Selecting MySQL database row based on form input

[swong]

We recently upgraded from PHP4 to PHP5 and the below script that was working perfectly in 4 has completely stopped working and I can't figure out why for the life of me. I'm not an experienced PHP programmer--I've done some forms, but this is the first time I've used a database.

 

What needs to (and was) happen: A user enters their username in the form and gets a readout of their participation so far that month.

 

The problem(s): I know that it's storing the variable 'user' because it echoes it back properly, but the database is no longer allowing me to select the row based on that variable. I know it's not that I can't connect to the database because if instead of '$user' I change the code to a username I know is in there, I get the proper readout. This all started as soon as I transferred over to PHP5--before that, no problems at all.

 

The database information is all correct, I just took it out for privacy's sake.

 

<form id="feedback" method="post" action="index.php">
<input name="user" type="text" value="Enter user name" size="20" maxlength="50" /><br />
<input name="send" id="send" type="submit" value="Submit" />
</form>
<?php
if (isset($_POST['user'])) { 
$_session['user'] = $_POST['user'];
} 
?>

<p>You entered your username as: <strong><? echo $_session['user'];?></strong>. If this is not correct or you do not see your information below, please re-enter your username and click Submit again.</p>

<?php
$con = mysql_connect("database","username","password");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("database", $con);

$result = mysql_query("SELECT * FROM March WHERE Username='$user'") or die ('Error: '.mysql_error ());

while($row = mysql_fetch_array($result))
  {
  echo "<table border='0'>";
  echo "<tr>";
  echo "<td><strong>Username:</strong> </td><td>" . $row['Username'] . "</td></tr>";
  echo "<tr><td><strong>Mar. 2 Discussion:</strong></td><td>" . $row['Mar2Q'] . "</td></tr>";
  echo "<tr><td><strong>Mar. 2 Poll:</strong></td><td>" . $row['Mar2P'] . "</td></tr>";
  echo "<tr><td><strong>Mar. 9 Discussion:</strong></td><td>" . $row['Mar9Q'] . "</td></tr>";
  echo "<tr><td><strong>Mar. 9 Poll:</strong></td><td>" . $row['Mar9P'] . "</td></tr>";
  echo "<tr><td><strong>Mar. 16 Discussion:</strong></td><td>" . $row['Mar16Q'] . "</td></tr>";
  echo "<tr><td><strong>Mar. 16 Poll:</strong></td><td>" . $row['Mar16P'] . "</td></tr>";
  echo "<tr><td><strong>March Participation To-Date:</strong></td><td>" . $row['Participation'] . "</td></tr>";
  echo "</tr>";
  } 
  echo "</table>";

mysql_close($con);
?> 

 

ANY help would be greatly appreciated! I've got a couple hundred people who use this on a regular basis and are starting to ask why it's not working.

 

[affordit]

Are your variables in the db connect file conflicting with the user variables??

[Pikachu2000]

Since $user is never explicitly assigned a value, I would say that script needs to be modified so it does not rely on register_globals being set to ON in the php.ini file. That appears to be (at least part of) the problem, since register_globals is no longer ON by default, and for good reason should remain off.

[swong]

That was light years easier than I was anticipating-- I just needed to add $user=$_POST['user'] to the script and it does exactly what it's supposed to.

 

Thanks so much for bringing the register_globals issue to my attention! I didn't realize the default switched. I've got a lot to learn--I started learning PHP mostly out of office necessity so I probably haven't learned it the 'proper' way and need to dedicate some time to learning the background. But again, appreciate the help greatly!