Examine the code in each piece of the application for this project. Is there sufficient documentation for the code? Are there unnecessary error messages or inclusions in the code that reveal too much system information to the user? Correct or document any items you find and explain your modifications in the report for this week.

// Form destination - This can be changed if you want to test it on your own.

$fdest = 'http://www.petsales.com/index.php';

// This sets up functions for PHP use. The form described here manages the user session.

// Print form

function print_form() {

global $fname, $email, $sess;

//echo "Vars: " . $fname . $email . $sess;

//print session variables - email, session, fname

echo '

';

$reader = '';

if ($sess != '') {

$reader = $sess;

} else if ($_POST['session'] != '') {

$reader = $_POST['session'];

}

echo '';

$reader = '';

if ($email != '') {

$reader = $email;

} else if ($_POST['email'] != '') {

$reader = $_POST['email'];

}

echo '';

$reader = '';

if ($fname != '') {

$reader = $fname;

} else if ($_POST['fname'] != '') {

$reader = $_POST['fname'];

}

echo '';

// pagereq is the requested page for the next transaction

echo '';

// tokenid is the last action information

echo '';

echo '

';

}

// Insert database query

function mysql_insert($table, $inserts) {

$values = array_map('mysql_real_escape_string', array_values($inserts));

$keys = array_keys($inserts);

return mysql_query('INSERT INTO `'.$table.'` (`'.implode('`,`', $keys).'`) VALUES (\''.implode('\',\'', $values).'\')');

}

// Check database

function get_db($myquery) {

return mysql_query($myquery);

}

?>

// This prints the session management form - Do not edit!

print_form();

?>