PHP - Guestbook Not Accepting Inputs
Hi, I've just installed a guestbook but when posting a message (signing in) it shows 'no entries yet'. On clicking the submit a very quick screen splashes up with a load of writing out of whoch I could just read ...line function open data file...
You can check it out at www.qualitycarersdirect.com/careasp/portal.asp then click on 'post on the baord' it is a php file. Similar TutorialsHow is it possible, in PHP, to display an error message next to a form input text field if a user is attempting to submit a form with empty fields? Moreover, how is it possible to remove the same error message when the user fills in the input field with the required data and/or refreshes the page? I have 2 files that I am working with: application.php and process.php.
application.php mainly has the HTML of the form. I am very new to learning PHP (I started learning it last week) and I have been searching for hours for a clear answer. I have already tried different methods for generating the error message including: using empty(), !isset, $_POST["name"] = "", etc, and have tried using session_start();, $row, echo, print, and other variables to try and display error message on the page, and I have tried using unset();, and = null, to try and remove the error message once the input field has been filled but all to no avail. Either the method I try only half works, or nothing works, and I cannot pinpoint which is the part that is not working. I only have 2 files to work with, and as an example of what I want to do is:
1. If the first name field is empty when the user clicks submit, an error message should appear next to the input. Is this possible with PHP? I posted this in the Regex forum, but the regex I have works fine, so this seems to be more of a php problem Quote from: Minklet on August 16, 2010, 11:48:23 PM Similarly, this regex to allow an embed code for youtube also will not work when it comes from a form field. This doesnt work: $embed = $_POST['mixembedlink']; if (preg_match('/<object width=\"([0-9]*)\" height=\"([0-9]*)\"><param name=\"movie\" value=\"(.*)\"><\/param><param name=\"allowFullScreen\" value=\".*\"><\/param><param name=\"allowscriptaccess\" value=\".*\"><\/param><embed src=\".*\" type=\".*\" allowscriptaccess=\".*\" allowfullscreen=\".*\" width=\"[0-9]*\" height=\"[0-9]*\"><\/embed><\/object>/',$embed,$preg_out)) {; $width = $preg_out[1]; $height = $preg_out[2]; $url = $preg_out[3]; echo 'WORKING'; } else { echo 'NOT WORKING!'; } This however does work: $embed = '<object width="480" height="385"><param name="movie" value="http://www.youtube.com/v/1mt3vZHDiM8?fs=1&hl=en_US"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/1mt3vZHDiM8?fs=1&hl=en_US" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="480" height="385"></embed></object>'; if (preg_match('/<object width=\"([0-9]*)\" height=\"([0-9]*)\"><param name=\"movie\" value=\"(.*)\"><\/param><param name=\"allowFullScreen\" value=\".*\"><\/param><param name=\"allowscriptaccess\" value=\".*\"><\/param><embed src=\".*\" type=\".*\" allowscriptaccess=\".*\" allowfullscreen=\".*\" width=\"[0-9]*\" height=\"[0-9]*\"><\/embed><\/object>/',$embed,$preg_out)) {; $width = $preg_out[1]; $height = $preg_out[2]; $url = $preg_out[3]; echo 'WORKING'; } else { echo 'NOT WORKING!'; } Can anyone shed some light on why this is? The form names are exactly right. I think i've checked and renamed them about 10 times each. I checked with firebug and compared the POST value to the string in the one that works and they are exactly the same. I can't figure out what the problem is at all Hi guys, I am creating a quiz system for my personal site, I am done with all the quiz questions creating part, but I am stuck with something like... user taking a random sql generated quiz and submitting it.. Here's randomly generated sql quiz, even the answers are in random order: <form method="post"> <b>1. What is color or sky</b> <ol> <li><input name="question_3_answer" type="radio" value="6" /> sky</li> <li><input name="question_3_answer" type="radio" value="8" />blue</li> <-- true <li><input name="question_3_answer" type="radio" value="3" />red</li> </ol> <b>2. What is name of my cat</b> <ol> <li><input name="question_6_answer" type="radio" value="9" />brat</li> <--true <li><input name="question_6_answer" type="radio" value="7" />rat</li> </ol> <b>3. What is name of my pet</b> <ol> <li><input name="question_18_answer" type="radio" value="9" />cat</li> <--true <li><input name="question_18_answer" type="radio" value="7" />dog</li> </ol> </form> Now this is tricky part for me is.. receiving these data in another page.. since it's randomly generated questions, how do I know which question it is? here's example I've tried : $list_all_quiz_questions = $db->get_row("SELECT question_id, its_true_ans_id FROM question_table WHERE quiz_group = 'ef23fsdfers3e' "); $i = 1; foreach ($list_all_quiz_questions as $myquestion) { $answer.$i == $_POST["question_".$myquestion->question_id."_answer"]; //?????????? not working lol ;(( $i++ } Hi Everyone, I'm trying to figure out why my my form isn't accepting any values I put into it. I've been trying to figure this out for the past 2 hrs and I'm stumped. Any ideas please let me know. Thanks everyone! http://whatsmyowncarworth.com/auto/form2.php Code: [Select] <?php include('init.php'); $firstname = mysql_real_escape_string($_POST['firstname']); $lastname = mysql_real_escape_string($_POST['lastname']); $address = mysql_real_escape_string($_POST['address']); $state = mysql_real_escape_string($_POST['state']); $city = mysql_real_escape_string($_POST['city']); $sql="INSERT INTO customers (first_name, last_name, address, state, city) VALUES('$firstname','$lastname','$address','$state','$city')"; if ($firstname && $lastname && $address && $state && $city) { } else echo "You must fill the entire form!"; ?> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> http://whatsmyowncarworth.com/auto/form.php Code: [Select] <html> <body> <form method="post" action="form2.php"> <table> <tr> <td>Firstname:</td> <td><input type="text" name="firstname"></td> </tr> <tr> <td>Lastname:</td> <td><input type="text" name="lastname"></td> </tr> <tr> <td>Address:</td> <td><input type="text" name="address"></td> </tr> <tr> <td>State:</td> <td><input type="text" name="state"></td> </tr> <tr> <td>City:</td> <td><input type="text" name="city"></td> </tr> <tr> <td><input type="submit" name="submit" value="Register!"></td> </tr> </table> </form> </body> </html> I manage a simple website for a small business - nothin fancy. I'm interested using some php to enhance the site a bit. I'm looking to accept some user input and put it into a database then display it back to them on another page. What php functions would be best to use to accomplish this? Thanks for the input! I’ve got a well proven php-mysqli website that works perfectly on desktops. It requests the email and password on the login page, taking that data and inspecting it before processing further. I’ve designed the presentation using CSS to be responsive and it’s working well, except for ..
.. when I used it on my Nexus 4 and 7 the web site appeared. I touched the menu item ‘login’ and I entered both the correct email and password. However, the application bounced back as it should if either the email or password was wrong. So I inserted PHP scripting and confirmed that the site was receiving the correct email but a wrong password. The logic is 100% proven and the data entry correct.
Is there something with the google nexus (and smartphones in general) that disallows web site passwords until some parameter is set? I'm hoping a responsive website developer accommodating nexus 4 or 7 can assist here.
I'm saving customer comments in an MYSQL. But the when I use mysql_real_escape_string() to filter the input data it's causing wired signs when it's displayed in the guest book. (E.g. whenever there is a ' sign, the output is \'). Is it safe to have a guest book without mysql_real_escape_string( or please suggest how should I go about creating this guest book on my website. Thanks. Bickey. I am trying to modify Guestbook. In order to access the page, the user must log in using a screen name and email address that has been registered with the website. What I want to take the log in information and automatically populate the Name and email field of the input comment form. I have set up SESSION Variables (see below for the login php). <?php session_start(); require_once("dbcon.php"); $form = "<table> <form action='login.php' method='post'> <tr> <td>Username: </td><td><input type='text' name='user' size='20' /> </tr> <tr> <td>Email: </td><td><input type='text' name='emad' size='30' /> </tr> <tr> <td><input type='submit' name='submit' value='Login' /> <td><a href='New Contact.html'>New Account </a> </tr> </form> </table>"; // Do NOT use \" when you still have the option to use singlequotes, looks so messy... $user = $_POST['user']; $emad = $_POST['emad']; //defining these in the start makes the source looks nicer if(!$_POST['submit']) die($form); // just kill the rest of the script if the form isn't submitted. if(!$user || !$emad) die("Required fields missing<br /><br /> $form"); // killing the rest of the script and echoing the form and error $sql = "SELECT ident FROM Mix WHERE password = '$pass' AND username = '$user'"; // just like with the variables and prints/echoes, you don't need to ".$var." anything with double quotemarks $res = mysql_query($sql) or die(mysql_error()); if(mysql_num_rows($res) > 0) { $row = mysql_fetch_assoc($res); $_SESSION['uid'] = $row['id']; $_SESSION['un'] = $_POST['user']; //Setup user name into session variable. $_SESSION['ua'] = $_POST['emad']; //Setup email address into session variable. echo "You have been logged in as $user at $emad. Click <a href=\"gbook.php\">here</a> to the member page."; } else { echo "That username/password combination doesn't exist!<br /><br/> $form"; } ?> Below is a copy of the Sign Form. php. I am trying to populate teh Name and email fields but the SESSION variables don't show up. Can someone figure out what I AM DOING WRONG. <?php session_start (); $un = $_SESSION['un']; $ua = $_SESSION['ua']; ?> <div id="gbook_guestbook" align="center"> <span class="gbook_guestbook"><?php echo $lang['t48']; ?></span><br class="clear" /> <span class="gbook_required"><?php echo $lang['t49']; ?></span> </div> <form action="gbook.php" method="post"> <!--SIGN FORM --> <div id="gbook_entries"> <?php if ($error) { echo '<div class="gbook_sign_error">'.$error.'</div>'; } ?> <div class="gbook_left"><span class="gbook_entries"><b><?php echo $lang['t50']; ?></b></span></div> <div class="gbook_right"><input type="hidden" name="<?php echo $myfield['name']; ?>" value="<?php echo $un; ?>" /></div> <?php echo $un; ?> <div class="clear"></div> <div class="gbook_left"><span class="gbook_entries"><?php echo $lang['t51']; ?></span></div> <div class="gbook_right"><input type="text" name="from" value="<?php echo $from; ?>" size="45" /></div> <div class="clear"></div> <?php if ($settings['use_url']) { ?> <div class="gbook_left"><span class="gbook_entries"><?php echo $lang['t53']; ?></span></div> <div class="gbook_right"><input type="text" name="url" value="<?php echo $url; ?>" size="45" maxlength="80" /></div> <div class="clear"></div> <?php } ?> <div class="gbook_left"><span class="gbook_entries"><?php echo $lang['t52']; ?></span></div> <div class="gbook_right"><input type="hidden" name="email" value="<?php echo $ua; ?>" /> <?php echo $ua; ?> <?php if ($settings['hide_emails']) { ?> <br class="clear" /><span class="gbook_entries"><i><?php echo $lang['t66']; ?></i></span> <?php } ?> </div> <div class="clear"></div> <div class="gbook_left"><span class="gbook_entries"><b><?php echo $lang['t16']; ?></b></span></div> <div class="gbook_right"><span class="gbook_entries"><i><?php echo $lang['t54']; ?></i></span></div> <textarea name="<?php echo $myfield['cmnt']; ?>" rows="12" cols="57" id="cmnt"><?php echo $comments; ?></textarea> <!--BOTTOM IMAGES --> <div id="gbook_bottom_images" class="gbook_bottom_images"> <a href="#" onclick="document.getElementById('cmnt').value += ' ';return false;"><img src="<?php echo $settings['tpl_path']; ?>images/emoticons/bigsmile.gif" alt="" title="" width="19" height="19" /></a> <a href="#" onclick="document.getElementById('cmnt').value += ' :!cool: ';return false;"><img src="<?php echo $settings['tpl_path']; ?>images/emoticons/cool.gif" alt=":!cool:" title=":!cool:" width="19" height="19" /></a> <a href="#" onclick="document.getElementById('cmnt').value += ' :!cry: ';return false;"><img src="<?php echo $settings['tpl_path']; ?>images/emoticons/crying.gif" alt=":!cry:" title=":!cry:" width="19" height="19" /></a> <a href="#" onclick="document.getElementById('cmnt').value += ' :!devil: ';return false;"><img src="<?php echo $settings['tpl_path']; ?>images/emoticons/devil.gif" alt=":!devil:" title=":!devil:" width="19" height="19" /></a> <a href="#" onclick="document.getElementById('cmnt').value += ' ';return false;"><img src="<?php echo $settings['tpl_path']; ?>images/emoticons/smile.gif" alt="" title="" width="19" height="19" /></a> <a href="#" onclick="document.getElementById('cmnt').value += ' :!mad: ';return false;"><img src="<?php echo $settings['tpl_path']; ?>images/emoticons/mad.gif" alt=":!mad:" title=":!mad:" width="19" height="19" /></a> <a href="#" onclick="document.getElementById('cmnt').value += ' :!thinking: ';return false;"><img src="<?php echo $settings['tpl_path']; ?>images/emoticons/thinking.gif" alt=":!thinking:" title=":!thinking:" width="19" height="19" /></a> <a href="#" onclick="document.getElementById('cmnt').value += ' :p ';return false;"><img src="<?php echo $settings['tpl_path']; ?>images/emoticons/tongueout.gif" alt=":p" title=":p" width="19" height="19" /></a> <a href="#" onclick="document.getElementById('cmnt').value += ' ';return false;"><img src="<?php echo $settings['tpl_path']; ?>images/emoticons/wink.gif" alt="" title="" width="19" height="19" /></a> <a href="#" onclick="document.getElementById('cmnt').value += ' ';return false;"><img src="<?php echo $settings['tpl_path']; ?>images/emoticons/blush.gif" alt="" title="" width="19" height="19" /></a> <a href="javascript:openSmiley()" class="gbook_submitted"><?php echo $lang['t26']; ?></a><br /> <label><input type="checkbox" name="nosmileys" value="Y" class="gbook_checkbox" <?php echo $nosmileys; ?> /><span class="gbook_entries"><?php echo $lang['t28']; ?></span></label><br class="clear" /> <?php /* Private mesasges */ if ($settings['use_private']) { ?> <label><input type="checkbox" name="private" value="Y" class="gbook_checkbox" <?php echo $isprivate; ?> /><span class="gbook_entries"><?php echo $lang['t55']; ?></span></label><br class="clear" /> <?php } /* Print anti-SPAM features */ echo $settings['antispam']; ?> </div> <!--BOTTOM IMAGES END --> <div align="center"> <div class="clear"> </div> <!--SPAM TRAPS --> <!-- DON'T DELETE THESE HIDDEN FIELDS AND COMMENTS, THEY HELP CATCH STUPID SPAMBOTS! --> <input type="hidden" name="name" /> <input type="hidden" name="<?php echo $myfield['bait']; ?>" /> <!-- > <input type="text" name="comments" value="1" /> < --> <!--SPAM TRAPS END--> <input type="hidden" name="a" value="add" /> <input type="submit" value="<?php echo $lang['t88']; ?>" class="submit" /> </div> <p> </p> </div> <!--SIGN FORM END --> </form> Not sure if this is in the right forum (if not can a mod move it please).... Im creating a site that is based on a subscription basis. Therefore i need to allow the user to input their card details for me to store to allow payments every month (and also for them to update when needed). How do you recommend storing card details in the database, im guessing its not secure just to store them as plain text? Opinions needed Hello! I am trying to make a Guestbook with help from the internet. I have created all sites what i need, but i have some problems with the Input. For example here is the Name inputfrom the "sign.php" <form id="form1" name="form1" method="post" action="addguestbook.php"> <td> <table width="400" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF"> <tr> <td width="117">Name</td> <td width="14">:</td> <td width="357"><input name="name" type="text" id="name" size="40" /></td> </tr> And here is the "insert sequence" from the "guestbook.php": $sql="INSERT INTO $tbl_name(name, email, comment, datetime) VALUES('$name', '$email', '$comment', '$datetime')"; $result=mysql_query($sql); If i open the guestbook.php i just can see the datetime. What went wrong? Thanks, Mark p.S.: sorry for my english. I have a guestbook that writes an entry to a text file, but when I first run it I get this error: Warning: fread() [function.fread]: Length parameter must be greater than 0 in C:\xampp\htdocs\xampp\index.php on line 66 Is there a way I can get rid of that error and still be able to use my guestbook until I actual update my guestbook using a database? Hi All, Hope you can help. I am doing a very basic guestbook. Having problems with the posting method. The code is below all I am doing is insert a record into a mysql table but when I post getting a blank page with no obvious errors! code is below. if ($_POST['submit']) { $name = $_POST['name']; $email = $_POST['email']; $message = $_POST['message']; $date = $_POST("Y-m-d"); $time = $_POST("H:i:s"); if($name&&$email&&$message) { $querypost = mysql_query("INSERT INTO guestbook (id, name, email, message, date, time) VALUES ('','$name','$email','$message','$date','$time')"); echo "Please wait.... <meta http-equiv='refresh' content='2'>"; } else echo "Please fill out all fields."; } Okay I am extremely new to PHP and am trying to make a 2 page guestbook, where one page has the form to submit a message to the guestbook and the other page displays the messages. However I am having some errors, one being that when I submit a test message it still shows the "please enter your name and comments" thing I have set when people don't fill the required fields. The other error I'm having is if I put two test messages into the guestbook some of the info from the last message fills in the fields of the other one instead of what was actually filled into the form. For example, if I insert the name "Pat" and the comment "testing 1 2 3" into one message and than insert the name "Bob" and the comment "hi" for another message when I submit the second message it may instead of putting "hi" it'll put "testing 1 2 3" so I get: Posted by: Pat testing 1 2 3 ________________ Posted by: Bob testing 1 2 3 instead of: Posted by: Pat testing 1 2 3 ________________ Posted by: Bob hi Like it should.... What am I doing wrong???? My PHP code for submition is: Code: [Select] <?php //connecting to the Database $connect = mysql_connect("127.0.0.1","patben_guestbook","") or die("Error"); //selecting the table mysql_select_db("patben_guestbookdatabase") or die("Error"); //selecting ALL data $queryget = mysql_query("SELECT * FROM guestbook") or die("Error"); //sort the data while ($row = mysql_fetch_assoc($queryget)) { $id = $row['id']; $date = $row['date']; $name = $row['name']; $email = $row['email']; $song = $row['song']; $part = $row['part']; $comments = $row['comments']; //processing data echo " <table> <tr> <td> <b>Posted by:</b> $name ($email)<br /> <b>$date</b><br /> <b>Favorite Pat Song:</b> $song<br /> <b>Favorite Part of the Site:</b> $part </td> </tr> <tr> <td> ".nl2br(strip_tags($comments))." <hr /> </td> </tr> </table> "; } if ($_POST['submit']); { $date = date("Y-m-d"); $name = $_POST['name']; $comments = $_POST['comments']; if ($name&&$comments) { $queryget = mysql_query("INSERT INTO guestbook (id,date, name, email, song, part, comments) VALUES ('','$date','$name','$email','$song','$part','$comments')"); echo "Please wait... <meta http-equiv='refresh' content='2'>"; echo mysql_error(); } else echo "Please enter your name and comments"; } ?> And my HTML form is: Code: [Select] <form action="process.php" method="post"> <table width="500" border="0" cellspacing="2" cellpadding="0"> <tr valign="top"> <td width="500px" class="name"><span style="color:#ff0000"><b>*</b></span>Name:</td> <td width="500px"><input name="name" type="text" id="name" size="32" /></td> </tr> <tr valign="top"> <td width="500px" class="bodytext"> Email Address:</td> <td width="500px"><input name="email" type="text" id="email" size="32" /></td> </tr> <tr valign="top"> <td width="500px" class="pat"> Your Favorite Pat Song?:</td> <td width="500px"><input name="song" type="text" id="song" size="32" /></td> </tr> <tr valign="top"> <td width="500px" class="part"> Your Favorite Part of my Site?:</td> <td width="500px"><input name="part" type="text" id="part" size="32" /></td> </tr> <tr valign="top"> <td width="500px" class="comments"><span style="color:#ff0000"><b>*</b></span> Comment:</td> <td width="500px"><textarea name="comments" id="comments" cols="28" rows="6" class="comments"></textarea></td> </tr> <tr valign="top"> <td class="bodytext"> </td> <td align="left" valign="top"><input type="submit" name="Submit" value="Post" class="btn" /></td> </tr> </table> </form> I've found an example of guestbook that I would like to use on my site, but when I tested it I got the following error: Warning: fread() [function.fread]: Length parameter must be greater than 0 in C:\xampp\htdocs\xampp\index.php on line 66 I've included the bits of code for addguestbook.php guestbook.txt(didnt not include) and index.php. Also, is there a way that I could allow the client to look through out entries? I know very little about php, so any help is much appreciated. Code: [Select] ------ addguestbook.php code ------ <HTML> <HEAD> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><style type="text/css"> <!-- body,td,th { font-size: 12px; color: #000000; } a:link { text-decoration: none; color: #0066FF; } a:visited { text-decoration: none; color: #0066FF; } a:hover { text-decoration: underline; color: #0066FF; } a:active { text-decoration: none; } body { background-color: #CCCCCC; SCROLLBAR-FACE-COLOR: #0066FF; MARGIN: 0px; SCROLLBAR-HIGHLIGHT-COLOR: #0066FF; SCROLLBAR-SHADOW-COLOR: #0066FF; SCROLLBAR-3DLIGHT-COLOR: #0066FF; SCROLLBAR-ARROW-COLOR: #51B0F2; SCROLLBAR-TRACK-COLOR: #51B0F2; Courier New; SCROLLBAR-DARKSHADOW-COLOR: #000000 } --> </style> </HEAD> <BODY> <?php $file = "guestbook.txt"; $name = $_POST['name']; $email = $_POST['email']; $site = $_POST['site']; $msg = $_POST['msg']; $site = stripslashes($site); $msg = stripslashes($msg); $email = stripslashes($email); $name = stripslashes($name); $msg = str_replace ("<","<",$msg); $msg = str_replace ("\n","<br>",$msg); $site = str_replace ("<","<",$site); $site = str_replace ("\n","<br>",$site); $email = str_replace ("<","<",$email); $email = str_replace ("\n","<br>",$email); $name = str_replace ("<","<",$name); $name = str_replace ("\n","<br>",$name); if(empty($email) || empty($name) || empty($msg)) { echo "<h3>Sorry all fields are required</h3>"; } else { $fp = fopen($file,"a"); fwrite($fp, ' <font size="3"> <BR><BR> Name: '.$name.'<BR> Email: <a href="mailto:'.$email.'">'.$email.'</a><BR> Home Page: <a href="'.$site.'">'.$site.'</a><BR>Message: '.$msg.'<BR> '); fclose($fp); echo '<font size="3"><p align="center">Thank you '.$name.' for singing my guestbook</p></font>'; } ?> <div align="center"></div> <div align="center"></div> <div align="center"></div> <div align="center"></div> <p align="center"><a href="YOU`R INDEX.PHP LINK HERE">Back to GuestBook</a></p> <div align="center"></div> </BODY> </HTML> ---- finish ----- ---- index.php code ----- <HTML> <HEAD> <style type="text/css"> <!-- .style1 {font-size: 12px} body,td,th { font-size: 14px; } a { font-size: 12px; } body { background-color: #CCCCCC; SCROLLBAR-FACE-COLOR: #0066FF; MARGIN: 0px; SCROLLBAR-HIGHLIGHT-COLOR: #0066FF; SCROLLBAR-SHADOW-COLOR: #0066FF; SCROLLBAR-3DLIGHT-COLOR: #0066FF; SCROLLBAR-ARROW-COLOR: #51B0F2; SCROLLBAR-TRACK-COLOR: #51B0F2; Courier New; SCROLLBAR-DARKSHADOW-COLOR: #000000 } a:link { color: #0066FF; text-decoration: none; } a:visited { text-decoration: none; color: #0066FF; } a:hover { text-decoration: underline; color: #0066FF; } a:active { text-decoration: none; } --> </style> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><BODY> <form method="post" action="addguestbook.php"> <div align="center"></div> <div align="center"></div> <div align="center" class="style1"></div> <div align="center"><span class="style1">Name:</span><br /> <input name="name" type="text" size="30" maxlength="40" /> <br /> <span class="style1"><br /> Email:</span><br /> <input name="email" type="text" size="30" maxlength="40" /> <br /> <br /> <span class="style1">Home Page:</span><br /> <input name="site" type="text" size="30" value="http://" maxlength="40" /> <br /> <br /> <span class="style1">Message:</span><br /> <textarea name="msg" cols="22" rows="6"></textarea> <br /> <br /> <input type="reset" value="Reset" /> <input type="submit" value="Send" /> </div> <div align="center"> <p> </p> <?php $file = "guestbook.txt"; if (fopen($file, "r")) { $fil = "guestbook.txt"; $fo = fopen ($fil, "r"); $con = fread ($fo,filesize ($fil)); fclose ($fo); echo "$con"; } else { echo "<h3>Sorry there was an error please contact us now<h3>"; } ?></div> </BODY> </HTML> ---- finish ----- I try to adjust my date and time to ("M-d-Y h:i:s A"), but when I do, I get 0's for the both the date and time. Code: [Select] <table width="400" border="0" align="center" cellpadding="3" cellspacing="0"> <tr> <td><strong>Test Sign Guestbook </strong></td> </tr> </table> <table width="400" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC"> <tr> <form id="form1" name="form1" method="post" action="addguestbook.php"> <td> <table width="400" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF"> <tr> <td width="117">Name</td> <td width="14">:</td> <td width="357"><input name="name" type="text" id="name" size="40" /></td> </tr> <tr> <td>Email</td> <td>:</td> <td><input name="email" type="text" id="email" size="40" /></td> </tr> <tr> <td valign="top">Comment</td> <td valign="top">:</td> <td><textarea name="comment" cols="40" rows="3" id="comment"></textarea></td> </tr> <tr> <td> </td> <td> </td> <td><input type="submit" name="Submit" value="Submit" /> <input type="reset" name="Submit2" value="Reset" /></td> </tr> </table> </td> </form> </tr> </table> <table width="400" border="0" align="center" cellpadding="3" cellspacing="0"> <tr> <td><strong><a href="viewguestbook.php">View Guestbook</a> </strong></td> </tr> </table> Code: [Select] <?php $mysql_host = "myhost"; $mysql_database = "guest"; $mysql_user = "myusername"; $mysql_password = "mypassword"; //$db_name="guest"; This is not needed, as db_name is $mysql_database above, so please delete this line. $tbl_name="guestbook"; // Table name // Connect to server and select database. mysql_connect("$mysql_host", "$mysql_user", "$mysql_password") or die("cannot connect server "); mysql_select_db("$mysql_database") or die("cannot select DB"); $name = $_POST['name']; $email = $_POST['email']; $comment = $_POST['comment']; $datetime=date("y-m-d h:i:s"); //date time $sql="INSERT INTO $tbl_name (name, email, comment, datetime) VALUES ('$name', '$email', '$comment', '$datetime')"; $result=mysql_query($sql); //check if query successful if($result){ echo "Successful"; echo "<BR>"; echo "<a href='viewguestbook.php'>View guestbook</a>"; // link to view guestbook page } else { echo "ERROR"; } mysql_close(); ?> Code: [Select] <table width="400" border="0" align="center" cellpadding="3" cellspacing="0"> <tr> <td><strong>View Guestbook | <a href="guestbook.php">Sign Guestbook</a> </strong></td> </tr> </table> <br> <?php $mysql_host = "myhost"; $mysql_database = "guest"; $mysql_user = "myusername"; $mysql_password = "mypassword"; $tbl_name="guestbook"; // Table name // Connect to server and select database. mysql_connect("$mysql_host", "$mysql_user", "$mysql_password") or die("cannot connect server "); mysql_select_db("$mysql_database") or die("cannot select DB"); $sql="SELECT * FROM $tbl_name"; $result=mysql_query($sql); while($rows=mysql_fetch_array($result)){ ?> <table width="400" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC"> <tr> <td><table width="400" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF"> <tr> <td>ID</td> <td>:</td> <td><? echo $rows['id']; ?></td> </tr> <tr> <td width="117">Name</td> <td width="14">:</td> <td width="357"><? echo $rows['name']; ?></td> </tr> <tr> <td>Email</td> <td>:</td> <td><? echo $rows['email']; ?></td> </tr> <tr> <td valign="top">Comment</td> <td valign="top">:</td> <td><? echo nl2br($rows['comment']); ?></td> </tr> <tr> <td valign="top">Date/Time </td> <td valign="top">:</td> <td><? echo $rows['datetime']; ?></td> </tr> </table></td> </tr> </table> <BR> <? } mysql_close(); //close database ?> I have a simple guestbook set up. Even when I set the max post size to 6000000 (if you're wondering why Id allow that its cause I'm just using it as a private message board with one other person), after a certain amount of characters, it splits the post up into several messages and in place of the name of the poster, it's an IP. Any ideas why this is happening? Thanks. I have a working guestbook, but adjusting the time is whats getting me. I am trying to get the time to change depending on the timezone. And I also trying to get the time in the format 1:00 PM, not 21:00. Then on a different note, how can I stop spamming and injections. Index page for guestbook Code: [Select] <HTML> <HEAD> <style type="text/css"> <!-- .style1 {font-size: 12px} body,td,th { font-size: 14px; } a { font-size: 12px; } body { background-color: #CCCCCC; SCROLLBAR-FACE-COLOR: #0066FF; MARGIN: 0px; SCROLLBAR-HIGHLIGHT-COLOR: #0066FF; SCROLLBAR-SHADOW-COLOR: #0066FF; SCROLLBAR-3DLIGHT-COLOR: #0066FF; SCROLLBAR-ARROW-COLOR: #51B0F2; SCROLLBAR-TRACK-COLOR: #51B0F2; Courier New; SCROLLBAR-DARKSHADOW-COLOR: #000000 } a:link { color: #0066FF; text-decoration: none; } a:visited { text-decoration: none; color: #0066FF; } a:hover { text-decoration: underline; color: #0066FF; } a:active { text-decoration: none; } --> </style> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><BODY> <form method="post" action="addguestbook.php"> <div align="center"></div> <div align="center"></div> <div align="center" class="style1"></div> <div align="center"><span class="style1">Name:</span><br /> <input name="name" type="text" size="30" maxlength="40" /> <br /> <span class="style1"><br /> Email:</span><br /> <input name="email" type="text" size="30" maxlength="40" /> <br /> <br /> <span class="style1">Home Page:</span><br /> <input name="site" type="text" size="30" value="http://" maxlength="40" /> <br /> <br /> <span class="style1">Message:</span><br /> <textarea name="msg" cols="22" rows="6"></textarea> <br /> <br /> <input type="reset" value="Reset" /> <input type="submit" value="Send" /> </div> <div align="center"> <p> </p> <?php $file = "guestbook.txt"; if (fopen($file, "r")) { $fil = "guestbook.txt"; $fo = fopen ($fil, "r"); $con = fread ($fo,filesize ($fil)); fclose ($fo); echo "$con"; } else { echo "<h3>Sorry there was an error please contact us now<h3>"; } ?></div> </BODY> </HTML> addguestbook.php Code: [Select] <HTML> <HEAD> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><style type="text/css"> <!-- body,td,th { font-size: 12px; color: #000000; } a:link { text-decoration: none; color: #0066FF; } a:visited { text-decoration: none; color: #0066FF; } a:hover { text-decoration: underline; color: #0066FF; } a:active { text-decoration: none; } body { background-color: #CCCCCC; SCROLLBAR-FACE-COLOR: #0066FF; MARGIN: 0px; SCROLLBAR-HIGHLIGHT-COLOR: #0066FF; SCROLLBAR-SHADOW-COLOR: #0066FF; SCROLLBAR-3DLIGHT-COLOR: #0066FF; SCROLLBAR-ARROW-COLOR: #51B0F2; SCROLLBAR-TRACK-COLOR: #51B0F2; Courier New; SCROLLBAR-DARKSHADOW-COLOR: #000000 } --> </style> </HEAD> <BODY> <?php function is_leapyear($year = 2004) { return ($year%4)==0; } $file = "guestbook.txt"; $name = $_POST['name']; $email = $_POST['email']; $site = $_POST['site']; $msg = $_POST['msg']; $site = stripslashes($site); $msg = stripslashes($msg); $email = stripslashes($email); $name = stripslashes($name); $msg = str_replace ("<","<",$msg); $msg = str_replace ("\n","<br>",$msg); $site = str_replace ("<","<",$site); $site = str_replace ("\n","<br>",$site); $email = str_replace ("<","<",$email); $email = str_replace ("\n","<br>",$email); $name = str_replace ("<","<",$name); $name = str_replace ("\n","<br>",$name); if(empty($email) || empty($name) || empty($msg)) { echo "<h3>Sorry all fields are required</h3>"; } else { $fp = fopen($file,"a"); $timestamp=date("M/D/Y h:m:s"); fwrite($fp, ' <font size="3"> <BR><BR> Posted: '.$timestamp.'<br /> Name: '.$name.'<BR> Email: <a href="mailto:'.$email.'">'.$email.'</a><BR> Home Page: <a href="'.$site.'">'.$site.'</a><BR>Message: '.$msg.'<BR> '); fclose($fp); echo '<font size="3"><p align="center">Thank you '.$name.' for singing my guestbook</p></font>'; } ?> <div align="center"></div> <div align="center"></div> <div align="center"></div> <div align="center"></div> <p align="center"><a href="index.php">Back to GuestBook</a></p> <div align="center"></div> </BODY> </HTML> Dear people here at phpfreaks
I am working on updating an old guestbook with outdated code (predecated). I will follow the suggestions I have received here on this forum already by using the new MySQL PDO technique. I am pretty rusty on PHP and MySQL, since I haven't been using it for years. So it took me a while to get Xampp running and installing Virtual hosts, so I can test my code locally. This is all working now. I have decided to start from scratch, building my guestbook up gradually in order to be able to understand each step better. I am inspired by the following tutorial:
http://wiki.hashphp....ySQL_Developers
So far I have created four files
1. contribution_to_guestbook.html
2. put_in_guestbook.php
3. show_content_of_guestbook.php
4. mysql_functions.php
The guestbook is implemented as a table with the name guestbook in the MySQL database with the name my_database. The database contains six fields, which a id, time, ip, name, email and contribution. The user can write a contribution by filling in his name, email address and contribution in the form placed in the first file. These data for the fields name, email and contribution respectively are being sent to the second file. At the same time the datetime is automatically registered along with the IP address of the users computer in the fields time and ip. When inserted in the table in the database via the second file, the primary field id is automatically added and incremented by 1. After the insertion in the database, the user is directed to file 3, where the content of the whole guestbook is being displayed for the user to see. The 4th file is containing the connection details for the database, including the password.
NB! The IP address of the users computer is not being displayed but only collected in the case one want to block spammers from specific computers with fixed IP addresses. In order to better block for spam from computer bots, I will later place a question in the first file to only admit humans ...
My questions
Is the structure of my guestbook convenient? Would it be appropriate to create functions to make the code more readable and if so, how can I do it? I wanted to make a prepared statement in the 3. file in which I select the content on the guestbook in order to display it. Can it be done, and if so how do the code look like? I know I need more error handling. Also I need to test user input. For example if no contribution is being written, an error message should be shown to the user, etc. Do you have some suggestions here and how to do it? What about security? I hope the password for my database will not be accessible in any way? I will appreciate any comments on the four questions above and eventual something else I have overlooked! I hope my thread is not too long. Hope for some replies ... Here is my code so far (still just a framework!): 1. contribution_to_guestbook.html <!doctype html> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Contribution to Guestbook</title> <style type="text/css"> body,td,th {font-family: Verdana, Geneva, sans-serif;} form1 table tr td {color: #06C;} h1 {color: #0000A0;} </style> </head> <body> <form method="POST" action="put_in_guestbook.php"> <h1>Contribution to Guestbook</h1> <table border="0" cellspacing="5" cellpadding="5"> <tr> <td>Name</td> <td> <INPUT type="text" name="name" size=40 maxlength=100> </td> </tr> <tr> <td>Email</td> <td> <INPUT type="text" name="email" size=40 maxlength=100> </td> </tr> <tr> <td valign="top">Contribution</td> <td> <TEXTAREA name="contribution" cols=60 rows=10></TEXTAREA> </td> </tr> <tr> <td></td> <td align="center"> <INPUT type="submit" value="Submit contribution"> </td> </tr> </table> </form> <p></p> </body> </html>2. put_in_guestbook.php <?php require("mysql_functions.php"); $ip = $_SERVER['REMOTE_ADDR']; //Clients IP address collected $name = $_POST['name']; //Data from input form etc. $email = $_POST['email']; $contribution = $_POST['contribution']; try { $db = new PDO('mysql:host='.$server.';dbname='.$database.';charset=utf8mb4', $username, $password); //Connecting to database $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false); $stmt = $db->prepare("INSERT INTO guestbook(`time`, `ip`, `name`, `email`, `contribution`) VALUES(NOW(), ?, ?, ?, ?)"); $stmt->execute(array($ip, $name, $email, $contribution)); //Placing the new contribution with details in Guestbook $db = NULL; //Closing database header("Location: show_content_of_guestbook.php"); //Redirecting to another page to show content of guestbook } catch(PDOException $ex) { echo "Could not insert into guestbook"; } ?>3. show_content_of_guestbook.php <!DOCTYPE html> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf8mb4" /> <title>Guestbook</title> </head> <body> <?php require("mysql_functions.php"); header('Content-Type: text/html; charset=utf-8'); try { $db = new PDO('mysql:host='.$server.';dbname='.$database.';charset=utf8mb4', $username, $password); //Connecting to database $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false); foreach ($db->query('SELECT * FROM guestbook') as $row) { echo "Contribution number: ".$row['id']."<br/>"; echo "Time: ".$row['time']."<br/>"; echo "Name: ".$row['name']."<br/>"; echo "Email: ".$row['email']."<br/>"; echo "Contribution: ".$row['contribution']."<br/>"."<br/>"; $db=NULL; //Closing database } } catch(PDOException $ex) { echo "An error ocurred"; } ?> </body> </html>4. mysql_functions.php <?php $server = 'localhost'; $username = 'root'; $password = 'my_password'; $database = 'my_database'; ?>Regards, Erik Edited by erikla, 16 July 2014 - 07:52 AM. Hi I just implementet a PHP Guestbook in my Flash site, and it works almost perfectly. But i have one problem. Every time i try to write on the guestbook, and include a Colon : <---- , it wont work. How do i make it work? You can see the guestbook he http://www.meny-graphics.dk/blog by pressing "Mere" under the first entry, and scrolling down. The PHP file can be found he http://www.meny-graphics.dk/blog/GuestBook.php Thanks in advance! I have created a php guestbook for my site. The only problem I have with it is that when a user puts a carriage return in their entry, it is not replicated in the viewed post. I'm trying to figure out how I turn these returns into <br /> tags for display. Do I do something with the php that handles the input (i.e. somehow replace carriage returns with <br />'s) or is it to do with the output php code? Any pointers would be gratefully appreciated. This is the php for the guestbook entries output: Code: [Select] <?php include "connection.php"; $table = "guestbook"; $data = mysql_query("SELECT * FROM $table ORDER BY id DESC") or die(mysql_error()); echo "<div class='divide_message'>"; while($info = mysql_fetch_array( $data )) { $date = date("d/m/y",strtotime($info['date'])); echo "<div class='block message'>"; echo "<div class='message_name'>" . $info['name'] . ""; echo "<span class='date'>" . $date . "</span></div><br />"; echo "<div class='message_message'>" . $info['message'] . "</div>"; echo "</div>"; } echo "</div>"; ?> |