Love2c0de
-
Posts
364 -
Joined
-
Last visited
-
Days Won
1
Posts posted by Love2c0de
-
-
Hello.
I think I have completed the validation of my code and was wondering if anyone can kindly give my any criticism as to anything I have missed or anything I can do better, which I'm sure both will generate some posts.
There are little things I want to tweak but I wanted to know what some of the pros think (please go easy, im rubbish).
Here is my contact.template.htm:
<p id="contact_intro">It is a long established fact that a reader will be distracted by the readable content of a page when looking at its layout. The point of using Lorem Ipsum is that it has a more-or-less normal distribution of letters. It is a long established fact that a reader will be distracted by the readable content of a page when looking at its layout. The point of using Lorem Ipsum is that it has a more-or-less normal distribution of letters</p> <form method="post" action="index.php?page=contact"> <fieldset> <legend>Gardenable Contact Form</legend> <p class="form_heading">Your Details</p> <p class="form_instructions">Please leave us your details so we can contact you back!</p> <hr class="form_hr" /> <p><label for="name">Name:</label><input type="text" name="name" id="name" size="36" maxlength="36" /><span class="red">*</span></p> <p><label for="email">Email:</label><input type="text" name="email" id="email" size="36" maxlength="70" /></p> <p><label for="phone">Phone:</label><input type="text" name="phone" id="phone" size="36" maxlength="16" /><span class="red">*</span></p> <p><label for="user_comments">Additional Comments:</label><textarea name="user_comments" id="user_comments" rows="5" cols="34" maxlength="400"></textarea></p> <hr /> <p class="form_heading">Product Details</p> <p class="form_instructions">If you wish to <span class="italic">order</span> or <span class="italic">query</span> a product, please specify below.</p> <hr class="form_hr" /> <p><label for="product">Product:</label> <select name="product_options"> <option value="default">Choose a product...</option> <option value="benches">Benches</option> <option value="bin_stores">Bin Stores</option> <option value="bird_housing">Bird Housing</option> <option value="gates">Gates</option> <option value="pet_housing">Pet Housing</option> <option value="planters">Planters</option> <option value="sheds">Sheds</option> <option value="tables">Tables</option> </select> </p> <p><label for="product_ref">Product ID:</label><input type="text" name="product_ref" id="product_ref" size="20" maxlength="7" /> <p><label for="product_comments">Product Comments:</label><textarea name="product_comments" id="product_comments" rows="5" cols="34" maxlength="400"></textarea></p> <p><input type="submit" name="submit" value="Submit" /> <input type="reset" name="reset" value="Reset" /> </p> <span id="form_required">Fields marked with a red asterix (<span class="red">*</span>) are required.</span> </fieldset> </form> <div id="error_div"> <?php if(isset($output)){ print_r($output);} ?> </div>Here is validation relating to it:
<?php include("core/init.inc.php"); $get_values = array("benches","tables","bird_housing","planters","gates","bin_stores","sheds","pet_housing","default"); if(isset($_POST['name'])){ //if script does not die, the user submitted the form. delete last element (submit button) as we do not need it. (isset($_POST['submit'])) ? array_pop($_POST) : ""; //create array to hold any errors. $errors = array(); //firstly, check to see if my required fields contain any data. if they dont we add errors to the error array. if(empty($_POST['name']) || empty($_POST['phone'])){ $errors[] = "You must fill in the required fields marked with a RED asterix(*)."; } //check to see if the errors array contains anything. if it does, we need to send the user back to the form and display the error. //do not carry on if the if statement executes because we dont want to process any more as we know we are going to have to send them back anyway. if(!empty($errors)){ $output = $errors; } else{ //if the code reaches here, we have data inside the two required fields so carry on processing all of the data now. //pass a reference of the value so that if any ARE set to string NULL, it also changes the original $_POST value. foreach ($_POST as $post => &$value) { if($value == ""){ $value = "NULL"; } else{ switch ($post) { case "name": if(!ctype_alpha($value)){ $errors[] = "The name field can only contain alphabetical characters.";//specify just a first name in form } break; case "email": if(!filter_var($value,FILTER_VALIDATE_EMAIL)){ $errors[] = "You did not enter a valid email address.";//give an example of an email someone@provider.com in form } break; case "phone": //replaces all characters that are NOT digits 0-9. $value = preg_replace("/\D/","",$value); //we need to check if it is not equal to an empty string again because if they entered all letters, the preg_replace will replace them //and my second if statement here will show an undefined index error. if it is an empty string, add to error array and break out of case //prematurely. if($value == ""){ $errors[] = "You did not enter a phone number."; break;} //checks to see if the first character of the string is not equal to a 0 or if the length of the string isn't 11 (which means its not valid). if($value[0] != "0" || strlen($value) != 11){ $errors[] = "You did not enter a valid phone number."; } break; case "user_comments": $len = strlen($value); if ($len > 400){ $less = ($len - 400); $errors[] = "You must enter {$less} LESS characters in the 'Additional Comments' field."; } break; case "product_options": //if value is not found in the array, could be potential hack. Locate them straght away to the contact page again. if(!in_array($value, $get_values)){ header("Location: index.php?page=contact"); } break; case "product_ref": //checks to see if the length of the string is not equal to 7 if(strlen($value) != 7) { $errors[] = "The product id you entered was not long enough, must be 7 numbers."; } //checks to see if any of the characters entered were not digits. if this executes, we know that the user entered something different //than 7 digits so there is no need to carry on and check the ref no against the records so we break out of case prematurely. if(!ctype_digit($value)){ $errors[] = "Product id's can only contain numbers."; break; } //prepared statement which checks the product ref no submitted against a product ref in the database. require("core/prepared_select_pref.php"); if($row != 1){ $errors[] = "Your Product ID did not match one of our products."; } break; case "product_comments": $len = strlen($value); if($len > 400){ $less = ($len - 400); $errors[] = "You must enter {$less} LESS characters in the 'Product Comments' field."; } break; } } } } //if the error array contains data, we had some errors during validation, so we display all of these error(s) to the user. if (!empty($errors)){ $output = "<ul>"; foreach ($errors as $err => $error_value){ $output .= "<li>".$error_value."</li>"; $output .= "<hr>"; } $output .= "</ul>"; } else{//if there were no errors after all the validation, insert data to database. require("core/prepared_insert.php"); if($row >= 1){ $output = "Your information has successfully sent!"; } else{ //maybe send their information to my email instead if there is an issue with insert....probably the best idea rather than displaying an error. $output = "There was an error receiving your information."; } } } if (isset($_GET['page']) && $_GET['page'] == "products") { if (isset($_GET['order'])){ if(in_array($_GET['order'],$get_values)){ require("core/get_products.php"); } else{ header("Location: index.php?page=products"); } } else{ require("core/get_products.php"); } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title><?php echo "Gardenable - ".$title; ?></title> <link rel="stylesheet" type="text/css" href="css/style.css" /> <script type="text/javascript" src="js/clock.js"></script> </head> <body> <div id="container"> <div id="header"> <img src="images/gardenable1.fw.png" alt="Gardenable Logo" title="Gardenable" id="logo" border="0" /> <div id="navigation_div"> <img src="images/flowerbed.fw.png" alt="Navigation Image" id="flowerbed_img" border="0" /> <ul> <li><a href="?page=home">Home</a></li> <li><a href="?page=about">About</a></li> <li><a href="?page=products">Products</a></li> <li><a href="?page=contact">Contact</a></li> <li><a href="?page=find">Find Us</a></li> </ul> </div> </div> <div id="content"> <?php include($include_page); ?> </div> <div id="footer"> </div> </div> <p id="pageviews"><?php echo "Page Hits: ".$page_views; ?></p> </body> </html>Thanks very much for any help/tips you can give me.
Kind regards,
BnGl
-
Just wanted to know what the correct procedure is for counting page views with a site.
If a user visited the homepage first and then the contact us page for example, do you cound that as 1 viewing or 2 viewings?
Also, do I need to retrieve information about a user using the $_SERVER global to determine if it is the same user viewing the separate pages?
Thanks for the help.
-
Updated Code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="content-type" content="text/html;charset=iso-8859-1" /> <title>PHP Exercises</title> </head> <body> <?php $form = "<form action='examples.php' method='POST' enctype='multipart/form-data'> <table> <tr> <th>Browse:</th> <td><input type='file' name='myfile' /><input type='hidden' name='MAX_FILE_SIZE' value='7340032' /></td> </tr> <tr> <th>Upload:</th> <td><input type='submit' name='submitbutton' value='Submit' /></td> </tr> </table> </form>"; echo "$form"; function getFile(array $file){ $mfs = $_POST['MAX_FILE_SIZE']; $name = $file['myfile']['name']; $type = $file['myfile']['type']; $size = $file['myfile']['size']; $tmpname = $file['myfile']['tmp_name']; $date = date('d/m/Y'); $ext = substr($name, strrpos($name, '.')); if($name){ if($ext == '.dem'){ if($size <= $mfs){ if(move_uploaded_file($tmpname, "files/"."$name")){ echo "File Uploaded Ok!"; //insert data to database here...? } } else{ die("Error: Filesize too large. You can only upload files which are 10mb or less."); } } else{ die("Error: You cannot upload that file type. Demo files only."); } } else{ echo "$form"; } } if($_SERVER['REQUEST_METHOD'] == 'POST'){ if($_FILES['myfile']['error'] == 0){ getFile($_FILES); } else{ die('Did not receive a file.'); } } ?> </body> </html>Is this code ok or have I missed something?
regards,
BuNgLe
-
Hi guys, am I going in the right direction?
function getFile(array $filesarray){ $name = $_FILES['myfile']['name']; $type = $_FILES['myfile']['type']; $size = $_FILES['myfile']['size']; $tmpname = $_FILES['myfile']['tmp_name']; } if($_SERVER['REQUEST_METHOD'] == 'POST'){ if($_FILES['myfile']['error'] == 0){ getFile($_FILES); } else{ die('No file selected.'); } } else{ header("Location: examples.php"); }Regards.
BuNgLe
-
Thanks for all the info, I am going to get to work right now.
Btw, I am trying to upload files which are 10mb or less.
Kind regards,
BuNgLe.
-
Just testing out a simple error reporting thing with my code because it only seems to execute when $_FILES['myfile']['error'] == 0.
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="content-type" content="text/html;charset=iso-8859-1" /> <title>PHP Exercises</title> </head> <body> <?php $form = "<form action='examples.php' method='POST' enctype='multipart/form-data'> <table> <tr> <th>Browse:</th> <td><input type='file' name='myfile' /><input type='hidden' name='MAX_FILE_SIZE' value='7340032' /></td> </tr> <tr> <th>Upload:</th> <td><input type='submit' name='submitbutton' value='Submit' /></td> </tr> </table> </form>"; echo "$form"; function processFile(){ } if(isset($_POST['submitbutton'])){ $errorIndex = $_FILES['myfile']['error']; if ($errorIndex == 0){ echo 'no errors.'; } else{ die("There was an error with the upload."); } } ?> </body> </html>Does anyone know why it isn't printing my error message when it is returning something other than 0? For instance, when I upload a file which is larger in size than my MAX_FILE_SIZE input tag, it doesn't return any error....
I believe it should return: UPLOAD_ERR_FORM_SIZE but it doesn't execute the error message....
Regards,
LC.
-
Hello, I have a site which allows users to upload files and download files. I am trying to validate the user input in the text form fields to make sure no special characters are found.
Here is my code:
<?php $form = "<form action='index.php' method='POST' enctype='multipart/form-data'> <table> <tr> <td>Demo Title:</td> <td><input type='text' name='title' /></td> </tr> <tr> <td>Description:</td> <td><textarea name='description' cols='35' rows='5'></textarea></td> </tr> <tr> <td></td> <td><input type='file' name='myfile' /></td> </tr> <tr> <td></td> <td><input type='submit' name='submitbutton' value='Submit' /></td> </tr> </table> </form>"; function check_input($data) { $illegalChars = "!@#$%^&*()+=-[]\\\';,./{}|\":<>?"; for($loop = 0;$loop<=$data.length-1;$loop++) { if($illegalChars.strstr($data)!= -1){//if an illegal character was found... } } $data = trim($data); $data = stripslashes($data); $data = htmlspecialchars($data, ENT_QUOTES); $data = mysql_real_escape_string($data); return $data; } if(isset($_POST['submitbutton'])){ $title = check_input($_POST['title']); $description = check_input($_POST['description']); $name = $_FILES['myfile']['name']; $type = $_FILES['myfile']['type']; $size = $_FILES['myfile']['size']; $tmpname = $_FILES['myfile']['tmp_name']; $date = date("d/m/Y"); $ext = substr($name, strrpos($name, '.')); if($type != "application/octet-stream"){ echo "$form.You cannot upload that file type. .dem files only!"; } else{ if($name) { if($title && $description){ require("connect.php"); $query = mysql_query("INSERT INTO demos VALUES ('', '$name','$title', '$description', '$date')"); move_uploaded_file($tmpname, "files/"."$name"); echo "$form.Your file has been successfully uploaded."; } else{ echo "$form.You did not fill in the form completely."; } } else { echo "$form.You did not select a file."; } } } else{ echo "$form"; }At the moment, the code is converting the special characters into their relative character code but I want the function to delete any special character from the string. If that's not a good way to do it, I'd like to leave the function as it is, but when displaying the table data back to the page, I'd like it to print only the actual alphanumeric characters and not the converted special characters. For instance, if I enter abc123xyz~%$ then when reading the table data to the page, I want it to just read abc123xyz. I hope I have explained well enough.
What is the best way to achieve this?
Thank you in advance for any information you can put my way.
Regards,
BuNgLe
-
The code from the link:
$file = str_replace('../', '', $_GET['file']); if(isset($file)) { include("pages/$file"); } else { include("index.php"); }my download.php page looks like this now:
<?php $file = $_GET['id']; $name = $_GET['name']; require("connect.php"); $qry = mysql_query("SELECT name FROM demos WHERE id=$file"); $row = mysql_fetch_array($qry); if(file_exists("files/$name")){ header("Content-type: application/octet-stream"); header("Content-Disposition: attachment; filename=$name"); readfile('files/' . $row['name']); } else{ echo "File does not exist."; } ?>Should I put the website example code at the top of my download.php file before I start connecting to the db and selecting files and all the other stuff?
Regarding the urlencoding, would I do that when I display the actual links? For example my code which I have to display the links:
while($row = mysql_fetch_array($qry)){ echo "<a href='download.php?id={$row['id']}&name={$row['name']}'>{$row['name']}</a>" . " " . $row['description'] . " " . $row['date']; echo "<br />"; }Would I encode that anchor url? The website doesn't really go into much depth about it and I've searched google but all the examples that come up are really not related directly to my issue.
Thanks for your time.
Regards,
BuNgLe
-
Looking at that code and my code it should go in the download.php file when I GET the id and name of the file. Is that correct?
Thanks for the reply.
Regards,
BuNgLe
-
Thank you very much for your reply. I added the line of code you suggested and it works perfectly now.
I know I have to validate the input values for injections etc but is there anything else you would secure better looking at my code?
Regards,
BuNgLe
-
Hello, I am creating a site which let's users download gaming demo files such as CS, CS:CZ. I need some guidance on the download.php file. I need help with retrieving the actual file contents.
Here is my code:
<?php $file = $_GET['id']; $name = $_GET['name']; require("connect.php"); $qry = mysql_query("SELECT name FROM demos WHERE id=$file"); $row = mysql_fetch_array($qry); if(file_exists("files/{$row['name']}")){ header("Content-type: application/octet-stream"); header("Content-Disposition: attachment; filename=$name"); } else{ echo "File does not exist."; } ?>This is bringing up the download save/open box, but the file is empty. (0kb).
I have read about fread() etc but I cannot understand how to do it.
I was looking for some guidance and help on achieving this.
Kind Regards,
BuNgLe.
-
After I download the PECL extension files, where do I extract the files to? I am using WAMP.
Regards,
BuNgLe
-
So the example code they give here:
<?php $finfo = finfo_open(FILEINFO_MIME_TYPE); // return mime type ala mimetype extension foreach (glob("*") as $filename) { echo finfo_file($finfo, $filename) . "\n"; } finfo_close($finfo); ?>How do I set the $filename variable to the specified file?
Sorry but I do not understand exactly how finfo works.
Regards,
BuNgLe.
-
Hello, I am designing a site which alows users to upload a certain file type, namely .dem files (gaming demo files). I have tried using mime_content_type(); but it doesn't output anything.
I looked at php.net and viewed the example code and tried exactly what they did. As I say, doesn't output anything though.
The code is:
<?php echo mime_content_type('smuggles.dem'); ?>I have this code in a file called test.php and the demo file is in the same folder as this file... (wamp/www)
php.net states the function is deprecated and advises you to use Fileinfo(). Is this the reason it doesn't work because I was advised from another forum to use the mime_content_type() function.
Please if you can help me I would be very grateful. I have been stuck on this for a few days now and have received no more replies from the other forum since my last post. I also thought that coming to a php dominant forum would really help my chances of achieving this.
Kind regards,
BuNgLe.
-
Ah thank you very much indeed, this works perfectly. With the JavaScript validation, I created a string of special characters, then checked the input against those characters, if matched would return invalid. I've just inputted some special characters with javascript disabled and they have been inserted without being converted to their correct code. Do I need to do the equivelent of the javascript code but with php code?
Kind regards,
LC
-
I added the mysql_real_escape_string() just above the return statement and below the htmlspecialchars() conversion. It converts double quotes but not single quotes. Without the mysql_real_escape_string() it returns a mysql error.
Regards,
BuNgLe
-
Yes in the page source as you say it is displaying the < and >.
Thank you for explaining that to me.
regarding the mysql_real_escape_string(), would I add that just before the return statement?
regards,
BuNgLe
-
Hello, I am trying to validate my form using php and would like some advice as this is the first time I have attempted this.
I have a script which runs when the user clicks the submit button. What I am trying to do is validate the user input before inserting it into the database.
This is the script:
[font=monospace]<?php session_start(); $dbhandle = mysql_connect('localhost', 'root', '') or die("Unable to connect to MySQL"); $selected = mysql_select_db("commentdatabase",$dbhandle) or die("Could not select the database"); $name = check_input($_POST['fname']); $loc = check_input($_POST['loc']); $com = check_input($_POST['com']); function check_input($data) { $data = trim($data); $data = stripslashes($data); $data = htmlspecialchars($data); return $data; } $sql = "INSERT INTO userinfo (name, location, comment) VALUES ('{$name}','{$loc}','{$com}')"; if(!mysql_query($sql, $dbhandle)) { die('Error: ' . mysql_error()); } header('Location: ../contact.php'); mysql_close(); ?> [/font]What's happening is that when it is submitted to the database, it is displaying < and > characters as < and >. Yet once being redirected with the header function the input is displayed with the < and > signs. I'm not sure if the function in the action script is in the wrong place or not. I have tried moving it around above and below the post variables.
Just looking for a bit of advice really.
Thank you,
Regards,
BuNgLe
-
This is my form page: (this is also where I want to be redirected to with the form data displayed underneath the form.
<?php session_start(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Gardenable - Contact Us</title> <link rel="stylesheet" type="text/css" href="stylesheets/style.css" /> <link rel="stylesheet" type="text/css" href="stylesheets/fontface.css" /> <script type="text/javascript" src="scripts/jquerylibrary.js"></script> <script type="text/javascript" src="scripts/custom.js"></script> <script type="text/javascript"> function front(which) { for ( var t = 1; t < 9999; ++t ) { var dv = document.getElementById("TABBODY"+t); if ( dv == null ) return; dv.style.zIndex = t == which ? 5 : 1; var tab = document.getElementById("TAB"+t); tab.style.backgroundColor = t == which ? "#8d581d" : "white"; tab.style.textDecoration = t == which ? "underline" : "none"; tab.style.zIndex = t == which ? 7 : 1; } } </script> </head> <body> <!--[if gte IE 8]> <style type="text/css"> <style> <![endif]--> <div id="container"> <img src="images/logo1.jpg" alt="logo" title="Garden Logo" id="logo" width="100%" border="0" /> <div id="logoFiller"> <img src="images/greenbg1.jpg" id="greenImg" width="100%" border="0" /> <p id="motto">Making gardening accessible to everyone...</p> </div> <div id="menuDiv"> <a href="index.htm">Home</a> <a href="about.htm">About Us</a> <a href="gallery.htm">Gallery</a> <a href="contact.htm">Contact Us</a> <a href="feedback.php">Feedback</a> </div> <p id="contactIntro">Lorem ipsum dolor sit amet, consectetur adipiscing elit. Etiam et dui ante, id ultrices nisi. Curabitur sit amet magna id. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Etiam et dui ante, id ultrices nisi. Curabitur sit amet magna id. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Etiam et dui ante, id ultrices nisi.</p> <div id="ALL"> <div id="TAB1" class="tabHead" onclick="front(1);"><p>Phone/Fax</p></div> <div id="TAB2" class="tabHead" onclick="front(2);" style="left: 255px;"><p>Email</p></div> <div id="TAB3" class="tabHead" onclick="front(3);" style="left: 395px;"><p>Post</p></div> <div id="TABBODY1" class="tabBody"> <p id="phone">Please do not hesitate to phone or fax us if you wish to query anything or find out information about our products. You can find our number below. Lines open between <span class="white">10am & 6pm</span> business hours.</p> <span class="underline">Telephone:</span><span class="bold">01255-222-753</span><br /> <span class="underline" id="margin">Facsimile:</span><span class="bold">01255-333-864</span> </div> <div id="TABBODY2" class="tabBody"> <p>You can also contact u by email by following the link below. We ensure any emails received will be replied to within 24 hours:</p> <span class="underline">E-Mail:</span><span class="bold"><a href="mailto:flipmodeskwaud@hotmail.co.uk">flipmodeskwaud@hotmail.co.uk</a></span></p> </div> <div id="TABBODY3" class="tabBody"> <p>The third and final way to contact us is by postage. You can send any queries which you may have to the address provided below:</p> <span class="bold">200 Station Road</span><br /> <span class="bold">Unit 3</span><br /> <span class="bold">Clacton-on-sea</span><br /> <span class="bold">Essex</span><br /> <span class="bold">CO15 - 8PD</span><br /> </div> </div> <hr id="formSep" noshade="noshade" size="1" /> <!--FORM--> <form id="feedback" name="feedback" action="php/phpcustom.php" method="POST"> <fieldset> <legend>Gardenable.com Feedback</legend> <p><label for="fname">Name:</label><input type="text" size="30" maxlength="40" id="fname" name="fname" /></p> <p><label for="loc">Location:</label><input type="text" size="30" maxlength="40" id="loc" name="loc" /></p> <p><label for="com">Comments:</label><textarea cols="40" rows="6" maxlength="300" id="com" name="com"></textarea></p> <p><input type="submit" name="send" id="submitbutton" value="Submit" /><input type="reset" name="reset" value="Reset" /></p> </fieldset> </form> <!--END OF FORM--> <div id="feedbackDiv"> <?php $dbhandle = mysql_connect('localhost', 'root', '') or die("Unable to connect to MySQL"); $selected = mysql_select_db("commentdatabase",$dbhandle) or die("Could not select the database"); $result = mysql_query("SELECT * FROM userinfo"); while ($row = mysql_fetch_array($result)) { echo "ID:".$row{'name'}." Name:".$row{'location'}."Year: ". $row{'comment'}."<br />"; } ?> </div> <div id="footer"> <p id="copyright">2012 © Gardenable.com | Site Designed by <span class="underline">BuNgLe</span></p> <p id="footContact"><span class="underline">Telephone:</span> 01255-222-753<br /> <span class="underline">Facsimile:</span> 01255-333-864<br /> <span class="underline">E-Mail:</span>flipmodeskwaud@hotmail.co.uk</p> </div> </div> </body> </html>The php action script:
<?php session_start(); $dbhandle = mysql_connect('localhost', 'root', '') or die("Unable to connect to MySQL"); $selected = mysql_select_db("commentdatabase",$dbhandle) or die("Could not select the database"); $name = $_POST['fname']; $loc = $_POST['loc']; $com = $_POST['com']; $sql = "INSERT INTO userinfo (name, location, comment) VALUES ('{$name}','{$loc}','{$com}')"; if(!mysql_query($sql, $dbhandle)) { die('Error: ' . mysql_error()); } $dbselect = "SELECT * FROM userinfo"; if(!mysql_query($dbselect, $dbhandle)) { die('Error: ' . mysql_error()); } header('Location: ../contact.htm'); mysql_close(); ?>As you can see I have been palying around with sessions so that's why you see the session_start() yet no definition within the code. The thing about sessions I do not understand is if I use a session, do I define the session variables after I have inserted data to the db. If so, how do I send the values to the redirected page? Also, if I use a session variable, when trying to display the table data, do i reference the session variable or the column names?
I have searched and searched the web for an answer but have been struggling to find anything which would solve my issue.
Regards,
BuNgLe
-
Hello, I have a simple feedback form which asks for name, location and a simple comment about the business. I have inserted data into the database successfully but I'm not sure on the best way to display the data from the table on the same page as the form (after redirection).
Here is my code:
FORM:
<form id="feedback" name="feedback" action="php/phpcustom.php" method="POST"> <fieldset> <legend>Gardenable.com Feedback</legend> <p><label for="fname">Name:</label><input type="text" size="30" maxlength="40" id="fname" name="fname" /></p> <p><label for="loc">Location:</label><input type="text" size="30" maxlength="40" id="loc" name="loc" /></p> <p><label for="com">Comments:</label><textarea cols="40" rows="6" maxlength="300" id="com" name="com"></textarea></p> <p><input type="submit" name="send" id="submitbutton" value="Submit" /><input type="reset" name="reset" value="Reset" /></p> </fieldset> </form>
ACTION SCRIPT on submit:
<?php session_start(); $dbhandle = mysql_connect('localhost', 'root', '') or die("Unable to connect to MySQL"); $selected = mysql_select_db("commentdatabase",$dbhandle) or die("Could not select the database"); $name = $_POST['fname']; $loc = $_POST['loc']; $com = $_POST['com']; $sql = "INSERT INTO userinfo (name, location, comment) VALUES ('{$name}','{$loc}','{$com}')"; if(!mysql_query($sql, $dbhandle)) { die('Error: ' . mysql_error()); } $dbselect = "SELECT * FROM userinfo"; if(!mysql_query($dbselect, $dbhandle)) { die('Error: ' . mysql_error()); } header('Location: ../contact.htm'); mysql_close(); ?>//This is underneath the FORM CODE:
<div id="feedbackDiv"> <?php $dbhandle = mysql_connect('localhost', 'root', '') or die("Unable to connect to MySQL"); $selected = mysql_select_db("commentdatabase",$dbhandle) or die("Could not select the database"); $result = mysql_query("SELECT * FROM userinfo"); while ($row = mysql_fetch_array($result)) { echo "ID:".$row{'name'}." Name:".$row{'location'}."Year: ". $row{'comment'}."<br />"; } ?> </div>It is displaying a tiny part of php code rather than the returned data. This is what i being displayed: "; } ?>
The data is inserting correctly but i'm unsure as to whether or not I need to pass the values in the url string in the header function?
Thank you for any information you can provide me.
Regards,
BuNgLe
Can You Review My Code Please?
in PHP Coding Help
Posted · Edited by AoTBuNgLe
Thank you very much for your reply.
Well, this is a fairly simple site which has 1 form on the contact page. It's nearly completed, my code works great and my errors/success message shows exactly when they are supposed to. I have written the validation in separate if statements before and I was trying to gain a different concept of validation. I wanted to loop through the $_POST array rather than writing individual statements to check the fields as I have done many times previously.
My included files have nothing to do with the validation of the form. All validation is done within my index.php script right at the top. The only included files relating to the validation are my prepared insert and select statements. I was actually using the $row variable (which is set in the prepared statement files) back in my index.php file and using an if statement to see if the query was a success or fail. I wanted to keep all my connection code in a separate file for readability. I'm fairly good with functions. Are you saying that I should, for example, put my connection code inside a function just so that it is in the same file and there will be less chance of variables not being set/defined etc?
Thanks very much once again for the reply. I'd love to hear more thoughts.
Regards,
AoTB