473,604 Members | 2,487 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Help posting to guestbook

Thekid
145 New Member
Hi, I'm using xampplite and I'm trying to make a guestbook and a forms page where you can post to the guestbook with PHP & MySQL. I got the code from a website but it wasn't working so I tinkered with it a little and it's closer but not quite right. I made a database named 'guestbook' with a table named 'visitors'. In it are the following fields:
TimeStamp
Name
Last
email
comment

Here is the code to the guestbook (guestbook.php) , followed by forms page (insertguest.ph p) and finally the script that should add it to the database (add2tbl.php)

guestbook.php (which seems to work ok?)
Expand|Select|Wrap|Line Numbers
  1. <html>
  2. <head><title>Guest book - display the info</title>
  3. </head>
  4.  
  5. <body bgcolor=#ffffff>
  6.  
  7. <?php
  8.  
  9. if (empty($srt)) {
  10. $srt='TimeStamp';
  11. }
  12.  
  13. if (empty($offset)) {
  14. $offset='0';
  15. }
  16.  
  17. echo '<h2>Entries from the guest book sorted by </h2>';
  18.  
  19.  
  20. mysql_connect('localhost','root','passwordhere') or die ('Problem connecting to DataBase');
  21. $query = "SELECT * FROM visitors order by $srt limit $offset,10";
  22. $result = mysql_db_query("guestbook", $query);
  23.  
  24. if ($result) { //Print results in table
  25.  
  26. echo "<table width=90% align=center border=1><tr>
  27. <td align=center bgcolor=#00FFFF><a href=\"guestbook.php?
  28. srt=TimeStamp\">Visit time and date</a></td>
  29. <td align=center bgcolor=#00FFFF><a href=\"guestbook.php?srt=Name\">Name</a></td>
  30. <td align=center bgcolor=#00FFFF><a href=\"guestbook.php?srt=Last\">Last
  31. Name</a></td>
  32. <td align=center bgcolor=#00FFFF><a href=\"guestbook.php?
  33. srt=email\">Email</a></td>
  34. <td align=center bgcolor=#00FFFF><a href=\"guestbook.php?
  35. srt=comment\">Comment</a></td>
  36. </tr>";
  37.  
  38. while ($r = mysql_fetch_array($result)) {
  39. $TimeStamp = $r["TimeStamp"];
  40. $Name = $r["Name"];
  41. $Last = $r["Last"];
  42. $email = $r["email"];
  43. $comment = $r["comment"];
  44. echo "<tr>
  45. <td>$TimeStamp</td>
  46. <td>$Name</td>
  47. <td>$Last</td>
  48. <td>$email</td></tr>
  49. <tr> <td colspan=4 bgcolor=\"#ffffa0\">$comment</td>
  50. </tr>";
  51. } //End while loop
  52. echo "</table>";
  53. } //End if true
  54. else { //Begin if false
  55. echo "error.";
  56. } //end if false
  57. mysql_free_result($result);
  58.  
  59. $next=$offset+'10'; //View next or previous entries
  60. $prev=$offset-'10';
  61.  
  62. $query = "SELECT * FROM visitors";
  63. $res = mysql_db_query("guestbook", $query);
  64. $num=mysql_num_rows($res);
  65.  
  66. echo "<table align=center><tr>";
  67.  
  68. if ($prev>='0')
  69. {
  70. echo "<form method='post'>";
  71. echo "<input type=hidden name=offset value=$prev>";
  72. echo "<input type=hidden name=srt value=$srt>";
  73. echo "<td align=center><input type=submit value='Previous Entries'></td>";
  74. echo "</form>";
  75. }
  76.  
  77. if ($num>=$next)
  78. {
  79. echo "<form method='post'>";
  80. echo "<input type=hidden name=offset value=$next>";
  81. echo "<input type=hidden name=srt value=$srt>";
  82. echo "<td align=center><input type=submit value='Next Entries'></td>";
  83. echo "</form>";
  84. }
  85.  
  86. echo "</tr></table>";
  87.  
  88.  
  89. ?>
  90.  
  91.  
  92. </body>
  93. </html> 
  94.  
insertguest.php (come up as form and will display the text from add2tbl.php)
Expand|Select|Wrap|Line Numbers
  1. <html>
  2. <head><title>Adding entry to guest book</title>
  3. </head>
  4.  
  5. <body bgcolor=#ffffff>
  6.  
  7. <h1>Add an entry</h1>
  8.  
  9.  
  10. <form method="post" action="add2tbl.php">
  11. <table width=90% align=center>
  12. <tr><td>First Name:</td><td><input type=text name='Name' size=40
  13. maxlength=100></td></tr>
  14. <tr><td>Last Name:</td><td><input type=text name='Last' size=40 maxlength=100></td></tr>
  15. <tr><td>email:</td><td><input type=text name='email' size=40 maxlength=100></td></tr>
  16. <tr><td>Your Comment:</td><td><textarea name=comment rows=4
  17. cols=60></textarea></td></tr>
  18. <tr><td></td><td><input type=submit></td></tr>
  19. </table>
  20. <input type=hidden name=timestamp <?php $dte=date("d/m/Y H:i:s");
  21. echo "value='$dte'";?>><br>
  22. </form>
  23. </body>
  24. </html> 
  25.  
add2tbl.php -for some reason the VALUES won't add properly. If left as is below, it works but will add the values as the text, ie TimeStamp, Name. I've tried changing them to variables like: VALUES ('$TimeStamp', '$Name', '$Last', etc...but that doesn't work either. I need the VALUES to reflect the input from insertguest.php . Thank you!
Expand|Select|Wrap|Line Numbers
  1. <?php
  2. echo '<b><p>Thank you for your input!</p></b>';
  3. mysql_connect('localhost','root','passwordhere') or die ('Problem connecting to DataBase');
  4. $query = "INSERT INTO `guestbook`.`visitors` (`TimeStamp`, `Name`, `Last`, `email`, `comment`) 
  5. VALUES ('TimeStamp', 'Name', 'Last', 'email', 'comment')";
  6. $result = mysql_db_query('guestbook', $query);
  7. ?>
  8.  
  9.  
Mar 26 '09 #1
5 25622
numberwhun
3,509 Recognized Expert Moderator Specialist
@Thekid
Hopefully one of the experts will correct me if I am wrong, but I don't think you can just reference the values as you have. When you hit submit on the form, the names, as you have them above are actually values, but they are part of the $_REQUEST array. So, you can reference them with:

Expand|Select|Wrap|Line Numbers
  1. $_REQUEST['TimeStamp']
  2.  
I only used the TimeStamp variable above just to give you an idea of what I am talking about. Try replacing the names in the VALUES section as shown above for each one and then see if it works.

Just to rule out any questions, here is what I am talking about:

Expand|Select|Wrap|Line Numbers
  1. <?php
  2. echo '<b><p>Thank you for your input!</p></b>';
  3. mysql_connect('localhost','root','passwordhere') or die ('Problem connecting to DataBase');
  4. $query = "INSERT INTO `guestbook`.`visitors` (`TimeStamp`, `Name`, `Last`, `email`, `comment`) 
  5. VALUES ($_REQUEST['TimeStamp'], $_REQUEST['Name'], $_REQUEST['Last'], $_REQUEST['email'], $_REQUEST['comment'])";
  6. $result = mysql_db_query('guestbook', $query);
  7. ?>
  8.  
Regards,

Jeff
Mar 27 '09 #2
TheServant
1,168 Recognized Expert Top Contributor
The PHP $_REQUEST variable contains the contents of $_GET, $_POST, and $_COOKIE. I suggest just using one, so more than likely for a form (and what is already there - method="post") to use $_POST. $_REQUEST will work but searching for $_GET and $_COOKIE variables is not required if all your data is in the $_POST array. Hope that made sense.
Confirming numberwhun's comment that it cannot be values referenced like that, but need to be a variable as suggested. I might also take this time to make sure that some data checking is going on. DO NOT EVER just trust user input and try put the $_POST['variable_name'] into your database without checking and cleaning it! Any input should be checked and sanitized so that SQL Injection cannot happen. You should have something like:
Expand|Select|Wrap|Line Numbers
  1. <?php 
  2. $TimeStamp = sanitize( $_POST['TimeStamp'] );
  3. $Name = sanitize( $_POST['Name'] );
  4. $Last = sanitize( $_POST['Last'] );
  5. $email = sanitize( $_POST['email'] );
  6. $comment = sanitize( $_POST['comment] );
  7. $result = mysql_query( "INSERT INTO visitors (TimeStamp, Name, Last, email, comment) VALUES ($TimeStamp, $Name, $Last, $email, $comment)" ); 
  8. ?>
Where sanitize() is your own function. As already said, you should check the data entered in the form and reject it if it does not match what you expected it to look like (checking number fields are numbers, and names don't have special characters, etc...)
Mar 27 '09 #3
Markus
6,050 Recognized Expert Expert
Further reading:
Mar 27 '09 #4
Thekid
145 New Member
Thank you guys for your replies. This is what I ended up with and it works:

Expand|Select|Wrap|Line Numbers
  1. <?php
  2. echo '<b><p>Thank you for your input!</p></b>';
  3. mysql_connect('localhost','root','passwordhere') or die ('Problem connecting to DataBase');
  4. $TimeStamp = htmlentities( $_POST['TimeStamp'] );
  5. $Name = htmlentities( $_POST['Name'] );
  6. $Last = htmlentities( $_POST['Last'] );
  7. $email = htmlentities( $_POST['email'] );
  8. $comment = htmlentities( $_POST['comment'] );
  9. $query = "INSERT INTO `guestbook`.`visitors` (`TimeStamp`, `Name`, `Last`, `email`, `comment`) 
  10. VALUES ('$TimeStamp', '$Name', '$Last', '$email', '$comment')";
  11. $result = mysql_db_query('guestbook', $query);
  12. ?>
  13.  
Mar 27 '09 #5
Markus
6,050 Recognized Expert Expert
Note: you're not preventing yourself from SQL Injection here.
Mar 27 '09 #6

Sign in to post your reply or Sign up for a free account.

Similar topics
5
3447
Help req with arrays
by: Dariusz | last post by:
I want to use arrays in my website (flat file for a guestbook), but despite having read through countless online tutorials on the topic, I just can't get my code to work. I know there are guestbook scripts out there - but that doesn't help me learn how to programme arrays !!! The following is the code for the PHP (called externally), which does execute...
PHP
1
6209
Making a guestbook for the web
by: Rune Runnestø | last post by:
Hi, I have made a small program that doesn't work quite the way it should. It is a guestbook for the web, where visitors can write back their greetings. The program consists of 3 files: - guestbook.jsp -> this is the form - writeToFile -> writing the captured data from the form to a file - readFromFile -> reading all the greetings to the file guestbook.jsp Here is the file Guestbook.jsp: ------------------------------ <!--...
Javascript
6
11170
Converting CDONTS to CDO to send mail from a guestbook to me....
by: DigitalRick | last post by:
I have been running CDONTS in my ASPpages to send emails to me sent from my guestbook. It had been working fine untill I upgraded to Server 2003 (I am also running Exchange 2003) all locally. I will include the code I originally used. I understand I should switch from CDONTS to CDO mail but after several sttempts I am finding a very hard time getting the new CDO mail to work properly. Any assistance with this would be greatly...
ASP / Active Server Pages
1
11971
Forms / submit. Making a guestbook.
by: Viken Karaguesian | last post by:
Hello everyone, Just wanting some advice. I'd like to start removing the Microsoft-generated guestbook (a feature of FrontPage) on my websites but I'm not sure if it can be done just using HTML. There seems to be a lot of server-side processing going on. The guesbooks are setup in such a fashion that when user submits an entry, not only is it posted in the page for public viewing, but I also receive an e-mail letting me kow that the...
HTML / CSS
1
4852
Need help preventing spammers in guestbooks
by: capb | last post by:
Hello, This is my first post, and any help would be greatly appreciated. I create online memorials which contain guestbooks which have been the subject of computer generated spam. I have been able to modify the php script to eliminate posts containing www and http which solved the problem for a while, but the spammers are back in full force. I need to add a security measure to eliminate the spam, but I don't want it to bee too obtrusive. I...
PHP
0
3688
Help please new to this how to make text bigger
by: samjam | last post by:
Below is some coding in a program i am using, i would like to know how i can get the text bigger or bolder on my webpage, This is the section of text i would like bigger or bolder (This is a very rare lacquered tea caddy c1840. The outside of the caddy has wonderful scenes on each side which are really finely painted. The caddy stands on claw feet. Inside there are four tin canister which is very rare to see on such a small caddy. All canisters...
XML
0
7050
http://www.free-guestbook.net/gbook.php?u=21740
by: http://www.free-guestbook.net/gbook.php?u=21740 | last post by:
http://www.free-guestbook.net/gbook.php?u=21740 http://www.free-guestbook.net/gbook.php?u=21741 http://www.free-guestbook.net/gbook.php?u=21742 http://www.free-guestbook.net/gbook.php?u=21743
ASP.NET
4
10318
Guestbook - No Error messages nor outcome
by: infoseekar | last post by:
HI Guys I am a beginner. I am trying to create a guestbook. I have the code for it and it is in three parts. Part 1 "dp.php" to open database and make connection Part 2 "index.php" which will show the guestbook entries and Part 3 "add.php" to add new entry. The problems is when i run any of the file nothing happens i.e. no error(s) and no result. I tired to check the code so many times and couldnt any find any errors. Part 1
PHP
5
1925
Help: Edit MS Access 2003 record on webserver (VS 2005)
by: Josephine | last post by:
HI experts, I am new in asp.net. I used Visual Studion 2005 and MS Access 2003 to build aspx files. I used the VS 2005 "DetailView" and "GridView" that has INSERT, EDIT, DELETE function. It is working on my local drive but when i posted it to my web server and I got this error. Can anyone help/assist me? Billion thanks. -----------------------file script---------------------------- <%@ Page Language="VB" AutoEventWireup="false"...
.NET Framework
0
7997
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
General
0
7929
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
Windows Server
0
8419
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
0
8409
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
1
8065
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
Windows Server
0
6739
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
Career Advice
0
3955
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
1
1526
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP
0
1266
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us