PHP - Need Some Feedback On Beginner Php

Hi guys,   Have some questions about "SESSIONS".   I am setting: $_SESSION['sessionID'] = session_id(); BUT not sure how to use it correctly or what for? Is code below acceptable? Any suggestions for improvements?

<?php
error_reporting(-1);
ini_set('display_errors', 'On');

spl_autoload_register(function ($class) {
    include 'lib/' . $class . '.inc';
});

session_start();

// ===============================================================
if (isset($_GET['msg'])){ echo $_GET['msg']; }

// ===============================================================
if (isset($_POST['btn_login']) && !empty($_POST['btn_login'])){
		
		$_SESSION['logged'] = "true";
		$_SESSION['sessionID'] = session_id();
		session_write_close();
		header( 'Location: http://localhost/work/index.php?msg=Logged in!' ) ;

	}

// ===============================================================
if (isset($_POST['btn_logout']) && !empty($_POST['btn_logout'])){
	//true
		$_SESSION['logged'] = "";
		$_SESSION['sessionID'] = "";
		session_write_close();
		session_destroy();
		header( 'Location: http://localhost/work/index.php?msg=Logged out!' ) ;
	}
	
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Server Status</title>
</head>

<body>

<?php

// ===============================================================

if (!$_SESSION['logged'] == true){
?>

<form action="#" method="post" enctype="application/x-www-form-urlencoded" name="user-login">

<input name="btn_login" type="submit" value="Logon" />

</form>

<?php

	}else{
		
?>

<form action="#" method="post" enctype="application/x-www-form-urlencoded" name="user-login">

<input name="btn_logout" type="submit" value="Logout" />

</form>

<?php

	}

?>


</body>
</html>

Kind regards and thanks.          

I'm running one of those really dense zend-based frameworks with masses of recursion (Magento), and I'm getting a problem with reading/writing the session, before I deal with that I'm trying to find some feedback on where the issue is happening.

I've got everything ( i know of ) switched on, 

error_reporting(E_ALL);
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);

+ I'm using PHPStorm with Xdebug and I've got Php Exception breakpoint set, I'm watching the Phpstorm Output/Console/Terminal (don't quite know the difference) +var/log/Exception.log, but....It just hangs without telling me which line.

Is this someting I've got to take on the chin with Php (I'm a relative newbie)? Or is there some way else?

Debian/Php 7.3

hello, i have been trying to find scripts or write a custom php script so i can have a feedback/comment type blog on my website. im trying to go for the same type of design layout and function as the blog on this site: http://www.jessicaswift.com/treasuring/ I have found a few scripts but they are on sites that want me to pay for the scripts and coding, but im not sure if its legit or even what im looking for cause they dont have full demos of them. if anyone could help me out by pointing me in the right direction with a website or tutorial for what im trying to do. Im not sure if javascript would be better for what im trying to do. cause i dont want to have a full out blog like from wordpress or blogger.com my site im building for my sister is www.jessicadurrant.com if you go to the blog page you will see its a wordpress blog, which i dont want to use. i would like to set up something like the blog that is on the first website link i posted about. Again any help would be greatly appreciated.

I have a Feedback form that I use to get peoples input. So far it works But I have 2 Problems

Here is the Code:
Code: [Select]
<?php
include "includes/config.php";
$date   = date('jS \of F  h:i A');



$sql="INSERT INTO news (Name, Email, Comments, date)
VALUES
('$_POST[gamertag]', '$_POST[email]', '$_POST[password]', '$date')";

header( 'Location: thanks.php' );

mysql_close($con)
?>
I'm making a VB.net Feedback form and I want to imput like this

http://mysite.com/feedback.php?name=Mike&email=test@test.net&comments=comment&date=20th of April  12:30 AM

But so far from my testing it doesn't register the values and says that there is a Duplicate value for email ".

I'd like it to register values somehow and if there is a duplicate email entered then have it update it or write over it.

Any help appreciated,
Thanks!

I get this error: 

Oops! Please ensure you have completed all fields before submitting the form.

Also ensure that there is only one email address.

All are filled out properly on the web page?

Can someone please help?

This is the page: http://www.blizzarddynamics.com/feedback_form.html

Help! I'm stuck!

This is the feedback form file I made.
Code: [Select]
<html>
<head><title>Bob's Auto Parts - Customer Feedback</title></head>
<body>

<h1>Customer Feedback</h1>
<p>Please tell us what you think.</p>

<form action="processfeedback.php" method="post">

<p>Your name:<br/>
<input type="text" name="name" size="40" /></p>
     
<p>Your email address:<br/>
<input type="text" name="email" size="40" /></p>
     
<p>Your feedback:<br/>
<textarea name="feedback" rows="8" cols="40" wrap="virtual" /></textarea></p>
     
<p><input type="submit" value="Send feedback" /></p>

</form>
</body>
</html>

And this is the process feedback file I made.
Code: [Select]
<?php

//create short variable names
$name = trim($_POST['name']);
$email = trim($_POST['email']);
$feedback = trim($_POST['feedback']);

//set up some static information
$toaddress = "wolocaw@localhost";

$subject = "Feedback from web site";

$mailcontent = "Customer name: ".$name."\n".
            "Customer email: ".$email."\n".
               "Customer comments:\n".$feedback."\n";

$fromaddress = "From: webserver@example.com";

//invoke mail() function to send mail
mail($toaddress, $subject, $mailcontent, $fromaddress);

?>
<html>
<head>
<title>Bob's Auto Parts - Feedback Submitted</title>
</head>
<body>
<h1>Feedback submitted</h1>
<p>Your feedback (shown below) has been sent.</p>
<p><?php echo nl2br($mailcontent); ?> </p>
</body>
</html>


After I fill out the form, it brings me to a page that says "Feedback submitted" at the top and "Your feedback (shown below) has been sent." below it. And that's it. nl2br($mailcontent) doesn't do anything. What am I doing wrong? I don't understand! 

I've finished the front end design of my application and now intend to provide a version to my potential users to gain feedback.   Does anyone have any experience with the best methods of capturing this feedback? What methods have you used in the past? Questionnaires?   I want feedback on things like the colour scheme, layouts, ease of use etc. From what I've read I can do things like a 1-5 satisfaction scale on multiple questions, but this seems a little vague    

Hello:

I have this form below that stores the data in a database, and sends an email to my client so he gets the information (And if there is a more proper way to code this, I am all ears):
Code: [Select]
<?php
include('include/myConn.php');
?>

<html>
...

<?php

$error = NULL;
$myDate = NULL;
$ParentsName = NULL;
$BestPhone = NULL;
$Email = NULL;
$StudentsName  = NULL;
$StudentsSchool = NULL;

if(isset($_POST['submit'])) {

$myDate = $_POST['myDate'];
$ParentsName = $_POST['ParentsName'];
$BestPhone = $_POST['BestPhone'];
$Email = $_POST['Email'];
$StudentsName = $_POST['StudentsName'];
$StudentsSchool = $_POST['StudentsSchool'];
 
 if(empty($ParentsName)) {
   $error .= '<div style=\'margin-bottom: 6px;\'>- Enter the parent\'s name.</div>';
 }
 
 if(empty($BestPhone)) {
   $error .= '<div style=\'margin-bottom: 6px;\'>- Enter the best phone number to reach you.</div>';
 }
 
 if(empty($Email) || !preg_match('~^([0-9a-zA-Z]([-.\w]*[0-9a-zA-Z])*@([0-9a-zA-Z][-\w]*[0-9a-zA-Z]\.)+[a-zA-Z]{2,9})$~',$Email)) {
  $error .= '<div style=\'margin-bottom: 6px;\'>- Enter a valid email.</div>';
 }
 
 if(empty($StudentsName)) {
   $error .= '<div style=\'margin-bottom: 6px;\'>- Enter the student\'s name.</div>';
 }

 if(empty($StudentsSchool)) {
   $error .= '<div style=\'margin-bottom: 6px;\'>- Enter the student\'s school.</div>';
 }


if($error == NULL) {

$sql = sprintf("INSERT INTO mySignUpData(myDate,ParentsName,BestPhone,Email,StudentsName,StudentsSchool) VALUES ('%s','%s','%s','%s','%s','%s')",

mysql_real_escape_string($myDate),
mysql_real_escape_string($ParentsName),
mysql_real_escape_string($BestPhone),
mysql_real_escape_string($Email),
mysql_real_escape_string($StudentsName),
mysql_real_escape_string($StudentsSchool);

                        
if(mysql_query($sql)) {
  
$error .= '<div style=\'margin-bottom: 6px;\'>Thank you for using the sign-up sheet.</div>';
    
mail( "me@mywebsite.com", "Sign-up Sheet Request",


"Date Sent: $myDate\n
Parent's Name: $ParentsName
Best Phone: $BestPhone
Email: $Email
Student's Name: $StudentsName
Student's School: $StudentsSchool\n

",

"From: $Email" 

);


unset($ParentsName); 
unset($BestPhone);
unset($Email);
unset($StudentsName);
unset($StudentsSchool);

  }
  else {
    $error .= 'There was an error in our Database, please Try again!';
  }
}
}


?>

<form name="myform" action="" method="post">
<input type="hidden" name="myDate" size="45" maxlength="50" value="<?php echo date("F j, Y"); ?>" />

<div id="tableFormDiv2">

<fieldset>
<hr />
</fieldset>

<fieldset><span class="floatLeftFormWidth2"><span class="textErrorItalic">* - Required</span></span> <span class="floatFormLeft">&nbsp;</span></fieldset>
<?php echo '<span class="textError">' . $error . '</span>';?>
<fieldset><span class="floatLeftFormWidth2"><span class="textErrorItalic">*</span>&nbsp; Parent's Name:</span> <span class="floatFormLeft"><input type="text" name="ParentsName" size="45" maxlength="50" value="<?php echo $ParentsName; ?>" /></span></fieldset>
<fieldset><span class="floatLeftFormWidth2"><span class="textErrorItalic">*</span>&nbsp; Best Phone # To Reach You:</span> <span class="floatFormLeft"><input type="text" name="BestPhone" size="45" maxlength="50" value="<?php echo $BestPhone; ?>" /></span></fieldset>
<fieldset><span class="floatLeftFormWidth2"><span class="textErrorItalic">*</span>&nbsp; Email:</span> <span class="floatFormLeft"><input type="text" name="Email" size="45" maxlength="50" value="<?php echo $Email; ?>" /></span></fieldset>

<fieldset><span class="floatLeftFormWidth2"><span class="textErrorItalic">*</span>&nbsp; Student's Name:</span> <span class="floatFormLeft"><input type="text" name="StudentsName" size="45" maxlength="50" value="<?php echo $StudentsName; ?>" /></span></fieldset>
<fieldset><span class="floatLeftFormWidth2"><span class="textErrorItalic">*</span>&nbsp; Student's School:</span> <span class="floatFormLeft"><input type="text" name="StudentsSchool" size="45" maxlength="50" value="<?php echo $StudentsSchool; ?>" /></span></fieldset>





</div>
<input type="submit" name="submit" value="Click here to submit your registration form" class="submitButton2" /><br />
</form>



</html>

I want to add a feature that will also send an autoresponder email with a message to the user who submitted the form.

How can that be done?

Do I need to somehow revise this section:
Code: [Select]
mail( "me@mywebsite.com", "Sign-up Sheet Request",


"Date Sent: $myDate\n
Parent's Name: $ParentsName
Best Phone: $BestPhone
Email: $Email
Student's Name: $StudentsName
Student's School: $StudentsSchool\n

",

"From: $Email"

Please let me know and thanks in advance.

Hello:

I want to create a feedback form that will allow a user to select from 30 or so items on a page, and send the data to an email address. I think it's something like a shopping cart but without a need to process a payment. I want to list items (like a soccer ball, a basket ball, etc.) and allow the user to select the size of the ball, the color, the number of balls, etc. I want the user to be able to select 1 item or many items.

Once they are done, they would hit submit, and the data would get sent to an email address.

Do I need to use a session to do this?

I was trying to work with this code:
Code: [Select]
<?php
session_start();
session_register('product');
session_register('amount');
$_SESSION['product'] = $_POST['product'];
$_SESSION['amount'] = $_POST['amount'];

//SEND THE EMAIL CODE HERE ????

?>
<form method="post" action="">
<input type="text" size="10" name="product"><br />
<input type="text" size="10" name="amount"><br />
<input type="submit" value="Finish">
</form>

But I'm pretty sure I'm not in the ballpark on how to do this.

Anyone have any ideas?

Thanks in advance.

Hello. Basically the issue I am having is my feedback form is not grabbing the Company Name and ID from the URL. I have the php code set in place where it's supposed to post, but it's not getting it. Can someone please help me out? I'm pretty new with php, so I'm kind of at the brink of my knowledge.

Thanks, Jess. 

Code: [Select]
<?php
//Modified because only email is required
//if (empty($_POST['name']) || empty($_POST['email']) || empty($_POST['comments'])) {
if (empty($_POST['email'])) {
$error_msg .= "E-mail is a required field. \n";
} elseif (strlen($_POST['name']) > 15) {
$error_msg .= "The name field is limited at 15 characters. Your first name or nickname will do! \n";
} elseif (!ereg("^[A-Za-z' -]*$", $_POST['name'])) {
$error_msg .= "The name field must not contain special characters. \n";
} elseif (!ereg("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$",strtolower($_POST['email']))) {
$error_msg .= "That is not a valid e-mail address. \n";
} elseif (!empty($_POST['url']) && !preg_match('/^(http|https):\/\/(([A-Z0-9][A-Z0-9_-]*)(\.[A-Z0-9][A-Z0-9_-]*)+)(:(\d+))?\/?/i', $_POST['url']))
$error_msg .= "Invalid website url.";

if ($error_msg == NULL && $points <= $maxPoints) {
$subject = "Feedback for " . $_POST['Company'];

$message = "You received this e-mail message through your website: \n\n";
foreach ($_POST as $key => $val) {
$message .= ucwords($key) . ": $val \r\n";
}
$message .= 'IP: '.$_SERVER['REMOTE_ADDR']."\r\n";
$message .= 'Browser: '.$_SERVER['HTTP_USER_AGENT']."\r\n";
$message .= 'Spam points: '.$points;

if (strstr($_SERVER['SERVER_SOFTWARE'], "Win")) {
$headers   = "From: $yourEmail \r\n";
$headers  .= "Reply-To: {$_POST['email']}";
} else {
$headers   = "From: $yourWebsite <$yourEmail> \r\n";
$headers  .= "Reply-To: {$_POST['email']}";
}

if (mail($yourEmail,$subject,$message,$headers)) {
echo '<p>Thank you for taking the time to send us your feedback. Your comments are appreciated and help us provide the most current and accurate information possible.</p> 
<p>If you require further assistance, please visit our <a href="http://www.domain.com/" target="_blank">contact us</a> page.</p>';
$sentmail = 1;

echo '
<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src=\'" + gaJsHost + "google-analytics.com/ga.js\' type=\'text/javascript\'%3E%3C/script%3E"));
</script>
<script type="text/javascript">
var pageTracker = _gat._getTracker("analyticscode"); 
pageTracker._setDomainName(".domain.com");
pageTracker._trackPageview();
</script>
';

} else {
echo '<p>Your mail could not be sent this time.</p>';
}
}
}
function get_data($var) {
if (isset($_POST[$var]))
echo htmlspecialchars($_POST[$var]);
}

?>




<?php
foreach( $_POST as $checkbox ){
echo $checkbox .'<br />';
$checkbox = array("WebsiteLinkIsNotAccurate", "TelephoneNumberIsNotAccurate", "FaxNumberIsNotAccurate", "CompanyIsOutOfBusiness", "CompanyIsNoLongerAtThisLocation", "CompanyDoesNotProvideTheProductOrServiceAsFeatured", "Other(PleaseExplainBelow)");
}
?>




<?php
// DISPLAY ERROR MESSAGE - CHECK TO SEE IF USER HAS SUBMITTED THE FORM SUCCESSFULLY
if ($error_msg != NULL) {
echo '<p><strong style="color: red;">ERROR:</strong><br />';
echo nl2br($error_msg) . "</p>";
}

if($sentmail == 0){
?>

<form id="feedback" name="feedback" method="post" action="feedback.php" onSubmit="return CheckForm()">
<noscript>
<p><input type="hidden" name="nojs" id="nojs" /></p>
</noscript>

<input type="hidden" name="CompanyID" id="CompanyID" value="<?php echo $_POST['companyid']; ?>">
<input type="hidden" name="Company" id="Company" value="<?php echo $_POST['companyname']; ?>">


<p><strong>If you have different information about <u><?php echo $_POST['companyname']; ?></u>, or were unable to contact them, please let us know by completing the form below.</strong></p>
...

Hello,   I'm the sole developer of Aptugo (http://www.aptugo.com), a web RAD development environment with focus on making every developer's life easier. I've spent countless hours over the last two years developing it, and while the main focus is to be a CRUD boilerplate, it can actually build complete websites with great features (Aptugo's website was completely built with Aptugo, and google page insights gave me a score of 92 right out of the oven and without any effort).   Anyway, it would be really nice if you could spend a few minutes taking a look at Aptugo, It is free, and I really want to keep it free forever, in order to be able to achieve that, I really mouth-to-mouth promotion, so I'm not trying to sell you anything here, I'm just asking for help and your empathy! . If you could tell me: "I would use aptugo if it..." I would really appreciate it.    Have a great day, Gaston

Hello:

Did my first post last week and am new to PHP. Making the jump from Classic ASP into PHP. I got some good advice last time.

I have a feedback form I have been using, and it works fine for sending results to the website owner.

How can I add to it so it will first add all the data to mySQL database, and then email the results to the site owner? Also, I hear about SQL injection attacks a lot - is my current code safe from that?

This is what I have:

contact.php
Code: [Select]
...

<form method="post" name="myform" action="sendmail.php">


Full Name: <input type="text" name="FullName" />

Address: <input type="text" name="Address" />

City: <input type="text" name="City" />

State: <input type="text" name="State" />

Zip: <input type="text" name="Zip" />

Phone: <input type="text" name="Phone" />

Email: <input type="text" name="Email" />

Website: <input type="text" name="Website" />

Comments: <textarea cols="43" rows="6" name="Comments"></textarea>


<input type="submit" /><br />

</form>

...


sendmail.php

Code: [Select]
<?php

$FullName = $_REQUEST['FullName'] ;
$Address = $_REQUEST['Address'] ;
$City = $_REQUEST['City'] ;
$State = $_REQUEST['State'] ;
$Zip = $_REQUEST['Zip'] ;
$Phone = $_REQUEST['Phone'] ;
$Email = $_REQUEST['Email'] ;
$Website = $_REQUEST['Website'] ;
$Comments = $_REQUEST['Comments'] ;

mail( "info@website.com", "Contact Request",

"Full Name: $FullName\nAddress: $Address\n City: $City\n State: $State\n Zip: $Zip\n Phone: $Phone\n Email: $Email\n Website: $Website\n Comments: $Comments\n",    
"From: $Email" );

header( "Location: http://www.website.com/thanks.php" );

?>


Any help or coding examples would be most appreciated!

Thanks!

Hi again:

What I want to do - and am stuck on - is to allow the user to add files to the feedback, submit the form, and the data will get stored in the DB (and the uploaded files will get stored in "uploads"), plus an email will get sent to the client who can click the files links in the email, and download them that way.

I have done this via ASP, but never tried it with PHP ...

This is what my database table looks like"
Code: [Select]
CREATE TABLE `myProductRightData2` (
  `myDate` varchar(55) default NULL,
  `myNameAndProduct` text,
  `myWebsite` text,
  `myProductUse` text,
  `myProductProblemSolver` text,
  `myProductUnique` text,
  `myWhyBetter` text,
  `myProductAppeal` text,
  `myProductSelling` text,
  `myProductResearch` text,
  `file1` varchar(255) default NULL,
  `myProductStory` text,
  `mySpokesperson` text,
  `myProductReviewed` text,
  `myProductDecision` text,
  `file2` varchar(255) default NULL,
  `file3` varchar(255) default NULL
) ENGINE=MyISAM DEFAULT CHARSET=utf8;

--
-- Dumping data for table `myProductRightData2`
--

INSERT INTO `myProductRightData2` VALUES('February 22, 2011', 'test', 'test', 'test', 'test', 'test', 'test', 'test', 'test', 'test', 'test', 'test.pdf', 'test', 'test', 'test', 'test1.jpg', 'test2.jpg');

And this is the form code:
Code: [Select]
<?php
$error = NULL;
$myDate = NULL;
$myNameAndProduct = NULL;
$myPhone = NULL;
$myEmail = NULL;
$myWebsite = NULL;
$myProductUse  = NULL;
$myProductProblemSolver = NULL;
$myProductUnique = NULL;
$myWhyBetter = NULL;
$myProductAppeal = NULL;
$myProductSelling = NULL;
$myProductResearch = NULL;
$file1 = NULL;
$myProductStory = NULL;
$mySpokesperson = NULL;
$myProductReviewed = NULL;
$myProductDecision = NULL;
$file2 = NULL;
$file3 = NULL;



if(isset($_POST['submit'])) {

if ((($_FILES["file1"]["type"] == "image/gif")
|| ($_FILES["file1"]["type"] == "image/jpg")
|| ($_FILES["file1"]["type"] == "image/jpeg")
|| ($_FILES["file1"]["type"] == "image/pjpeg"))
&& ($_FILES["file1"]["size"] < 20000))
  {
  if ($_FILES["file1"]["error"] > 0)
    {
    echo "Return Code: " . $_FILES["file1"]["error"] . "<br />";
    }
  else
    {
    echo "Upload: " . $_FILES["file1"]["name"] . "<br />";
    echo "Type: " . $_FILES["file1"]["type"] . "<br />";
    echo "Size: " . ($_FILES["file1"]["size"] / 1024) . " Kb<br />";
    echo "Temp file: " . $_FILES["file1"]["tmp_name"] . "<br />";

    if (file_exists("upload/" . $_FILES["file1"]["name"]))
      {
      echo $_FILES["file1"]["name"] . " already exists. ";
      }
    else
      {
      move_uploaded_file($_FILES["file1"]["tmp_name"],
      "upload/" . $_FILES["file1"]["name"]);
      echo "Stored in: " . "uploads/" . $_FILES["file1"]["name"];
      }
    }
  }
else
  {
  echo "Invalid file";
  }
  
  
  
 $myDate = $_POST['myDate'];
 $myNameAndProduct = $_POST['myNameAndProduct'];
 $myPhone = $_POST['myPhone'];
 $myEmail = $_POST['myEmail'];
 $myWebsite = $_POST['myWebsite'];
 $myProductUse = $_POST['myProductUse'];
 $myProductProblemSolver = $_POST['myProductProblemSolver'];
 $myProductUnique = $_POST['myProductUnique'];
 $myWhyBetter = $_POST['myWhyBetter'];
 $myProductAppeal = $_POST['myProductAppeal'];
 $myProductSelling = $_POST['myProductSelling'];
 $myProductResearch = $_POST['myProductResearch'];
 $file1 = $_POST['file1'];
 $myProductStory = $_POST['myProductStory'];
 $mySpokesperson = $_POST['mySpokesperson'];
 $myProductReviewed = $_POST['myProductReviewed'];
 $myProductDecision = $_POST['myProductDecision'];
 $file2 = $_POST['file2'];
 $file3 = $_POST['file3'];
  
 if(empty($myNameAndProduct)) {
   $error .= '-- Enter your Name and Product. <br />';
 }

 if(empty($myPhone)) {
   $error .= '-- Enter your Phone Number. <br />';
 }

 if(empty($myEmail)) {
   $error .= '-- Enter your Email. <br />';
 }

if($error == NULL) {

$sql = sprintf("INSERT INTO myProductRightData2(myDate,myNameAndProduct,myPhone,myEmail,myWebsite,myProductUse,myProductProblemSolver,myProductUnique,myWhyBetter,myProductAppeal,myProductSelling,myProductResearch,file1,myProductStory,mySpokesperson,myProductReviewed,myProductDecision,file2,file3) VALUES ('%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s')",

mysql_real_escape_string($myDate),
mysql_real_escape_string($myNameAndProduct),
mysql_real_escape_string($myPhone),
mysql_real_escape_string($myEmail),
mysql_real_escape_string($myWebsite),
mysql_real_escape_string($myProductUse),
mysql_real_escape_string($myProductProblemSolver),
mysql_real_escape_string($myProductUnique),
mysql_real_escape_string($myWhyBetter),
mysql_real_escape_string($myProductAppeal),
mysql_real_escape_string($myProductSelling),
mysql_real_escape_string($myProductResearch),
mysql_real_escape_string($file1),
mysql_real_escape_string($myProductStory),
mysql_real_escape_string($mySpokesperson),
mysql_real_escape_string($myProductReviewed),
mysql_real_escape_string($myProductDecision),
mysql_real_escape_string($file2),
mysql_real_escape_string($file3));

                        
  if(mysql_query($sql)) {
  
    $error .= 'Thank you for submitting your product. We will be in contact with you soon.';
    
mail( "m@sp.com", "Product Submission",

"Date Sent: $myDate\n Name and Product: $myNameAndProduct\n Phone: $myPhone\n Email: $myEmail\n Website: $myWebsite\n Product Use: $myProductUse\n Problem Product Solves: $myProductProblemSolver\n Product Uniqueness: $myProductUnique\n Product Better Because: $myWhyBetter\n Product Appeal: $myProductAppeal\n Product Selling Places: $myProductSelling\n Product Research: $myProductResearch\n Research Documentation: $file1\n Product Story: $myProductStory\n Product Spokesperson: $mySpokesperson\n Product Reviewed: $myProductReviewed\n Product Decision Maker: $myProductDecision\n Samples: $file2\n $file3",
"From: $Email" );
  }
  else {
    $error .= 'There was an error in our database, please try again!';
  }
}
}
echo '<span class="textError">' . $error . '</span>';

?>

<form name="myform" action="" method="post" enctype="multipart/form-data">
<input type="hidden" name="myDate" size="45" maxlength="50" value="<?php echo date("F j, Y"); ?>" />


What is the name of your company and product?
<textarea name="myNameAndProduct" cols="72" rows="1"><?php echo $myNameAndProduct; ?></textarea>


What is your phone number?
<textarea name="myPhone" cols="72" rows="1"><?php echo $myPhone; ?></textarea>


What is your email?
<textarea name="myEmail" cols="72" rows="1"><?php echo $myEmail; ?></textarea>


website we can visit for more information?
<textarea name="myWebsite" cols="72" rows="1"><?php echo $myWebsite; ?></textarea>


What is this product used for?
<textarea name="myProductUse" cols="72" rows="3"><?php echo $myProductUse; ?></textarea>


Does this product solve a problem? If so, how?
<textarea name="myProductProblemSolver" cols="72" rows="3"><?php echo $myProductProblemSolver; ?></textarea>


Does your product have unique or cutting-edge features, ingredients or benefits?
<textarea name="myProductUnique" cols="72" rows="3"><?php echo $myProductUnique; ?></textarea>


What makes it better than similar products?
<textarea name="myWhyBetter" cols="72" rows="3"><?php echo $myWhyBetter; ?></textarea>


Does this product have mass appeal? Who is the target audience?
<textarea name="myProductAppeal" cols="72" rows="3"><?php echo $myProductAppeal; ?></textarea>


Is this product currently selling elsewhere? If so, where and what is the retail price?
<textarea name="myProductSelling" cols="72" rows="3"><?php echo $myProductSelling; ?></textarea>


Do you have independent research to prove claims about this product? Please provide copies.
<textarea name="myProductResearch" cols="72" rows="3"><?php echo $myProductResearch; ?></textarea>


Upload independent research copies (Word or PDF files):
<input type="file" name="file1" id="file1" />


How and why did your company start? Does that "story" make this product more interesting?
<textarea name="myProductStory" cols="72" rows="3"><?php echo $myProductStory; ?></textarea>


Do you have a passionate spokesperson that would be comfortable presenting on TV?
<textarea name="mySpokesperson" cols="72" rows="3"><?php echo $mySpokesperson; ?></textarea>


Has this product ever been submitted to QVC for review? If yes, please provide the details.
<textarea name="myProductReviewed" cols="72" rows="3"><?php echo $myProductReviewed; ?></textarea>


Who from your company will make the decision to proceed if QVC is presents the right opportunity?
<textarea name="myProductDecision" cols="72" rows="3"><?php echo $myProductDecision; ?></textarea>


Upload two samples of your product for review (.JPG or PDF files):

<input type="file" name="file2" id="file2" />

<input type="file" name="file3" id="file3" />


<input type="submit" name="submit" value="Submit New Product" class="submitButtonProduct" /><br />


</form>

It's essentially the same feedback for I always use and it works fine, but I have been trying to integrate the upload portion into it
from a tutorial I found on W3C: http://www.w3schools.com/PHP/php_file_upload.asp

Any ideas on how to make this work?

Hi.

Can someone show me the proper way to do a feedback form (like a "Contact US" form).
I have read about SQL injections and would like to know I am protecting against it.

And the proper way to store the submitted data in a database for a client's records.

I have a basic form I use, but I am unable to store the data properly.

Any help or a code idea would be appreciated.

Thanks much.

Hello all brilliant minds,

I'm a new in all this world of DB and coding and always i tried to avoid it because I think it is very hard (I'm trying to change now).

problem: I have a text file (log.txt) have data like below
========================================
> rtrv-ls

Command Accepted - Processing

    OXX 12-02-21 08:44:41 EST  EAGLE5 42.0.1-63.38.31
    rtrv-ls
    Command entered at terminal #7.
;

    OXX 12-02-21 08:44:41 EST  EAGLE5 42.0.1-63.38.31

                                                   L3T  SLT              GWS GWS GWS
    LSN           APCI   (SS7)  SCRN SET SET BEI LST LNKS ACT MES  DIS SLSCI NIS
    gtcen1pls     7-010-4       none 1    2    no   D    2        off   off   off    no    off
    gtgdv1pls     7-010-5       none 1    2    no   D    2        off   off   off    no    off

> rtrv-sid

Command Accepted - Processing

    OXX 12-02-21 08:43:43 EST  EAGLE5 42.0.1-63.38.31
    rtrv-sid
    Command entered at terminal #7.
;

    OXX 12-02-21 08:43:43 EST  EAGLE5 42.0.1-63.38.31
       PCA                       PCI          PCN                CLLI              PCTYPE
       010-010-010     7-055-1      01830              crher1p           OTHER
;
.
.
may output like this starting always with >

===================================================
Then I have SQL DB that have column with "rtrv-ls" and "rtrv-sid"

Requirement :

A) Use Php to open the .txt file, I used HTML form so the user can upload the file on the browser then
B) Search for the column name as pattern
C)Send query to MYSQL to update DB with Data for each column
D) Query the Mysql for several possible outputs (I've done this part using HTML form and simple php code as below.

<?php

// If we got a GET request on the page from HTML part of the code, we will want to store the data in a variable e.g $my_country
// So country will be passed via GET and will be stored in $my_country variable.

$host="localhost";
$con_usr="aomar";
$con_pass="nokia";

if ($_POST)   {
            $user_input = $_POST['my_log'] ;

// We use the request to search in Database and return the result, First step we need to connect to the database //

                $connect = mysql_connect ($host,$con_usr,$con_pass);
   
// Then we need to select database to run the query and return the result the connection stored in the $connect ressource //
   
if ($connect) {
              mysql_select_db("eagle",$connect);

// We store the query in variable $query becuase is it quite long text; we actually attach our varaiable $my_log passed from HTML //
         
              $query = "SELECT `".$user_input."` FROM `ss7`";

         //$update="INSERT INTO ss7 ('".$user_input."') VLAUES (';


// SO if user selected Egypt it will be stored in (name=my_country) variable from HTML and will be send via GET
// Then we store the query results in a variable called $result      
       
          $result = mysql_query ($query) ;
   

 $arr= mysql_fetch_array($result);
 
       
         echo nl2br ($arr["$user_input"]);
 
 
//Finally we return what we want from the array.
// Print the output as we wish. in case of row data like STP output, use the nl2br to preserve the output as it was written to MYSQL DB
// We need to check if the Query return no value (!$arr) , and print corresponding action

     
 
 
   
}
//================SECONED PART WHEN I LOAD THE LOG FILE TO BE STORED IN MYSQL================//


   
//close the db
mysql_close ($connect);
}
?>



<html>
<body>
<form action = "eagle.php?pmode=my_file" method = "POST"   enctype="multipart/form-data>
<fieldset>
<legend> Enter you log file here and click Save: </br> </legend>
<label for="my_file"> This Is My Capture File </label>
<input type = "file" name ="my_file" style=margin:auto > </input><br/><br/>
<input type="submit" value="Upload file">
</fieldset>
</form>
</body>
</html>   




<html>
<body>

<title>Eagle Data Base Store</title>
<form action = "eagle.php?pmode=my_log" method = "POST">
<fieldset>
<legend> Please Select the DB you would like to retrive </legend>
<br/><br/>
   <input type = "radio" name ="my_log" value = "rtrv-serial-num">Serial-Num</input>
    <input type = "radio" name ="my_log" value = "rtrv-stp">rtrv-stp</input>
   <input type = "radio" name ="my_log" value = "rtrv-feat">rtrv-feat</input>
   <input type = "radio" name ="my_log" value = "rtrv-dstn">rtrv-dstn</input>
   <input type = "radio" name ="my_log" value = "rtrv-rte">rtrv-rte</input>
   <input type = "radio" name ="my_log" value = "rtrv-trm">rtrv-trm</input>
   <input type = "radio" name ="my_log" value = "rtrv-slk">rtrv-slk</input><br/> <br/>
   <input type = "radio" name ="my_log" value = "rtrv-ls">rtrv-ls</input>
   <input type = "radio" name ="my_log" value = "rtrv-sccpopts">rtrv-sccpopts</input>
   <input type = "radio" name ="my_log" value = "rtrv-stpopts">rtrv-stpopts</input>
   <input type = "radio" name ="my_log" value = "rtrv-gsmopts">rtrv-gsmopts</input>
   <input type = "radio" name ="my_log" value = "rtrv-cmd">rtrv-cmd</input>
   <input type = "radio" name ="my_log" value = "rtrv-assoc">rtrv-assoc</input><br/> <br/>
   <input type = "radio" name ="my_log" value = "rtrv-gpl">rtrv-gpl</input>
   <input type = "radio" name ="my_log" value = "rtrv-ip-host">rtrv-ip-host</input>
   <input type = "radio" name ="my_log" value = "rtrv-ip-lnk">rtrv-ip-lnk</input>
   <input type = "radio" name ="my_log" value = "rtrv-secu-trm">rtrv-secu-trm</input>
   <input type = "radio" name ="my_log" value = "rtrv-secu-user">rtrc-secu-user</input>
   <input type = "radio" name ="my_log" value = "rept-stat-sys">rept-stat-sys</input><br/><br/>
   <input type = "radio" name ="my_log" value = "rept-stat-clk">rept-stat-clk</input>
   <input type = "radio" name ="my_log" value = "rtrv-ctrl-feat">rtrv-ctrl-feat</input>
   <input type = "radio" name ="my_log" value = "rtrv-tabl-capacity">rtrv-tabl-capacity</input><br/><br/>

   <input type = "submit" value = "Show Selected Table"/>
   
</fieldset>
</form>
</body>
</html>   

==========================================END OF CODE===========================

*** Sorry for the many comments but I want to be sure I remember why I do that .

You help is much appreciated
(Please note that need to understand more than I need the Code itself)