472,348 Members | 1,538 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 472,348 software developers and data experts.

Help posting to guestbook

145 100+
Hi, I'm using xampplite and I'm trying to make a guestbook and a forms page where you can post to the guestbook with PHP & MySQL. I got the code from a website but it wasn't working so I tinkered with it a little and it's closer but not quite right. I made a database named 'guestbook' with a table named 'visitors'. In it are the following fields:

Here is the code to the guestbook (guestbook.php), followed by forms page (insertguest.php) and finally the script that should add it to the database (add2tbl.php)

guestbook.php (which seems to work ok?)
Expand|Select|Wrap|Line Numbers
  1. <html>
  2. <head><title>Guest book - display the info</title>
  3. </head>
  5. <body bgcolor=#ffffff>
  7. <?php
  9. if (empty($srt)) {
  10. $srt='TimeStamp';
  11. }
  13. if (empty($offset)) {
  14. $offset='0';
  15. }
  17. echo '<h2>Entries from the guest book sorted by </h2>';
  20. mysql_connect('localhost','root','passwordhere') or die ('Problem connecting to DataBase');
  21. $query = "SELECT * FROM visitors order by $srt limit $offset,10";
  22. $result = mysql_db_query("guestbook", $query);
  24. if ($result) { //Print results in table
  26. echo "<table width=90% align=center border=1><tr>
  27. <td align=center bgcolor=#00FFFF><a href=\"guestbook.php?
  28. srt=TimeStamp\">Visit time and date</a></td>
  29. <td align=center bgcolor=#00FFFF><a href=\"guestbook.php?srt=Name\">Name</a></td>
  30. <td align=center bgcolor=#00FFFF><a href=\"guestbook.php?srt=Last\">Last
  31. Name</a></td>
  32. <td align=center bgcolor=#00FFFF><a href=\"guestbook.php?
  33. srt=email\">Email</a></td>
  34. <td align=center bgcolor=#00FFFF><a href=\"guestbook.php?
  35. srt=comment\">Comment</a></td>
  36. </tr>";
  38. while ($r = mysql_fetch_array($result)) {
  39. $TimeStamp = $r["TimeStamp"];
  40. $Name = $r["Name"];
  41. $Last = $r["Last"];
  42. $email = $r["email"];
  43. $comment = $r["comment"];
  44. echo "<tr>
  45. <td>$TimeStamp</td>
  46. <td>$Name</td>
  47. <td>$Last</td>
  48. <td>$email</td></tr>
  49. <tr> <td colspan=4 bgcolor=\"#ffffa0\">$comment</td>
  50. </tr>";
  51. } //End while loop
  52. echo "</table>";
  53. } //End if true
  54. else { //Begin if false
  55. echo "error.";
  56. } //end if false
  57. mysql_free_result($result);
  59. $next=$offset+'10'; //View next or previous entries
  60. $prev=$offset-'10';
  62. $query = "SELECT * FROM visitors";
  63. $res = mysql_db_query("guestbook", $query);
  64. $num=mysql_num_rows($res);
  66. echo "<table align=center><tr>";
  68. if ($prev>='0')
  69. {
  70. echo "<form method='post'>";
  71. echo "<input type=hidden name=offset value=$prev>";
  72. echo "<input type=hidden name=srt value=$srt>";
  73. echo "<td align=center><input type=submit value='Previous Entries'></td>";
  74. echo "</form>";
  75. }
  77. if ($num>=$next)
  78. {
  79. echo "<form method='post'>";
  80. echo "<input type=hidden name=offset value=$next>";
  81. echo "<input type=hidden name=srt value=$srt>";
  82. echo "<td align=center><input type=submit value='Next Entries'></td>";
  83. echo "</form>";
  84. }
  86. echo "</tr></table>";
  89. ?>
  92. </body>
  93. </html> 
insertguest.php (come up as form and will display the text from add2tbl.php)
Expand|Select|Wrap|Line Numbers
  1. <html>
  2. <head><title>Adding entry to guest book</title>
  3. </head>
  5. <body bgcolor=#ffffff>
  7. <h1>Add an entry</h1>
  10. <form method="post" action="add2tbl.php">
  11. <table width=90% align=center>
  12. <tr><td>First Name:</td><td><input type=text name='Name' size=40
  13. maxlength=100></td></tr>
  14. <tr><td>Last Name:</td><td><input type=text name='Last' size=40 maxlength=100></td></tr>
  15. <tr><td>email:</td><td><input type=text name='email' size=40 maxlength=100></td></tr>
  16. <tr><td>Your Comment:</td><td><textarea name=comment rows=4
  17. cols=60></textarea></td></tr>
  18. <tr><td></td><td><input type=submit></td></tr>
  19. </table>
  20. <input type=hidden name=timestamp <?php $dte=date("d/m/Y H:i:s");
  21. echo "value='$dte'";?>><br>
  22. </form>
  23. </body>
  24. </html> 
add2tbl.php -for some reason the VALUES won't add properly. If left as is below, it works but will add the values as the text, ie TimeStamp, Name. I've tried changing them to variables like: VALUES ('$TimeStamp', '$Name', '$Last', etc...but that doesn't work either. I need the VALUES to reflect the input from insertguest.php. Thank you!
Expand|Select|Wrap|Line Numbers
  1. <?php
  2. echo '<b><p>Thank you for your input!</p></b>';
  3. mysql_connect('localhost','root','passwordhere') or die ('Problem connecting to DataBase');
  4. $query = "INSERT INTO `guestbook`.`visitors` (`TimeStamp`, `Name`, `Last`, `email`, `comment`) 
  5. VALUES ('TimeStamp', 'Name', 'Last', 'email', 'comment')";
  6. $result = mysql_db_query('guestbook', $query);
  7. ?>
Mar 26 '09 #1
5 24442
3,503 Expert Mod 2GB
Hopefully one of the experts will correct me if I am wrong, but I don't think you can just reference the values as you have. When you hit submit on the form, the names, as you have them above are actually values, but they are part of the $_REQUEST array. So, you can reference them with:

Expand|Select|Wrap|Line Numbers
  1. $_REQUEST['TimeStamp']
I only used the TimeStamp variable above just to give you an idea of what I am talking about. Try replacing the names in the VALUES section as shown above for each one and then see if it works.

Just to rule out any questions, here is what I am talking about:

Expand|Select|Wrap|Line Numbers
  1. <?php
  2. echo '<b><p>Thank you for your input!</p></b>';
  3. mysql_connect('localhost','root','passwordhere') or die ('Problem connecting to DataBase');
  4. $query = "INSERT INTO `guestbook`.`visitors` (`TimeStamp`, `Name`, `Last`, `email`, `comment`) 
  5. VALUES ($_REQUEST['TimeStamp'], $_REQUEST['Name'], $_REQUEST['Last'], $_REQUEST['email'], $_REQUEST['comment'])";
  6. $result = mysql_db_query('guestbook', $query);
  7. ?>

Mar 27 '09 #2
1,168 Expert 1GB
The PHP $_REQUEST variable contains the contents of $_GET, $_POST, and $_COOKIE. I suggest just using one, so more than likely for a form (and what is already there - method="post") to use $_POST. $_REQUEST will work but searching for $_GET and $_COOKIE variables is not required if all your data is in the $_POST array. Hope that made sense.
Confirming numberwhun's comment that it cannot be values referenced like that, but need to be a variable as suggested. I might also take this time to make sure that some data checking is going on. DO NOT EVER just trust user input and try put the $_POST['variable_name'] into your database without checking and cleaning it! Any input should be checked and sanitized so that SQL Injection cannot happen. You should have something like:
Expand|Select|Wrap|Line Numbers
  1. <?php 
  2. $TimeStamp = sanitize( $_POST['TimeStamp'] );
  3. $Name = sanitize( $_POST['Name'] );
  4. $Last = sanitize( $_POST['Last'] );
  5. $email = sanitize( $_POST['email'] );
  6. $comment = sanitize( $_POST['comment] );
  7. $result = mysql_query( "INSERT INTO visitors (TimeStamp, Name, Last, email, comment) VALUES ($TimeStamp, $Name, $Last, $email, $comment)" ); 
  8. ?>
Where sanitize() is your own function. As already said, you should check the data entered in the form and reject it if it does not match what you expected it to look like (checking number fields are numbers, and names don't have special characters, etc...)
Mar 27 '09 #3
6,050 Expert 4TB
Further reading:
Mar 27 '09 #4
145 100+
Thank you guys for your replies. This is what I ended up with and it works:

Expand|Select|Wrap|Line Numbers
  1. <?php
  2. echo '<b><p>Thank you for your input!</p></b>';
  3. mysql_connect('localhost','root','passwordhere') or die ('Problem connecting to DataBase');
  4. $TimeStamp = htmlentities( $_POST['TimeStamp'] );
  5. $Name = htmlentities( $_POST['Name'] );
  6. $Last = htmlentities( $_POST['Last'] );
  7. $email = htmlentities( $_POST['email'] );
  8. $comment = htmlentities( $_POST['comment'] );
  9. $query = "INSERT INTO `guestbook`.`visitors` (`TimeStamp`, `Name`, `Last`, `email`, `comment`) 
  10. VALUES ('$TimeStamp', '$Name', '$Last', '$email', '$comment')";
  11. $result = mysql_db_query('guestbook', $query);
  12. ?>
Mar 27 '09 #5
6,050 Expert 4TB
Note: you're not preventing yourself from SQL Injection here.
Mar 27 '09 #6

Sign in to post your reply or Sign up for a free account.

Similar topics

by: Dariusz | last post by:
I want to use arrays in my website (flat file for a guestbook), but despite having read through countless online tutorials on the topic, I just...
by: Rune RunnestÝ | last post by:
Hi, I have made a small program that doesn't work quite the way it should. It is a guestbook for the web, where visitors can write back their...
by: DigitalRick | last post by:
I have been running CDONTS in my ASPpages to send emails to me sent from my guestbook. It had been working fine untill I upgraded to Server 2003...
by: Viken Karaguesian | last post by:
Hello everyone, Just wanting some advice. I'd like to start removing the Microsoft-generated guestbook (a feature of FrontPage) on my websites...
by: capb | last post by:
Hello, This is my first post, and any help would be greatly appreciated. I create online memorials which contain guestbooks which have been the...
by: samjam | last post by:
Below is some coding in a program i am using, i would like to know how i can get the text bigger or bolder on my webpage, This is the section of text...
by: http://www.free-guestbook.net/gbook.php?u=21740 | last post by:
http://www.free-guestbook.net/gbook.php?u=21740 http://www.free-guestbook.net/gbook.php?u=21741 http://www.free-guestbook.net/gbook.php?u=21742...
by: infoseekar | last post by:
HI Guys I am a beginner. I am trying to create a guestbook. I have the code for it and it is in three parts. Part 1 "dp.php" to open database and...
by: Josephine | last post by:
HI experts, I am new in asp.net. I used Visual Studion 2005 and MS Access 2003 to build aspx files. I used the VS 2005 "DetailView" and "GridView"...
by: teenabhardwaj | last post by:
How would one discover a valid source for learning news, comfort, and help for engineering designs? Covering through piles of books takes a lot of...
by: Naresh1 | last post by:
What is WebLogic Admin Training? WebLogic Admin Training is a specialized program designed to equip individuals with the skills and knowledge...
by: jalbright99669 | last post by:
Am having a bit of a time with URL Rewrite. I need to incorporate http to https redirect with a reverse proxy. I have the URL Rewrite rules made...
by: antdb | last post by:
Ⅰ. Advantage of AntDB: hyper-convergence + streaming processing engine In the overall architecture, a new "hyper-convergence" concept was...
by: Matthew3360 | last post by:
Hi, I have a python app that i want to be able to get variables from a php page on my webserver. My python app is on my computer. How would I make it...
by: AndyPSV | last post by:
HOW CAN I CREATE AN AI with an .executable file that would suck all files in the folder and on my computerHOW CAN I CREATE AN AI with an .executable...
by: WisdomUfot | last post by:
It's an interesting question you've got about how Gmail hides the HTTP referrer when a link in an email is clicked. While I don't have the specific...
by: Oralloy | last post by:
Hello Folks, I am trying to hook up a CPU which I designed using SystemC to I/O pins on an FPGA. My problem (spelled failure) is with the...
by: Carina712 | last post by:
Setting background colors for Excel documents can help to improve the visual appeal of the document and make it easier to read and understand....

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.