473,373 Members | 1,119 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,373 software developers and data experts.

Help posting to guestbook

Thekid
145 100+
Hi, I'm using xampplite and I'm trying to make a guestbook and a forms page where you can post to the guestbook with PHP & MySQL. I got the code from a website but it wasn't working so I tinkered with it a little and it's closer but not quite right. I made a database named 'guestbook' with a table named 'visitors'. In it are the following fields:
TimeStamp
Name
Last
email
comment

Here is the code to the guestbook (guestbook.php), followed by forms page (insertguest.php) and finally the script that should add it to the database (add2tbl.php)

guestbook.php (which seems to work ok?)
Expand|Select|Wrap|Line Numbers
  1. <html>
  2. <head><title>Guest book - display the info</title>
  3. </head>
  4.  
  5. <body bgcolor=#ffffff>
  6.  
  7. <?php
  8.  
  9. if (empty($srt)) {
  10. $srt='TimeStamp';
  11. }
  12.  
  13. if (empty($offset)) {
  14. $offset='0';
  15. }
  16.  
  17. echo '<h2>Entries from the guest book sorted by </h2>';
  18.  
  19.  
  20. mysql_connect('localhost','root','passwordhere') or die ('Problem connecting to DataBase');
  21. $query = "SELECT * FROM visitors order by $srt limit $offset,10";
  22. $result = mysql_db_query("guestbook", $query);
  23.  
  24. if ($result) { //Print results in table
  25.  
  26. echo "<table width=90% align=center border=1><tr>
  27. <td align=center bgcolor=#00FFFF><a href=\"guestbook.php?
  28. srt=TimeStamp\">Visit time and date</a></td>
  29. <td align=center bgcolor=#00FFFF><a href=\"guestbook.php?srt=Name\">Name</a></td>
  30. <td align=center bgcolor=#00FFFF><a href=\"guestbook.php?srt=Last\">Last
  31. Name</a></td>
  32. <td align=center bgcolor=#00FFFF><a href=\"guestbook.php?
  33. srt=email\">Email</a></td>
  34. <td align=center bgcolor=#00FFFF><a href=\"guestbook.php?
  35. srt=comment\">Comment</a></td>
  36. </tr>";
  37.  
  38. while ($r = mysql_fetch_array($result)) {
  39. $TimeStamp = $r["TimeStamp"];
  40. $Name = $r["Name"];
  41. $Last = $r["Last"];
  42. $email = $r["email"];
  43. $comment = $r["comment"];
  44. echo "<tr>
  45. <td>$TimeStamp</td>
  46. <td>$Name</td>
  47. <td>$Last</td>
  48. <td>$email</td></tr>
  49. <tr> <td colspan=4 bgcolor=\"#ffffa0\">$comment</td>
  50. </tr>";
  51. } //End while loop
  52. echo "</table>";
  53. } //End if true
  54. else { //Begin if false
  55. echo "error.";
  56. } //end if false
  57. mysql_free_result($result);
  58.  
  59. $next=$offset+'10'; //View next or previous entries
  60. $prev=$offset-'10';
  61.  
  62. $query = "SELECT * FROM visitors";
  63. $res = mysql_db_query("guestbook", $query);
  64. $num=mysql_num_rows($res);
  65.  
  66. echo "<table align=center><tr>";
  67.  
  68. if ($prev>='0')
  69. {
  70. echo "<form method='post'>";
  71. echo "<input type=hidden name=offset value=$prev>";
  72. echo "<input type=hidden name=srt value=$srt>";
  73. echo "<td align=center><input type=submit value='Previous Entries'></td>";
  74. echo "</form>";
  75. }
  76.  
  77. if ($num>=$next)
  78. {
  79. echo "<form method='post'>";
  80. echo "<input type=hidden name=offset value=$next>";
  81. echo "<input type=hidden name=srt value=$srt>";
  82. echo "<td align=center><input type=submit value='Next Entries'></td>";
  83. echo "</form>";
  84. }
  85.  
  86. echo "</tr></table>";
  87.  
  88.  
  89. ?>
  90.  
  91.  
  92. </body>
  93. </html> 
  94.  
insertguest.php (come up as form and will display the text from add2tbl.php)
Expand|Select|Wrap|Line Numbers
  1. <html>
  2. <head><title>Adding entry to guest book</title>
  3. </head>
  4.  
  5. <body bgcolor=#ffffff>
  6.  
  7. <h1>Add an entry</h1>
  8.  
  9.  
  10. <form method="post" action="add2tbl.php">
  11. <table width=90% align=center>
  12. <tr><td>First Name:</td><td><input type=text name='Name' size=40
  13. maxlength=100></td></tr>
  14. <tr><td>Last Name:</td><td><input type=text name='Last' size=40 maxlength=100></td></tr>
  15. <tr><td>email:</td><td><input type=text name='email' size=40 maxlength=100></td></tr>
  16. <tr><td>Your Comment:</td><td><textarea name=comment rows=4
  17. cols=60></textarea></td></tr>
  18. <tr><td></td><td><input type=submit></td></tr>
  19. </table>
  20. <input type=hidden name=timestamp <?php $dte=date("d/m/Y H:i:s");
  21. echo "value='$dte'";?>><br>
  22. </form>
  23. </body>
  24. </html> 
  25.  
add2tbl.php -for some reason the VALUES won't add properly. If left as is below, it works but will add the values as the text, ie TimeStamp, Name. I've tried changing them to variables like: VALUES ('$TimeStamp', '$Name', '$Last', etc...but that doesn't work either. I need the VALUES to reflect the input from insertguest.php. Thank you!
Expand|Select|Wrap|Line Numbers
  1. <?php
  2. echo '<b><p>Thank you for your input!</p></b>';
  3. mysql_connect('localhost','root','passwordhere') or die ('Problem connecting to DataBase');
  4. $query = "INSERT INTO `guestbook`.`visitors` (`TimeStamp`, `Name`, `Last`, `email`, `comment`) 
  5. VALUES ('TimeStamp', 'Name', 'Last', 'email', 'comment')";
  6. $result = mysql_db_query('guestbook', $query);
  7. ?>
  8.  
  9.  
Mar 26 '09 #1
5 25551
numberwhun
3,509 Expert Mod 2GB
@Thekid
Hopefully one of the experts will correct me if I am wrong, but I don't think you can just reference the values as you have. When you hit submit on the form, the names, as you have them above are actually values, but they are part of the $_REQUEST array. So, you can reference them with:

Expand|Select|Wrap|Line Numbers
  1. $_REQUEST['TimeStamp']
  2.  
I only used the TimeStamp variable above just to give you an idea of what I am talking about. Try replacing the names in the VALUES section as shown above for each one and then see if it works.

Just to rule out any questions, here is what I am talking about:

Expand|Select|Wrap|Line Numbers
  1. <?php
  2. echo '<b><p>Thank you for your input!</p></b>';
  3. mysql_connect('localhost','root','passwordhere') or die ('Problem connecting to DataBase');
  4. $query = "INSERT INTO `guestbook`.`visitors` (`TimeStamp`, `Name`, `Last`, `email`, `comment`) 
  5. VALUES ($_REQUEST['TimeStamp'], $_REQUEST['Name'], $_REQUEST['Last'], $_REQUEST['email'], $_REQUEST['comment'])";
  6. $result = mysql_db_query('guestbook', $query);
  7. ?>
  8.  
Regards,

Jeff
Mar 27 '09 #2
TheServant
1,168 Expert 1GB
The PHP $_REQUEST variable contains the contents of $_GET, $_POST, and $_COOKIE. I suggest just using one, so more than likely for a form (and what is already there - method="post") to use $_POST. $_REQUEST will work but searching for $_GET and $_COOKIE variables is not required if all your data is in the $_POST array. Hope that made sense.
Confirming numberwhun's comment that it cannot be values referenced like that, but need to be a variable as suggested. I might also take this time to make sure that some data checking is going on. DO NOT EVER just trust user input and try put the $_POST['variable_name'] into your database without checking and cleaning it! Any input should be checked and sanitized so that SQL Injection cannot happen. You should have something like:
Expand|Select|Wrap|Line Numbers
  1. <?php 
  2. $TimeStamp = sanitize( $_POST['TimeStamp'] );
  3. $Name = sanitize( $_POST['Name'] );
  4. $Last = sanitize( $_POST['Last'] );
  5. $email = sanitize( $_POST['email'] );
  6. $comment = sanitize( $_POST['comment] );
  7. $result = mysql_query( "INSERT INTO visitors (TimeStamp, Name, Last, email, comment) VALUES ($TimeStamp, $Name, $Last, $email, $comment)" ); 
  8. ?>
Where sanitize() is your own function. As already said, you should check the data entered in the form and reject it if it does not match what you expected it to look like (checking number fields are numbers, and names don't have special characters, etc...)
Mar 27 '09 #3
Markus
6,050 Expert 4TB
Further reading:
Mar 27 '09 #4
Thekid
145 100+
Thank you guys for your replies. This is what I ended up with and it works:

Expand|Select|Wrap|Line Numbers
  1. <?php
  2. echo '<b><p>Thank you for your input!</p></b>';
  3. mysql_connect('localhost','root','passwordhere') or die ('Problem connecting to DataBase');
  4. $TimeStamp = htmlentities( $_POST['TimeStamp'] );
  5. $Name = htmlentities( $_POST['Name'] );
  6. $Last = htmlentities( $_POST['Last'] );
  7. $email = htmlentities( $_POST['email'] );
  8. $comment = htmlentities( $_POST['comment'] );
  9. $query = "INSERT INTO `guestbook`.`visitors` (`TimeStamp`, `Name`, `Last`, `email`, `comment`) 
  10. VALUES ('$TimeStamp', '$Name', '$Last', '$email', '$comment')";
  11. $result = mysql_db_query('guestbook', $query);
  12. ?>
  13.  
Mar 27 '09 #5
Markus
6,050 Expert 4TB
Note: you're not preventing yourself from SQL Injection here.
Mar 27 '09 #6

Sign in to post your reply or Sign up for a free account.

Similar topics

5
by: Dariusz | last post by:
I want to use arrays in my website (flat file for a guestbook), but despite having read through countless online tutorials on the topic, I just can't get my code to work. I know there are...
1
by: Rune RunnestÝ | last post by:
Hi, I have made a small program that doesn't work quite the way it should. It is a guestbook for the web, where visitors can write back their greetings. The program consists of 3 files: -...
6
by: DigitalRick | last post by:
I have been running CDONTS in my ASPpages to send emails to me sent from my guestbook. It had been working fine untill I upgraded to Server 2003 (I am also running Exchange 2003) all locally. I...
1
by: Viken Karaguesian | last post by:
Hello everyone, Just wanting some advice. I'd like to start removing the Microsoft-generated guestbook (a feature of FrontPage) on my websites but I'm not sure if it can be done just using HTML....
1
by: capb | last post by:
Hello, This is my first post, and any help would be greatly appreciated. I create online memorials which contain guestbooks which have been the subject of computer generated spam. I have been able...
0
by: samjam | last post by:
Below is some coding in a program i am using, i would like to know how i can get the text bigger or bolder on my webpage, This is the section of text i would like bigger or bolder (This is a very...
0
by: http://www.free-guestbook.net/gbook.php?u=21740 | last post by:
http://www.free-guestbook.net/gbook.php?u=21740 http://www.free-guestbook.net/gbook.php?u=21741 http://www.free-guestbook.net/gbook.php?u=21742 http://www.free-guestbook.net/gbook.php?u=21743
4
by: infoseekar | last post by:
HI Guys I am a beginner. I am trying to create a guestbook. I have the code for it and it is in three parts. Part 1 "dp.php" to open database and make connection Part 2 "index.php" which will...
5
by: Josephine | last post by:
HI experts, I am new in asp.net. I used Visual Studion 2005 and MS Access 2003 to build aspx files. I used the VS 2005 "DetailView" and "GridView" that has INSERT, EDIT, DELETE function. It is...
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
by: ryjfgjl | last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
0
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
0
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
0
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
0
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
0
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
0
BarryA
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
1
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.