Results 1 to 10 of 14
-
7th Aug 2010, 01:04 AM #1OPMember
[PHP] Guestbook
I was a little bored so I coded a PHP guest book for my site. I felt like sharing it with KWWH as well!
index.php
Code:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Guest Book</title> </head> <body bgcolor="#000000" text="#FFFFFF" link="#FFFFFF"> Please leave your comments. <form action="../post.php" method="post"> Name: <br /> <input type="text" name="name" /> <br /> Email: <br /> <input type="text" name="email" /> <br /> Comment: <br /> <textarea name="comment"></textarea> <br /> <input type="submit" value="Submit Your Comment" /> </form> <br /> <br /> Comments.... <br /> ......................................... <br /><br /> <?php mysql_connect("localhost","username","password") or die(mysql_error()); mysql_select_db("database") or die(mysql_error()); $result = mysql_query("SELECT * FROM guestbook"); while($row = mysql_fetch_assoc($result)){ echo 'Comment Date: '. date('m-d-Y') ."<br/>"; echo "Name: ".$row['name']."<br/> Email: ".$row['email']."<br/> Comment: ".$row['comment']."<br/>......................................... <br/>"; } ?> </body> </html>
Code:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Posted</title> </head> <body> <?php $name = $_POST['name']; $email = $_POST['email']; $comment = $_POST['comment']; mysql_connect("localhost","username","password") or die(mysql_error()); mysql_select_db("database") or die(mysql_error()); $add = mysql_query("INSERT INTO guestbook (name, email, comment) VALUES ('$name','$email','$comment')"); echo "Your name: $name."; echo "<br/>"; echo "Your email: $email."; echo "<br/>"; echo "Your Comment: $comment"; ?> <br /><br /> To view the guestbook click <a href="/index.php">here</a> </body> </html>
id, name, email, comment.
id, int, auto_increment
name varchar(40)
email varchar(100)
comment varchar(200)
You should be all set and have a guestbook for your website.
Let me know what you think, or add on to it!Speakup Reviewed by Speakup on . [PHP] Guestbook I was a little bored so I coded a PHP guest book for my site. I felt like sharing it with KWWH as well! index.php <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Guest Book</title> </head> Rating: 5
-
7th Aug 2010, 01:08 AM #2Respected DeveloperWebsite's:
wrzc.orgYour entering raw data directly into the database. That's very dangerous and the script is prone to attack. You want to do checks on the data before inserting it like mysql_real_escape_string so it will be like:
PHP Code:$name = mysql_real_escape_string($_POST['name']);
$email = mysql_real_escape_string($_POST['email']);
$comment = mysql_real_escape_string($_POST['comment']);
Otherwise nice job.
EDIT: while I'm at it. If it's a fairly busy site then say 100 people enter comments (which is totally possible) then you'll have 100 comments after another. This isn't great as it's going to be a really long page and not very efficent on the server. Consider adding a LIMIT to the display and maybe add a basic page navigation if it's needed. I'd also suggest using ORDER BY and display the comments in order of date with say the more recent first. You don't want to be reading comments that are a few months old and a comment from yesterday a few pages back.
If you need help with any of the above just ask.Tutorial How to SEO your Warez Site a guide to help you increase your organic traffic
Huge list of Warez Sites and free Multiposter Templates
-
7th Aug 2010, 01:14 AM #3Member
Looks like it will show todays date for every comment, you should add a column for date stamp, and your displaying the email add of people that have commented, you should remove it or use a function to display the email add. as an image.
and of course escape the strings before there inserted.
-
7th Aug 2010, 01:17 AM #4OPMember
Thanks for the advice from both of you. I am just learning how to code so patching/writing secure code probably is going to be difficult at the moment. I wrote a login script that had about 10 vulns someone told me. So I m learning and will take what you guys said into consideration. I m a little confused as to what you mean by collum since it displays the date than name email comment.
-
7th Aug 2010, 01:20 AM #5Respected DeveloperWebsite's:
wrzc.orgWell spotted Gav0. Didn't notice that.
What Gav0 means about the date is you should add it here
Replace:PHP Code:$add = mysql_query("INSERT INTO guestbook (name, email, comment) VALUES ('$name','$email','$comment')");
PHP Code:$time = now();
$add = mysql_query("INSERT INTO guestbook (name, email, comment, date) VALUES ('$name','$email','$comment', '$time')");
You'll also have to have a field in the database to hold the date. Something like:
date int(10)Tutorial How to SEO your Warez Site a guide to help you increase your organic traffic
Huge list of Warez Sites and free Multiposter Templates
-
7th Aug 2010, 01:27 AM #6Member
Add a coloum to the database so each comment has a timestamp.
PHP Code:ALTER TABLE guestbook ADD timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP;
Then to display the comment date
PHP Code:date("d/m/y", $row['timestamp'])
<< Mr Happy got there 1st 2 diferant methods
-
7th Aug 2010, 01:33 AM #7OPMember
When I did mysql_real_escape_string it gave me errors.
-
7th Aug 2010, 01:34 AM #8Member
I think you need the database connection 1st
-
7th Aug 2010, 01:34 AM #9Respected DeveloperWebsite's:
wrzc.orgPut this above the part I edited earlier. You have to be connected to the database for it to check the inputs to make sure their clean.
PHP Code:mysql_connect("localhost","username","password") or die(mysql_error());
mysql_select_db("database") or die(mysql_error());
PHP Code:mysql_connect("localhost","username","password") or die(mysql_error());
mysql_select_db("database") or die(mysql_error());
$name = mysql_real_escape_string($_POST['name']);
$email = mysql_real_escape_string($_POST['email']);
$comment = mysql_real_escape_string($_POST['comment']);
$time = now();
$add = mysql_query("INSERT INTO guestbook (name, email, comment, date) VALUES ('$name','$email','$comment', '$time')");
Tutorial How to SEO your Warez Site a guide to help you increase your organic traffic
Huge list of Warez Sites and free Multiposter Templates
-
7th Aug 2010, 01:42 AM #10OPMember
Sponsored Links
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Similar Threads
-
Creating a Guestbook in RVSiteBuilder
By Areon in forum Server ManagementReplies: 0Last Post: 3rd Mar 2014, 03:12 PM
themaRegister - register to forums...
Version 3.39 released. Open older version (or...