Love2c0de

Ah thank you very much indeed, this works perfectly. With the JavaScript validation, I created a string of special characters, then checked the input against those characters, if matched would return invalid. I've just inputted some special characters with javascript disabled and they have been inserted without being converted to their correct code. Do I need to do the equivelent of the javascript code but with php code? Kind regards, LC

I added the mysql_real_escape_string() just above the return statement and below the htmlspecialchars() conversion. It converts double quotes but not single quotes. Without the mysql_real_escape_string() it returns a mysql error. Regards, BuNgLe

Yes in the page source as you say it is displaying the < and >. Thank you for explaining that to me. regarding the mysql_real_escape_string(), would I add that just before the return statement? regards, BuNgLe

Hello, I am trying to validate my form using php and would like some advice as this is the first time I have attempted this. I have a script which runs when the user clicks the submit button. What I am trying to do is validate the user input before inserting it into the database. This is the script: [font=monospace]<?php session_start(); $dbhandle = mysql_connect('localhost', 'root', '') or die("Unable to connect to MySQL"); $selected = mysql_select_db("commentdatabase",$dbhandle) or die("Could not select the database"); $name = check_input($_POST['fname']); $loc = check_input($_POST['loc']); $com = check_input($_POST['com']); function check_input($data) { $data = trim($data); $data = stripslashes($data); $data = htmlspecialchars($data); return $data; } $sql = "INSERT INTO userinfo (name, location, comment) VALUES ('{$name}','{$loc}','{$com}')"; if(!mysql_query($sql, $dbhandle)) { die('Error: ' . mysql_error()); } header('Location: ../contact.php'); mysql_close(); ?> [/font] What's happening is that when it is submitted to the database, it is displaying < and > characters as < and >. Yet once being redirected with the header function the input is displayed with the < and > signs. I'm not sure if the function in the action script is in the wrong place or not. I have tried moving it around above and below the post variables. Just looking for a bit of advice really. Thank you, Regards, BuNgLe

This is my form page: (this is also where I want to be redirected to with the form data displayed underneath the form. <?php session_start(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Gardenable - Contact Us</title> <link rel="stylesheet" type="text/css" href="stylesheets/style.css" /> <link rel="stylesheet" type="text/css" href="stylesheets/fontface.css" /> <script type="text/javascript" src="scripts/jquerylibrary.js"></script> <script type="text/javascript" src="scripts/custom.js"></script> <script type="text/javascript"> function front(which) { for ( var t = 1; t < 9999; ++t ) { var dv = document.getElementById("TABBODY"+t); if ( dv == null ) return; dv.style.zIndex = t == which ? 5 : 1; var tab = document.getElementById("TAB"+t); tab.style.backgroundColor = t == which ? "#8d581d" : "white"; tab.style.textDecoration = t == which ? "underline" : "none"; tab.style.zIndex = t == which ? 7 : 1; } } </script> </head> <body> <!--[if gte IE 8]> <style type="text/css"> <style> <![endif]--> <div id="container"> <img src="images/logo1.jpg" alt="logo" title="Garden Logo" id="logo" width="100%" border="0" /> <div id="logoFiller"> <img src="images/greenbg1.jpg" id="greenImg" width="100%" border="0" /> <p id="motto">Making gardening accessible to everyone...</p> </div> <div id="menuDiv"> <a href="index.htm">Home</a> <a href="about.htm">About Us</a> <a href="gallery.htm">Gallery</a> <a href="contact.htm">Contact Us</a> <a href="feedback.php">Feedback</a> </div> <p id="contactIntro">Lorem ipsum dolor sit amet, consectetur adipiscing elit. Etiam et dui ante, id ultrices nisi. Curabitur sit amet magna id. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Etiam et dui ante, id ultrices nisi. Curabitur sit amet magna id. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Etiam et dui ante, id ultrices nisi.</p> <div id="ALL"> <div id="TAB1" class="tabHead" onclick="front(1);"><p>Phone/Fax</p></div> <div id="TAB2" class="tabHead" onclick="front(2);" style="left: 255px;"><p>Email</p></div> <div id="TAB3" class="tabHead" onclick="front(3);" style="left: 395px;"><p>Post</p></div> <div id="TABBODY1" class="tabBody"> <p id="phone">Please do not hesitate to phone or fax us if you wish to query anything or find out information about our products. You can find our number below. Lines open between <span class="white">10am & 6pm</span> business hours.</p> <span class="underline">Telephone:</span><span class="bold">01255-222-753</span><br /> <span class="underline" id="margin">Facsimile:</span><span class="bold">01255-333-864</span> </div> <div id="TABBODY2" class="tabBody"> <p>You can also contact u by email by following the link below. We ensure any emails received will be replied to within 24 hours:</p> <span class="underline">E-Mail:</span><span class="bold"><a href="mailto:[email protected]">[email protected]</a></span></p> </div> <div id="TABBODY3" class="tabBody"> <p>The third and final way to contact us is by postage. You can send any queries which you may have to the address provided below:</p> <span class="bold">200 Station Road</span><br /> <span class="bold">Unit 3</span><br /> <span class="bold">Clacton-on-sea</span><br /> <span class="bold">Essex</span><br /> <span class="bold">CO15 - 8PD</span><br /> </div> </div> <hr id="formSep" noshade="noshade" size="1" /> <!--FORM--> <form id="feedback" name="feedback" action="php/phpcustom.php" method="POST"> <fieldset> <legend>Gardenable.com Feedback</legend> <p><label for="fname">Name:</label><input type="text" size="30" maxlength="40" id="fname" name="fname" /></p> <p><label for="loc">Location:</label><input type="text" size="30" maxlength="40" id="loc" name="loc" /></p> <p><label for="com">Comments:</label><textarea cols="40" rows="6" maxlength="300" id="com" name="com"></textarea></p> <p><input type="submit" name="send" id="submitbutton" value="Submit" /><input type="reset" name="reset" value="Reset" /></p> </fieldset> </form> <!--END OF FORM--> <div id="feedbackDiv"> <?php $dbhandle = mysql_connect('localhost', 'root', '') or die("Unable to connect to MySQL"); $selected = mysql_select_db("commentdatabase",$dbhandle) or die("Could not select the database"); $result = mysql_query("SELECT * FROM userinfo"); while ($row = mysql_fetch_array($result)) { echo "ID:".$row{'name'}." Name:".$row{'location'}."Year: ". $row{'comment'}."<br />"; } ?> </div> <div id="footer"> <p id="copyright">2012 © Gardenable.com | Site Designed by <span class="underline">BuNgLe</span></p> <p id="footContact"><span class="underline">Telephone:</span> 01255-222-753<br /> <span class="underline">Facsimile:</span> 01255-333-864<br /> <span class="underline">E-Mail:</span>[email protected]</p> </div> </div> </body> </html> The php action script: <?php session_start(); $dbhandle = mysql_connect('localhost', 'root', '') or die("Unable to connect to MySQL"); $selected = mysql_select_db("commentdatabase",$dbhandle) or die("Could not select the database"); $name = $_POST['fname']; $loc = $_POST['loc']; $com = $_POST['com']; $sql = "INSERT INTO userinfo (name, location, comment) VALUES ('{$name}','{$loc}','{$com}')"; if(!mysql_query($sql, $dbhandle)) { die('Error: ' . mysql_error()); } $dbselect = "SELECT * FROM userinfo"; if(!mysql_query($dbselect, $dbhandle)) { die('Error: ' . mysql_error()); } header('Location: ../contact.htm'); mysql_close(); ?> As you can see I have been palying around with sessions so that's why you see the session_start() yet no definition within the code. The thing about sessions I do not understand is if I use a session, do I define the session variables after I have inserted data to the db. If so, how do I send the values to the redirected page? Also, if I use a session variable, when trying to display the table data, do i reference the session variable or the column names? I have searched and searched the web for an answer but have been struggling to find anything which would solve my issue. Regards, BuNgLe

Hello, I have a simple feedback form which asks for name, location and a simple comment about the business. I have inserted data into the database successfully but I'm not sure on the best way to display the data from the table on the same page as the form (after redirection). Here is my code: FORM: <form id="feedback" name="feedback" action="php/phpcustom.php" method="POST"> <fieldset> <legend>Gardenable.com Feedback</legend> <p><label for="fname">Name:</label><input type="text" size="30" maxlength="40" id="fname" name="fname" /></p> <p><label for="loc">Location:</label><input type="text" size="30" maxlength="40" id="loc" name="loc" /></p> <p><label for="com">Comments:</label><textarea cols="40" rows="6" maxlength="300" id="com" name="com"></textarea></p> <p><input type="submit" name="send" id="submitbutton" value="Submit" /><input type="reset" name="reset" value="Reset" /></p> </fieldset> </form> ACTION SCRIPT on submit: <?php session_start(); $dbhandle = mysql_connect('localhost', 'root', '') or die("Unable to connect to MySQL"); $selected = mysql_select_db("commentdatabase",$dbhandle) or die("Could not select the database"); $name = $_POST['fname']; $loc = $_POST['loc']; $com = $_POST['com']; $sql = "INSERT INTO userinfo (name, location, comment) VALUES ('{$name}','{$loc}','{$com}')"; if(!mysql_query($sql, $dbhandle)) { die('Error: ' . mysql_error()); } $dbselect = "SELECT * FROM userinfo"; if(!mysql_query($dbselect, $dbhandle)) { die('Error: ' . mysql_error()); } header('Location: ../contact.htm'); mysql_close(); ?> //This is underneath the FORM CODE: <div id="feedbackDiv"> <?php $dbhandle = mysql_connect('localhost', 'root', '') or die("Unable to connect to MySQL"); $selected = mysql_select_db("commentdatabase",$dbhandle) or die("Could not select the database"); $result = mysql_query("SELECT * FROM userinfo"); while ($row = mysql_fetch_array($result)) { echo "ID:".$row{'name'}." Name:".$row{'location'}."Year: ". $row{'comment'}."<br />"; } ?> </div> It is displaying a tiny part of php code rather than the returned data. This is what i being displayed: "; } ?> The data is inserting correctly but i'm unsure as to whether or not I need to pass the values in the url string in the header function? Thank you for any information you can provide me. Regards, BuNgLe