VALUE=\"$vCategoryID\">$name";
}
print <<<HERE
</SELECT>&nbsp;&nbsp;&nbsp;
<font face=arial,helvetica size=2><B>Date: </b></font>
<input type ="text" name ="date" size="10" maxlength="10" value ="$today"><BR><BR>
<input type ="submit" value="Add Vignette to Rotation Now">
</form>
<HR size=1>
<center><font face=arial,helvetica size=2><B>[&nbsp;<a href="./admin_tvignette.php?dbName=uccscob&tableName=tvignette">Administer Text Vignettes</a>&nbsp;|&nbsp;<a href="./add_tvignette.php">Add a New Text Vignette</a>&nbsp;]</b></font></center>
<HR size=1 width=400 align=center>
<BR>
<font face=arial,helvetica size=1 color=gray>v $version</font></body></html>
HERE;
exit;
} //end of drawForm()

// INSERT NEW RECORD

if (!$vCategoryID || !$textItem1 || !$textItem2 || !$textItem3 || !$linkURL)
{
echo "<font color=red><b>You didn't fill in all the required fields!</b> Go <a href=\"javascript:history.go(-1);\">back</a> and make sure all fields are filled in...</font><BR>";
echo "<a href=\"javascript:history.go(-1);\">&laquo; Back</a><BR>";
}

else
{
/* This is in anticpation of turning off register_globals
// So, I tried the extract method as well as defining each
// after turning off register_globals, to no avail. ARGGGH!
// UNWRAP VARIABLES PASSED FROM POST FORM
//extract($_POST);
$tVignette = $_POST['tVignette'];
$textItem1 = $_POST['textItem1'];
$textItem2 = $_POST['textItem2'];
$textItem3 = $_POST['textItem3'];
$linkURL = $_POST['linkURL'];
$vCategoryID = $_POST['vCategoryID'];
$userID = $_POST['userID'];
$date = $_POST['date'];
*/

// CONNECT TO DB
$conn = mysql_connect("$hostname", "$username", "$password");
if (!$conn) {
echo "Unable to connect to DB: " . mysql_error();
exit;
}
mysql_select_db("$dbName", $conn);
if (!mysql_select_db("$dbName")) {
echo "Unable to select $dbName: " . mysql_error();
exit;
}
//CREATE AND SUBMIT QUERY
$query = "INSERT INTO $tableName (tVignetteID, textItem1, textItem2, textItem3, linkURL, vCategoryID, userID, date) VALUES ('$tVignetteID', '$textItem1', '$textItem2', '$textItem3', '$linkURL', '$vCategoryID', '$userID', '$date')";
$categories = mysql_query($query, $conn);
if (!$categories) {
$errors[] = "Could not run query ($query) against $tableName, to get category names.";
}else
{
print "<font color=green><B>Text Vignette successfully added to rotation.</b> Click <a href=\"./admin_tvignette.php?dbName=uccscob&tableName=tvignette\">here</a> to view your new entry.</font>";
print "<BR><font face=arial,helvetica size=1 color=gray>v $version</font></body></html>";}
}
?>
</body></html>

What you need to do is add at the top of the script is this:

$var = $_METHOD[var];

for each of the variables.

eg, say you had $example and it was in a form using the POST method. you'd type:

$example = $_POST[example];

or if you have a URL (get) variable:

$exampleget = $_GET[exampleget];

and finally to access cookies:

$examplecookie = $_COOKIE[examplecookie];

I'd suggest you get into the habit of doing this otherwise you will start to have problems in the future as most servers switch over to turn off the other method of variable access.

As for your code, it seems elegant enough. Becoming a better coder will come with experience and time. Don't rush it ;).

Thanks for the feedback. I definitely want to get the whole global variable thing right. I appreciate your tips. I just began to think, however, that it might be better to try to segment the presentation (html) stuff from the PHP stuff a bit more (i.e., separating the form from the PHP code, so that web designers can have a bit of fun without mucking about in the code). What are your thoughts on this?

Again, thanks!

What you need to do is add at the top of the script is this:

$var = $_METHOD[var];

for each of the variables.

eg, say you had $example and it was in a form using the POST method. you'd type:

$example = $_POST[example];

or if you have a URL (get) variable:

$exampleget = $_GET[exampleget];

and finally to access cookies:

$examplecookie = $_COOKIE[examplecookie];

I'd suggest you get into the habit of doing this otherwise you will start to have problems in the future as most servers switch over to turn off the other method of variable access.

As for your code, it seems elegant enough. Becoming a better coder will come with experience and time. Don't rush it ;).