Tutorial Codes Does NOT Work

This code, from a Tutorial, does NOT work in PHP 'register_globals off' ---

-------------------
Putting it together
Now let's merge the code into one file. We will call it input.php

<HTML>
<?php
if($submit)
{
$db = mysql_connect("localhost", "root","");
mysql_select_db("learndb",$db);
$sql = "INSERT INTO personnel (firstname, lastname, nick, email, salary) VALUES ('$first', '$ last', '$nickname','$email','$salary')";
$result = mysql_query($sql);
echo "Thank you! Information entered.n";
}
else
{
?>
<form method="post" action="input.php">
First name:<input type="Text" name="first"><br>
Last name:<input type="Text" name="last"><br>
Nick Name:<input type="Text" name="nickname"><br>
E-mail:<input type="Text" name="email"><br>
Salary:<input type="Text" name="salary"><br>
<input type="Submit"name="submit" value=" Enter information"></form>
<?
}
?>
</HTML>
-------

Can anyone help fix it?

BTW, it would be extremely helpful to all us 'Newbies' if ALL PHP Code sites would e-mail their authors with a request to update ALL code snippets to work in the new "Standard Environment" of 'register_globals off' within 30 days or NUKE THE CODE from the web repositories.

Thank you.

with globals off change your variables to


$_POST['varname']


leave them alone in the actual form.

guess I should make that a little clearer just change the variables that you are passing from the form for instance you would leave $db as is.

Thank you. So you are saying then:

if($submit) *should now be* if($_POST['submit'])

???

I appreciate your response.

Umh, I just tried the change but still get:

Notice: Undefined index: submit - and it won't add to the DB.

ARRRGGGHHHHHH!!!

I even tried also doing: $_POST['firstname'] etc., etc.

ARRRRGGHHHHHHHHH!!!!!!!!!!!!!!!!

Hi. I don't know if this is the source of your trouble, but you see that tag where you've got

Well, there should be a space before the name attribute, like this.

Also, your query has a typo. Where you've got

I think you meant

Or, with register globals off, that would be

or even better


More advice:
You might also want to strip slashes and escape all the strings, like this

I know, it's a lot longer than '$last', but it will save you trouble in the long run, from folks with funny characters in their names, and from malicious MySQL hackers.

if ($_POST['submit']) should at least give you a warning when you open the page the first time (offcourse we all code with error_reporting set to E_ALL ;) )
Furthermore I have some comments about using this method and giving your submit button a name="submit"
In the first place a form has a javascript method named submit(); now when you name a form element "submit" this will override the javascript method. If you ever plan to submit the form using javascript you will get the infamous "object doesn't support this method" error.
Secondly you have to keep in mind that submitting a form using the enter key does NOT sent the value of the submit button in the postvars.

I always advice to use:

if ($_SERVER['REQUEST_METHOD'] == 'POST')