Jump to content

mrjap1

Members
  • Posts

    32
  • Joined

  • Last visited

    Never

About mrjap1

  • Birthday 08/15/1966

Profile Information

  • Gender
    Male
  • Location
    NYC

mrjap1's Achievements

Member

Member (2/5)

0

Reputation

  1. Hello scootstah, Thank you so much for your help!! I really appreciate it. Thank you especially for showing me how to escape the values to avoid SQL injection plus introducing me to "mysqli ". I used the nice clean php code samples that you kindly provided me. I immediately put them to the test, to see that if a user types in their chosen unique username & password they proceed into the website. In viewing the database, the password most definitely gets encrypted with the sha1 encrption. Unfortunately, on the login.php page, I get " ERROR: Invalid username/password combination! " subsequent to me manually typing in both my localhost url then entering my username & password. So here is what I need to accomplish... the registered user upon completing the form should be redirected to the login page. The user now enters in their unique registered user name & password (even thou the password is encrypted in the database) and be redirected to the members page subsequently. I am stuck at this point... is there a way to make this happen? Would you kindly modify the nice sample that you perviously sent me on how to accomplish this? I do very much appreciate your direction and input. Thx mrjap1
  2. Hello batwimp, Thanks again for your help. My apologies, here is all my php scripts attached in a zip file called " mrjap1-phpscripts.zip ". Perhaps once you see the big picture you'll get to see the direction I am going. Then may be after seeing my scripts you could show me the exact & proper coding to achieve my goal. I appreciate your guidance. :D :D thx mrjap1 17837_.zip
  3. Hello batwimp, Thanks again for responding. I have placed all my code from my "workingitoutproperly.php" page so that you can get a feel for what I've accomplished and perhaps you can tell me what i did incorrectly... how to fix it and then I can adjust the code going forward. Thank you Again for your time. <?php error_reporting(0); if($_POST['submit']) { //Begining of full IF Statment $name = $_POST['name']; $email = $_POST['email']; $username = $_POST['username']; $password = $_POST['password']; $confirm_password = $_POST['confirm_password']; $registration_date = $_POST['registration_date']; // $date = date ("l, F jS, Y"); //$time = date ("h:i A"); // Encrypt Pasword $posAt = strpos($email, "@"); $posDot = strrpos($email, "."); $enc_password = md5($password); $enc_password2 = md5($confirm_password); // Confirm All feild were filled out when submit button was pressed if($name && $email && $username && $password && $confirm_password) { // Confirm that the NAME that you used is NOT greater than 30 characters if(strlen($name)>24) { echo "<h2><center>YOUR NAME IS TOO LONG!!!!</center></h2><br>"; } // Confirm that the EMAIL that you used is NOT greater than 30 characters if(strlen($email)>25) { echo "<h2><center>YOUR EMAIL IS TOO LONG!!!!</center></h2><br>"; } if ( ($posAt === false) or ($posDot === false) or ($posDot < $posAt) ) { echo "<h2><center>BAD EMAIL ADDRESS!!!!</center></h2><br>"; } // Confirm that the USERNAME that you used is NOT greater than 10 characters if(strlen($username)>10) { echo "<h2><center>YOUR USERNAME IS TOO LONG!!!!</center></h2><br>"; } else { // Confirm that the PASSWORD that you used MATCH & Between 6 and 15 characters if(strlen($password)>10 || strlen($password)<6) { echo "<h2><center>YOUR PASSWORD MUST BE BETWEEN 6 and 15 CHARACTERS!!!!</center></h2><br>"; } if($password == $confirm_password) { // Database Connection required require "db_conncect.php"; // We Now connect to the Dabase and insert the Form input details //------- ### ENTERING ALL INFORMATION INTO THE DATABASE BELOW ### --------// // 1. Create a database connection $con = mysql_connect("localhost","root",""); // <-- THIS IS WHERE YOU " CAN CHANGE " THE USERNAME IS "root", PASSWORD IS "" ONLY. if (!$con) { die('Database connection failed could not connect: ' . mysql_error()); } // 2. Select a database to use $db_select = mysql_select_db("registernow_2012",$con); // <-- THE "registernow_2012" IS THE NAME OF THE DATABASE. if (!$db_select) { die('Database selection failed could not connect: ' . mysql_error()); } mysql_select_db("registernow_2012", $con); // <-- THE "registernow_2012" IS THE NAME OF THE DATABASE TO BE CONNECTED. // <-- THE `registernow_2012` IS THE NAME OF THE DATABASE TO BE CONNECTED.... `visitors` IS THE TABLE WITH ALL THE FIELDS WITHI IN THE DATABASE. $sql="INSERT INTO `registernow_2012`.`users` ( `id` , `name` , `email`, `username`, `password`, `confirm_password`, `registration_date` ) VALUES ( NULL , '$_POST[name]', '$_POST[email]', '$_POST[username]', '{$enc_password}','{$enc_password2}', NOW( ))"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } // 3. Close Connection mysql_close($con); header("Location: index.php"); // <-- THIS IS WHERE YOU CAN CHANGE THE "Location: TDIThankYouPageAfrica.htm" of the THANK YOU PAGE. } else { echo "<h2><center>PASSWORDS MUST MATCH!!!!!</center></h2><br>"; } } //echo "<h2><center>WORKING!!!!</center></h2>"; } else echo "<h2><center>ALL FEILDS MUST BE COMPLETED</center></h2>"; } //Ending of full IF Statment ?> <!DOCTYPE html> <html lang='en'> <head> <title>THE FORM MY WAY NOW</title> </head> <div id='centerstage'> <form name="myform" action="workingitoutproperly.php" method="POST"> <p> <label>Name</label><br> <input type='text' name='name' value=''><br> <label>Email</label><br> <input type='text' name='email' value=''><br> <label>UserName</label><br> <input type='text' name='username' value=''><br> <label>Password</label><br> <input type='password' name='password' value=''><br> <label>Re-Enter Password</label><br> <input type='password' name='confirm_password' value=''><br> <br> <input type='submit' name='submit' value='REGISTER NOW!!'> </p> </form> </div> </html> 17836_.php
  4. Hello Everyone, I recent made a simple membership website. Every page I created works exactly how I envisioned it... All members data from my registration form goes into my database along with their md5 Encrypted passwords with a time-stamp. Subsequent pages have a start_session included. I am very please with it except ONE THING. Logging in is now a problem... username is recognized but NOT the password. Now the strange thing is that when I go into the database and copy the encrypted password and paste it into the password field in my login page, I miraculously get into my website with NO problem. " How do I get the registered members Encrypted Passwords to be recognized by the database when the registered members decide to logging in with the password that they create? " Is there a easy fix for this? I appreciate ALL your help... 8) 8) Thx mrjap1
  5. Hello DavidAM, I appreciate you taking your time out to reply to my php question. With that said, please look at my code posted below regarding the overall validation of my e-mail address field. Please let me know if this is indeed the proper way to have integrated your suggestion. Also please state exactly how it should be coded to yield the result that I desire. I appreciate your time... Thx Again, mrjap1 if($_POST['submit']) { //Begining of full IF Statment $name = $_POST['name']; $email = $_POST['email']; $username = $_POST['username']; $password = $_POST['password']; $confirm_password = $_POST['confirm_password']; $registration_date = $_POST['registration_date']; $posAt = strpos($email, "@"); $posDot = strrpos($email, "."); // Confirm that the EMAIL that you used is NOT greater than 30 characters if(strlen($email)>30) { echo "<h2><center>YOUR EMAIL IS TOO LONG!!!!</center></h2><br>"; } if ( ($posAt === false) or ($posDot === false) or ($posDot < $posAt) ) { echo "<h2><center>BAD EMAIL ADDRESS!!!! PLEASE TRY AGAIN!!!</center></h2><br>"; }
  6. Hello Everyone, I've successfully created a form script to check to make sure all my fields are filled out. However, I wanted to create an if statement to check and see if the email address is valid and it contains both and "@", "." symbols. If not then echo '' This is not a Valid email address " if its not correct. Could someone tell me the proper way to write this and incorporate this into my existing script below. Thank you all Again for your Help thx mrjap1 // Confirm All feild were filled out when submit button was pressed if($name && $email && $username && $password && $confirm_password) { // Confirm that the NAME that you used is NOT greater than 30 characters if(strlen($name)>24) { echo "<h2><center>YOUR NAME IS TOO LONG!!!!</center></h2><br>"; } // Confirm that the EMAIL that you used is NOT greater than 25 characters if(strlen($email)>25) { echo "<h2><center>YOUR EMAIL IS TOO LONG!!!!</center></h2><br>"; } // Confirm that the USERNAME that you used is NOT greater than 10 characters if(strlen($username)>10) { echo "<h2><center>YOUR USERNAME IS TOO LONG!!!!</center></h2><br>"; } else { // Confirm that the PASSWORD that you used MATCH & Between 6 and 15 characters if(strlen($password)>10 || strlen($password)<6) { echo "<h2><center>YOUR PASSWORD MUST BE BETWEEN 6 and 15 CHARACTERS!!!!</center></h2><br>"; } if($password == $confirm_password) {
  7. Hello Everyone, I have built a simple registration form shown below and Iam trying to get the users to have their passwords encrypted and then entered into my database. I am attempting to use md5 encryption. I have also attached the database connection script. My goal is when I check my database, I want to see the following: ( id, name, username, encrypted password ) The issue I have is that the form does not process completely. All I get this error (Error: Unknown column 'd8578edf8458ce06fbc5bb76a58c5ca4' in 'field list' ). Could some tell me or show me " What is it that needs to be corrected either in my Code or SQL insert and /or my Variables" to make this work correctly. I know that its probably a very, very simple fix... Im just stuck at this point. I really appreciate your help. Thx, mrjap1 <?php error_reporting(0); if($_POST['submit']) { //Begining of full IF Statment $name = $_POST['name']; $username = $_POST['username']; $password = $_POST['password']; $confirm_password = $_POST['confirm_password']; // Encrypt Pasword $enc_password = md5($password); //$enc_password2 = md5($confirm_password); // Confirm All feild were filled out when submit button was pressed if($name && $username && $password && $confirm_password) { // Confirm that the NAME that you used is NOT greater than 30 characters if(strlen($name)>24) { echo "<h2><center>YOUR NAME IS TOO LONG!!!!</center></h2><br>"; } // Confirm that the USERNAME that you used is NOT greater than 10 characters if(strlen($username)>10) { echo "<h2><center>YOUR USERNAME IS TOO LONG!!!!</center></h2><br>"; } else { // Confirm that the PASSWORD that you used MATCH & Between 6 and 15 characters if(strlen($password)>10 || strlen($password)<6) { echo "<h2><center>YOUR PASSWORD MUST BE BETWEEN 6 and 15 CHARACTERS!!!!</center></h2><br>"; } if($password == $confirm_password) { // Database Connection required require "db_conncect.php"; // We Now connect to the Dabase and insert the Form input details //------- ### ENTERING ALL INFORMATION INTO THE DATABASE BELOW ### --------// // 1. Create a database connection $con = mysql_connect("localhost","root",""); // <-- THIS IS WHERE YOU " CAN CHANGE " THE USERNAME IS "root", PASSWORD IS "" ONLY. if (!$con) { die('Database connection failed could not connect: ' . mysql_error()); } // 2. Select a database to use $db_select = mysql_select_db("registernow_2012",$con); // <-- THE "registernow_2012" IS THE NAME OF THE DATABASE. if (!$db_select) { die('Database selection failed could not connect: ' . mysql_error()); } mysql_select_db("registernow_2012", $con); // <-- THE "registernow_2012" IS THE NAME OF THE DATABASE TO BE CONNECTED. // <-- THE `registernow_2012` IS THE NAME OF THE DATABASE TO BE CONNECTED.... `visitors` IS THE TABLE WITH ALL THE FIELDS WITHI IN THE DATABASE. $sql="INSERT INTO `registernow_2012`.`users` ( `id` , `name` , `username` , `$enc_password` , `confirm_password` ) VALUES ( NULL , '$_POST[name]', '$_POST[username]', '[$enc_password]', '$_POST[confirm_password]' )"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } // 3. Close Connection mysql_close($con); header("Location: index.php"); // <-- THIS IS WHERE YOU CAN CHANGE THE "Location: Thank you / Index page" of the THANK YOU PAGE. } else { echo "<h2><center>PASSWORDS MUST MATCH!!!!!</center></h2><br>"; } } //echo "<h2><center>WORKING!!!!</center></h2>"; } else echo "<h2><center>ALL FEILDS MUST BE COMPLETED</center></h2>"; } //Ending of full IF Statment ?> <!DOCTYPE html> <html lang='en'> <head> <title>THE FORM MY WAY NOW</title> </head> <div id='centerstage'> <form name="myform" action="workingitoutproperly.php" method="POST"> <p> <label>Name</label><br> <input type='text' name='name' value=''><br> <label>UserName</label><br> <input type='text' name='username' value=''><br> <label>Password</label><br> <input type='password' name='password' value=''><br> <label>Re-Enter Password</label><br> <input type='password' name='confirm_password' value=''><br> <br> <input type='submit' name='submit' value='REGISTER NOW!!'> </p> </form> </div> </html> 17810_.php
  8. Hello, Thanks for the suggestion.... so how do you do "revert to using output buffering? " I appreciate your help. thx mrjap1
  9. Hello, Thank you, Thank you, very, very kindly for your suggestion... however, I know that the header will not work if something is currently processed before hand... I tried your exact recommendation earlier before I wrote this post. What I have is a Form being processed before hand from another php page. Then the form processing take place on this page ( with the code presented in this post ).... next I would like the visitor to go to a separate " thank you.php " page when everything is complete. The question is, is it indeed possible or a way that I can get a redirect without generating the error stated below. Maybe I am going about this the wrong way... I am open for any solutions. I know this can be done I just do not know how. The "/~/ " are my url paths. Warning: Cannot modify header information - headers already sent by (output started at /~/~/~/shortform/form_proceessed2011-NEW.php:67) in /~/~/~/shortform/form_proceessed2011-NEW.php on line 180 thx mrjap1
  10. Hello, Please... could someone look at my existing code below at tell me how I can establish a REDIRECT PAGE {header("Location: thankyou.php");} to fit in my code and WITHOUT generating a MySQL error once the php page is processed on the server? I wish to place the HTML CODE at bottom of my page labeled " // THE RESULTS OF THE FORM RENDERED AS PURE HTML " to be on a separate " thanks.php " page. thx mrjap1 <?php $first_name = $_POST['first_name']; $last_name = $_POST['last_name']; $email = $_POST['email']; $registration_date = $_POST['registration_date']; // 1. Create a database connection $con = mysql_connect("localhost","mrino_mydata","runns100"); if (!$con) { die('Database connection failed could not connect: ' . mysql_error()); } // 2. Select a database to use $db_select = mysql_select_db("mrino_FULLENTRYDATA",$con); if (!$db_select) { die('Database selection failed could not connect: ' . mysql_error()); } mysql_select_db("mrino_FULLENTRYDATA", $con); // Data Submitted With My Form $sql="INSERT IGNORE INTO `mrino_FULLENTRYDATA`.`backpage1` (`id` , `first_name` , `last_name` , `email` , `registration_date`) VALUES (NULL , '$_POST[first_name]' , '$_POST[last_name]' , '$_POST[email]', NOW( ))"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } // 3. Close Connection mysql_close($con); ?> <?php // ALL THE SUBJECT and EMAIL VARIABLES $emailSubject = 'MY TEST EMAIL SCRIPTING!!! '; $webMaster = 'myemailaddress@gmail.com'; // GATHERING the FORM DATA VARIABLES $first_name = $_POST['first_name']; $last_name = $_POST['last_name']; $email = $_POST['email']; $registration_date = $_POST['registration_date']; $date = date ("l, F jS, Y"); $time = date ("h:i A"); $body = <<<EOD <br /><hr><br /> <strong>First Name:</strong> $first_name <br /> <strong>Last Name: </strong>$last_name <br /> <strong>Email:</strong> $email <br /> <strong>Registration Date:</strong> $date at $time <br /> EOD; // THIS SHOW ALL E-MAILED DATA, ONCE IN THE E-MAILBOX AS READABLE HTML // Remove Header Injections $match = "/(bcc:|cc:|content\-type:)/i"; if (preg_match($match, $from) || preg_match($match, $subject) || preg_match($match, $body)) { die("Header injection detected."); } // Simple filtering on all of our input variables $headers = "From: $email\r\n"; $headers .= "Content-type: text/html\r\n"; $success = mail($webMaster, $emailSubject, $body, $headers); $from = preg_replace("([\r\n])", "", $_POST['email']); $emailSubject = preg_replace("([\r\n])", "", $_POST['$emailSubject']); // THE RESULTS OF THE FORM RENDERED AS PURE HTML $theResults = <<<EOD <!DOCTYPE HTML> <html lang="en"> <head> <style type="text/css"> body { font-family:Arial, Helvetica, sans-serif; font-size:11px; font-weight:bold; } #thankyou_block { width: 400px; height: 250px; text-align:center; border: 1px solid #666; padding: 5px; background-color: #0CF; border-radius:8px; -webkit-border-radius:8px; -moz-border-radius:8px; -opera-border-radius:8px; -khtml-border-radius:8px; box-shadow:0px 0px 10px #000; -webkit-box-shadow: 0px 0px 10px #000; -moz-box-shadow: 0px 0px 10px #000; -o-box-shadow: 0px 0px 10px #000; margin: 25px auto; } p { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 18px; letter-spacing:1px; color: #333; } </style> <meta charset="UTF-8"> <title>THANK YOU!!!</title> </head> <body> <div id="thankyou_block"> <br><br><br> <h1>CONGRATULATIONS!!</h1> <h2>YOUR FORM HAS BEEN PROCESSED!!!</h2> <p>You are now registered in our Database...<br> we will get back to you very shortly.<br> Please have a very wondeful day.</p> </div> </body> </html> EOD; echo "$theResults"; ?>
  11. Hello, Below is my existing code for my web site visitor to fill out the form... they see a thank you html page.... and I get the info inserted into my database.... and I get an e-mail with all their details, even their date of registration. From what I have seen so far, EVERYTHING WORKS SUCCESSFULLY. :D :D HOWEVER, I would like to have the web site visitors details that they filled out ALSO SENT BACK to the web site visitor as a confirmation... say that this is a confirmation of the form they previously filled out. How do I accomplish this based off of my existing code here? I also would like my thank you.html code at the bottom of my current php code to be called in from a SEPARATE REDIRECT thankyou.php page after a successful form entry. I know that ALL headers must be IMMEDIATELY taken cared of upon entering any php page. This is what i used ***** header("Location: thankyou.php");******* Now I know that this is the correct code to make this happen but i do not know how to get this to work with my present code here. How do put the header location: thank you.php code in my EXISTING PHP page to make this all work right? thx mrjap1 ====================== HTML ========================== <?php require_once("db_connection.php");?> <!DOCTYPE HTML> <html lang="en"> <head> <meta charset="UTF-8"> <title>HTML form for insert users</title> <style type="text/css"> p { margin:0; padding:0; font-family:Arial, Helvetica, sans-serif; font-size:12px; color:#633; font-weight:bold; } legend { font-family:Arial, Helvetica, sans-serif; font-size:15px; color:#3F6; font-weight:bold; } #form_container { background:#F7F; margin: 50px auto 50px auto; border: 1px solid #F00; padding:10px; width:285px; height:150px; } input { margin-bottom:5px; } body { background-color: #033; } </style> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> </head> <body> <?php if (isset($_POST['submit'])) { // Handle the form. $message = NULL; // Create an empty new variable. // Check for a first name. if (empty($_POST['first_name'])) { $first_name = FALSE; $message .= '<p>You forgot to enter your first name... its Required!</p>'; } else { $first_name = ($_POST['first_name']); } // Check for a last name. if (empty($_POST['last_name'])) { $last_name = FALSE; $message .= '<p>You forgot to enter your last name... its Required!</p>'; } else { $last_name = ($_POST['last_name']); } // Check for an email address. if (empty($_POST['email'])) { $email = FALSE; $message .= '<p>You forgot to enter your email address... its Required!</p>'; } else { $email = ($_POST['email']); } } ?> <div id="form_container"> <form action="form_proceessed201XXX.php" method="post"> <input type="hidden" name="submit" value="true" /> <fieldset> <legend>My Data Feilds</legend> <!-- ### FIRST NAME ### --> <p> <label>First Name:</label><input name="first_name" type="text" value="<?php if(isset($_POST['first_name'])) echo $_POST['first_name']; ?>" id="first_name" size="15" maxlength="30"> </p> <!-- ### LAST NAME ### --> <p> <label>Last Name:</label><input name="last_name" type="text" value="<?php if(isset($_POST['last_name'])) echo $_POST['last_name']; ?>" id="last_name" size="15" maxlength="30"> </p> <!-- ### EMAIL ### --> <p> <label>E-mail:</label><input name="email" type="text" value="<?php if(isset($_POST['email'])) echo $_POST['email']; ?>" id="email" size="15" maxlength="30"> </p> <!-- ### SUBMIT BUTTON ### --> <p style="text-align:center"> <input type="submit" name="submit" value="SEND MY INFO PLEASE" /> </p> </fieldset> </form> </div> </body> </html> ====================== PHP ========================== <?php // ALL THE SUBJECT and EMAIL VARIABLES $emailSubject = 'MY TEST EMAIL SCRIPTING!!! '; $webMaster = 'myemail@gmail.com'; // GATHERING the FORM DATA VARIABLES $first_name = $_POST['first_name']; $last_name = $_POST['last_name']; $email = $_POST['email']; $registration_date = $_POST['registration_date']; $date = date ("l, F jS, Y"); $time = date ("h:i A"); $body = <<<EOD <br /><hr><br /> <strong>First Name:</strong> $first_name <br /> <strong>Last Name: </strong>$last_name <br /> <strong>Email:</strong> $email <br /> <strong>Registration Date:</strong> $date at $time <br /> EOD; // THIS SHOW ALL E-MAILED DATA, ONCE IN THE E-MAILBOX AS READABLE HTML $headers = "From: $email\r\n"; $headers .= "Content-type: text/html\r\n"; $success = mail($webMaster, $emailSubject, $body, $headers); // THE RESULTS OF THE FORM RENDERED AS PURE HTML $theResults = <<<EOD <!DOCTYPE HTML> <html lang="en"> <head> <style type="text/css"> body { font-family:Arial, Helvetica, sans-serif; font-size:11px; font-weight:bold; } #thankyou_block { width: 400px; height: 250px; text-align:center; border: 1px solid #666; padding: 5px; background-color: #0CF; border-radius:8px; -webkit-border-radius:8px; -moz-border-radius:8px; -opera-border-radius:8px; -khtml-border-radius:8px; box-shadow:0px 0px 10px #000; -webkit-box-shadow: 0px 0px 10px #000; -moz-box-shadow: 0px 0px 10px #000; -o-box-shadow: 0px 0px 10px #000; margin: 25px auto; } p { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 18px; letter-spacing:1px; color: #333; } </style> <meta charset="UTF-8"> <title>THANK YOU!!!</title> </head> <body> <div id="thankyou_block"> <br><br><br> <h1>CONGRATULATIONS!!</h1> <h2>YOUR FORM HAS BEEN PROCESSED!!!</h2> <p>You are now registered in our Database...<br> we will get back to you very shortly.<br> Please have a very wondeful day.</p> </div> </body> </html> EOD; echo "$theResults"; ?>
  12. Hello, I have a syntax error on line 203 that is causing my code NOT work. Could someone please look at it and tell me what is wrong & more important how to fix it? Below is what I am getting. This " ~ " is server path info " Parse error: syntax error, unexpected $end in /~ /~ /~ /phptestform/real_form_processing.php on line 203" Also, how do I prevent "header injection", to keep my mail form from being open to abuse by spammers? thx mrjap1 <?php # Script if (isset($_POST['submit'])) { // Handle the form. // Register the user in the database. require_once ('mysql_connect_page.php'); // Connect to the db. // Create a function for escaping the data. function escape_data ($data) { global $dbc; // Need the connection. if (ini_get('magic_quotes_gpc')) { $data = stripslashes($data); } return mysql_real_escape_string($data, $dbc); } // End of function. $message = NULL; // Create an empty new variable. // Check for a first name. if (empty($_POST['first_name'])) { $fn = FALSE; $message .= '<p>You forgot to enter your first name... its Required!</p>'; } else { $fn = escape_data($_POST['first_name']); } // Check for a last name. if (empty($_POST['last_name'])) { $ln = FALSE; $message .= '<p>You forgot to enter your last name... its Required!</p>'; } else { $ln = escape_data($_POST['last_name']); } // Check for an email address. if (empty($_POST['email'])) { $e = FALSE; $message .= '<p>You forgot to enter your email address... its Required!</p>'; } else { $e = escape_data($_POST['email']); } // Check for a address. if (empty($_POST['address'])) { $u = FALSE; $message .= '<p>You forgot to enter your address... its Required!</p>'; } else { $u = escape_data($_POST['address']); } // Check for a country. if (empty($_POST['country'])) { $u = FALSE; $message .= '<p>You forgot to enter your country... its Required!</p>'; } else { $u = escape_data($_POST['country']); } if ($salutation && $first_name && $last_name && $address && $city && $state_province && $zip_code && $email && $zip_code && $newsletter && $registration_date ) { // If everything's OK. $query = "SELECT id FROM visitors WHERE address='$address'"; $result = @mysql_query ($query); // Run the query. if (mysql_num_rows($result) == 0) { // Make the query. This code is what you will use to prevent duplicate of usernames $query = "INSERT INTO `mrjap1_database`.`visitors` (`id` , `salutation` , `first_name` , `last_name` , `address` , `city` , `state_province` , `zip_code` , `country` , `email` , `newsletter` , `registration_date`) VALUES ( NULL , '$_POST[salutation]', '$_POST[first_name]', '$_POST[last_name]', '$_POST[address]', '$_POST[city]', '$_POST[state_province]', '$_POST[zip_code]', '$_POST[country]', '$_POST[email]', '$_POST[newsletter]', '$_POST[registration_date]' , NOW() )"; $result = @mysql_query ($query); // Run the query. if ($result) { // If it ran OK. exit(); // Quit the script. } else { // If it did not run OK. $message = '<p>You could not be registered due to a system error. We apologize for any inconvenience.</p><p>' . mysql_error() . '</p>'; } mysql_close(); // Close the database connection. } else { $message .= '<p>Please try again.</p>'; } } // End of the main Submit conditional. // Print the error message if there is one. if (isset($message)) { echo '<font color="red">', $message, '</font>'; } ?> <?php // ALL THE SUBJECT and EMAIL VARIABLES $emailSubject = 'MY TEST EMAIL SCRIPTING!!! '; $webMaster = 'myemailaddress@gmail.com'; // GATHERING the FORM DATA VARIABLES $salutation = $_POST['salutation']; $first_name = $_POST['first_name']; $last_name = $_POST['last_name']; $address = $_POST['address']; $city = $_POST['city']; $state_province = $_POST['state_province']; $zip_code = $_POST['zip_code']; $country = $_POST['country']; $email = $_POST['email']; $newsletter = $_POST['newsletter']; $registration_date = $_POST['registration_date']; $date = date ("l, F jS, Y"); $time = date ("h:i A"); $body = <<<EOD <br /><hr><br /> <strong>Salutation: </strong>$salutation <br /> <strong>First Name:</strong>$first_name <br /> <strong>Last Name: </strong>$last_name <br /> <strong>Address: </strong>$address <br /> <strong>City: </strong>$city <br /> <strong>State_Province: </strong>$state_province <br /> <strong>Zip Code: </strong>$zip_code <br /> <strong>Country: </strong>$country <br /> <strong>Email:</strong> $email <br /> <strong>Zip Code:</strong> $zip_code <br /> <strong>Newsletter:</strong> $newsletter <br /> <strong>Registration Date:</strong> $date at $time <br /> EOD; // THIS SHOW ALL E-MAILED DATA, ONCE IN THE E-MAILBOX AS READABLE HTML $headers = "From: $email\r\n"; $headers .= "Content-type: text/html\r\n"; $success = mail($webMaster, $emailSubject, $body, $headers); // THE RESULTS OF THE FORM RENDERED AS PURE HTML $theResults = <<<EOD <!DOCTYPE HTML> <html lang="en"> <head> <style type="text/css"> body { font-family:Arial, Helvetica, sans-serif; font-size:11px; font-weight:bold; } #thankyou_block { width: 400px; height: 250px; text-align:center; border: 1px solid #666; padding: 5px; background-color: #0CF; border-radius:8px; -webkit-border-radius:8px; -moz-border-radius:8px; -opera-border-radius:8px; -khtml-border-radius:8px; box-shadow:0px 0px 10px #000; -webkit-box-shadow: 0px 0px 10px #000; -moz-box-shadow: 0px 0px 10px #000; -o-box-shadow: 0px 0px 10px #000; margin: 25px auto; } p { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 18px; letter-spacing:1px; color: #333; } </style> <meta charset="UTF-8"> <title>THANK YOU!!!</title> </head> <body> <div id="thankyou_block"> <br><br><br> <h1>CONGRATULATIONS!!</h1> <h2>YOUR FORM HAS BEEN PROCESSED!!!</h2> <p>You are now registered in our Database...<br> we will get back to you very shortly.<br> Please have a very wondeful day.</p> </div> </body> </html> EOD; echo "$theResults"; ?>
  13. Hello, WOW!! Thank you all for your quick response... I am very,very new to PHP. So all of this way over my head. All of the security issues with respect to my form that you mentioned I was totally unaware of. Thank you... with that said, I am pretty stuck. That is why I asked in general, I am no guru. Now as it stands right now I have NO idea how to do ANY of the following: (1) Checking to see if the form has been submitted before allowing the INSERT query to run. (2) Validating the form data and rejecting the form submission if the form doesn't validate. (3) Escaping the incoming form data, and therefore I am wide open to SQL injection attack. (4) How to prevent header injection, thus leaving my mail form open to abuse by spammers. Based on my existing code, could please you show me example(s) of how to do all theses things? I have never done this before. I want to know if I am using the " NOW() " in my MySQL code properly to insert the current date and time. Thank you very kindly for your help. mysql_select_db("mydatainsert", $con); $sql="INSERT INTO `mydatainsert`.`gangland` ( `id` , `first_name` , `last_name` , `address` , `zip` , `email` , `registration_date` ) VALUES ('NULL','$_POST[first_name]','$_POST[last_name]','$_POST[address]', '$_POST[zip_code]','$_POST[email]','$_POST[registration_date]', NOW())"; // I WOULD LIKE THE DATE AND TIME TO BE IN THE DATABASE FOR THE "REGISTRATION_DATE". if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } //echo "1 record added"; // some code // 3. Close Connection mysql_close($con); ?> thx mrjap1
  14. Hello, There is something I may have over looked in my php that is causing these problems... I am almost there. Currently, my html form once processed by my "process_myform.php" placed the users info into the database, sends me an e-mail, and displayed my thank you page. This is what its doing and I am indeed happy about this part. HOWEVER, my "process_myform.php" that I created, has a BIG PROBLEM. Once processed, it is CURRENTLY giving me multiple blank replies to both my e-mail box and database in addition to that placing the correct 1 user info that I filled out with my html form. Also I would like to have the date and time do be displayed within the database for the my "$registration_date" variable.... how do i accomplish this? Right now in the database it just shows a bunch of zeros. Could someone look at my code and tell me what I am doing wrong? Here is my html & php form processing code below. I KNOW is did or did not do something wrong to throw this all off... not sure what it is. Thank you for your help. mrjap1 ======================= MY HTML FORM CODE ============================== <!DOCTYPE HTML> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Untitled Document</title> </head> <body> <form action="process_myform.php" method="post"> <p> <!-- FIRST NAME --> <label>First Name:</label> <input name="first_name" type="text" size="15" maxlength="50" tabindex="10" id="first_name"> <!-- LAST NAME --> <label>Last Name:</label> <input name="last_name" type="text" size="15" maxlength="50" tabindex="20" id="last_name"> </p> <!-- ADDRESS--> <label>Address:</label> <input name="address" type="text" size="15" maxlength="50" tabindex="30" id="address"> </p> <p> <!-- EMAIL --> <label>E-mail:</label> <input name="email" type="text" size="15" maxlength="50" tabindex="40"> <!-- ZIP CODE --> <label>Zip Code:</label> <input name="zip_code" type="text" size="15" maxlength="50" tabindex="50"> </p> <br /> <input name="submit" type="image" value="SUBMIT FORM" src="submit_btn.png" alt="submit button" align="middle"> </form> </body> </html> =================== MY PHP FORM PROCESSING CODE ======================= <?php // 1. Create a database connection $con = mysql_connect("localhost","forms","itismyway"); if (!$con) { die('Database connection failed could not connect: ' . mysql_error()); } // 2. Select a database to use $db_select = mysql_select_db("mydatainsert",$con); if (!$db_select) { die('Database selection failed could not connect: ' . mysql_error()); } mysql_select_db("mydatainsert", $con); $sql="INSERT INTO `mydatainsert`.`gangland` ( `id` , `first_name` , `last_name` , `address` , `zip` , `email` , `registration_date` ) VALUES ('NULL','$_POST[first_name]','$_POST[last_name]','$_POST[address]', '$_POST[zip_code]','$_POST[email]','$_POST[registration_date]', "; // I WOULD LIKE THE DATE AND TIME TO BE IN THE DATABASE FOR THE "REGISTRATION_DATE". if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } //echo "1 record added"; // some code // 3. Close Connection mysql_close($con); ?> <?php // ALL THE SUBJECT and EMAIL VARIABLES $emailSubject = 'MY TEST EMAIL SCRIPTING!!! '; $webMaster = 'myemail@gmail.com'; // GATHERING the FORM DATA VARIABLES $first_name = $_POST['first_name']; $last_name = $_POST['last_name']; $address = $_POST['address']; $email = $_POST['email']; $zip_code = $_POST['zip_code']; $date = date ("l, F jS, Y"); $time = date ("h:i A"); $body = <<<EOD <br /><hr><br /> <strong>First Name:</strong> $first_name <br /> <strong>Last Name: </strong>$last_name <br /> <strong>Email:</strong> $email <br /> <strong>Zip Code:</strong> $zip_code <br /> <strong>Registration Date:</strong> $date at $time <br /> EOD; // THIS SHOW ALL E-MAILED DATA, ONCE IN THE E-MAILBOX AS READABLE HTML $headers = "From: $email\r\n"; $headers .= "Content-type: text/html\r\n"; $success = mail($webMaster, $emailSubject, $body, $headers); // THE RESULTS OF THE FORM RENDERED AS PURE HTML $theResults = <<<EOD <!DOCTYPE HTML> <html lang="en"> <head> <style type="text/css"> body { font-family:Arial, Helvetica, sans-serif; font-size:11px; font-weight:bold; } #thankyou_block { width: 400px; height: 250px; text-align:center; border: 1px solid #666; padding: 5px; background-color: #0CF; border-radius:8px; -webkit-border-radius:8px; -moz-border-radius:8px; -opera-border-radius:8px; -khtml-border-radius:8px; box-shadow:0px 0px 10px #000; -webkit-box-shadow: 0px 0px 10px #000; -moz-box-shadow: 0px 0px 10px #000; -o-box-shadow: 0px 0px 10px #000; margin: 25px auto; } p { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 18px; letter-spacing:1px; color: #333; } </style> <meta charset="UTF-8"> <title>THANK YOU!!!</title> </head> <body> <div id="thankyou_block"> <br><br><br> <h1>CONGRATULATIONS!!</h1> <h2>YOUR FORM HAS BEEN PROCESSED!!!</h2> <p>You are now registered in our Database...<br> we will get back to you very shortly.<br> Please have a very wondeful day.</p> </div> </body> </html> EOD; echo "$theResults"; ?>
  15. hello All, Thank you EVERYONE for all of your help... it was much appreciated. I have created a form that does the following: (1) Connects to the database that created. (2) Inserts the users data into the database (3) Displays a thank you you page after a successful form submission (4) Send an e-mail to me with all the users details I NOW need to be able to send a Custom html page to the end users e-mail with all their data... a Confirmation e-mail for their reference. Is there some special PHP Code that can HANDLE such a task? If so please tell me how might be able to integrate this in my existing code. Thx mrjap1
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.