What is wrong with this php code

PHP
1

This is the code that will process the form. It has an include file.

<?php
include_once'dogs.php';
foreach($_POST as $field => $value) #62
{
if ($value == "") #66
{
unset($_GET['subject2']);
$message_new = "Required information is missing.
Please try again.";
include("subject2_form.php");
exit();
}
if (ereg("(Name)",$field))
{
if (!ereg("^[A-Za-z' -]$",$value))
{
unset($_GET['subject2']);
$message_new = "$field is not a valid name.
Please try again.";
include("subject2_form.php");
exit();
}
}
$$field = strip_tags(trim($value));
}//end foreach
$connection = mysql_connect($user, $host, $password,$database)
or die ("Couldn't connect to server.");
$db = mysql_select_db($database, $connection)
or die ("Couldn't select database.");
 if ($value == "") #66
{
unset($_GET['subject2']);
$message_new = "Required information is missing.
Please try again.";
include("subject2_form.php");
exit();
}
else{
$query = "INSERT INTO acct (username, names, subject1, subject2, subject3, subject4, subject5, subject6, subject7, subject8, subject9) VALUES 
( '$username', '$names', '$subject1', '$subject2', '$subject3', '$subject4', '$subject5', '$subject6', '$subject7', '$subject8', '$subject9')";
mysql_query($sql);
}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>

<body>
<FORM METHOD="POST" ACTION="subject2.php"> 
<?php #25
if (isset($subject2))
echo "$subject2";
?>
<p>Username: <INPUT TYPE="text" NAME="username" SIZE="35"value="<?php echo @$username ?>"maxlength="20">
<p>names: <INPUT TYPE="text" NAME="names" SIZE="50"value="<?php echo @$names ?>"maxlength="80">
<p>Password: <INPUT TYPE="password" NAME="password" SIZE="35"value="<?php echo @password ?>"maxlength="20">
<p>Subject1: <INPUT TYPE="text" NAME="subject1" SIZE="35"value="<?php echo @$subject1; ?>"maxlength="20">
<p>Subject2: <INPUT TYPE="text" NAME="subject2" SIZE="35"value="<?php echo @$subject2; ?>"maxlength="20">
<p>Subject3: <INPUT TYPE="text" NAME="subject3" SIZE="35"value="<?php echo @$subject3; ?>"maxlength="20">
<p>Subject4: <INPUT TYPE="text" NAME="subject4" SIZE="35"value="<?php echo @$subject4; ?>"maxlength="20">
<p>Subject5: <INPUT TYPE="text" NAME="subject5" SIZE="35"value="<?php echo @$subject5; ?>"maxlength="20">
<p>Subject6: <INPUT TYPE="text" NAME="subject6" SIZE="35"value="<?php echo @$subject6; ?>"maxlength="20">
<p>Subject7: <INPUT TYPE="text" NAME="subject7" SIZE="35"value="<?php echo @$subject7; ?>"maxlength="20">
<p>Subject8: <INPUT TYPE="text" NAME="subject8" SIZE="35"value="<?php echo @$subject8; ?>"maxlength="20">
<p>Subject9: <INPUT TYPE="text" NAME="subjec92" SIZE="35"value="<?php echo @$subject9; ?>"maxlength="20">
<p><input type="submit"value="Enter Subjects">

</body>
</html>
2

Well, it’s a bit hard to guess. What makes you think anything is wrong with it? Do you get error messages, if so, what do they say? Give us a bit of a clue.

Two things that might be wrong with it:

  1. I can’t see why this line starts with two dollar signs:

$$field = strip_tags(trim($value));
  1. You’re using mysql calls to access the database, you should read up on changing them to mysqli or PDO instead as mysql is deprecated and will disappear soon.
3

It’s a variable variable (if that’s the correct term). Basically it’s creating a new variable with the current value of $field:


$field = 'subject1';
$$field = true; // This is equivalent to $subject1 = true;
4

[ot]That’s the correct term. Though at first it doesn’t make much sense. I mean, is there such a thing as a non-variable variable?
Or a CONSTANT CONSTANT?[/ot]

5

It’s also wide open to a SQL Injection attack

6

Should

include_once'dogs.php';

not be?

include_once('dogs.php');

Or even better:

<?php
if(!@file_exists('dogs.php') ) {
    echo 'can not include file';
} else {
   include('./dogs.php');
}
?>
7

Actually include_once (and its kind) are not functions but language constructs so the parantheses are not needed.
They work with them (in most uses), and there is a lot of example code with them, so it’s easy to think they need them.

eg. http://www.php.net/manual/en/function.include.php

8

The form shows a password field, are the passwords stored in the database hashed?

9

This is the message it was displaying.

“mysql_connect():php_network_getadresses: getaddrinfo failed: No such host is known. in C:\xampp\htdocs\subject.php on line 51”, and “Couldn’t connect to server.” And which books do you recommenmd for a starter like me as the books I read are old schs

10

Where are you setting the values for: $user, $host, $password,$database

Also MySQL_connect() etc. is being depreciated and you should use the pdo method or mysqli

11

Oh, OK. I forgot to add my usual “but I’m still learning this stuff” disclaimer. Turns out it’s probably not relevant to the problem now we know what error the OP is getting.

12

I’d have a good read of some of the articles on here rather than necessarily looking for books - I’ve got quite a few books, either real or e-book, and a lot of them are still using old methods just because of how long it takes for these things to be reprinted.

13

What’s the current structure of the tables? I get a gut feeling that the tables could do with normalization.