Hillary Posted March 6, 2009 Share Posted March 6, 2009 i have just created my first database. http://eno.wilmu.edu/WIS-220-B1N01-SPRING2009/student1546/HHwis220/DBform.html i am wondering how i can stop people from adding blanks or re adding info that already exists. the database isn't very secure, nor does it have a nice interface but its my first so its alright for now. any suggestions on how i can make it better? Quote Link to comment Share on other sites More sharing options...
Maq Posted March 6, 2009 Share Posted March 6, 2009 i am wondering how i can stop people from adding blanks or re adding info that already exists Can we see your code? the database isn't very secure, That also depends on your code, are you using MySQL? any suggestions on how i can make it better? Use CSS. Quote Link to comment Share on other sites More sharing options...
Hillary Posted March 6, 2009 Author Share Posted March 6, 2009 Yes i'm using MySQL. the table "phonelist" is held in phpmyadmin. Here's the code: "entries.php" <html> <body> <?php include ("dbinit.php"); ?><br> <h1>Directory</h1> <br><?php $entries = mysql_query('select * from phonelist', $db); if ($entries){ while ($contacts = mysql_fetch_assoc($entries)){?> <li><?php echo $contacts['firstName']?> <?php echo $contacts['lastName']?> <?php echo $contacts['email']?> <?php echo $contacts['phone']?><br> <?php } }else{?></li> <p>No entries found.</p> <?php } ?><br><br><br> <a href="DBform.html">Submit new user information!!</a> </body> </html> "insert.php" <html> <body> <?php $db = mysql_connect("localhost", "student1546", "zx9U0JPo"); if ($db){ echo "Mission Accomplished"; }else{ echo "Fail: "; echo mysql_error(); } mysql_select_db("student1546", $db); ?> <br><br> <?php $sql="INSERT INTO phonelist (firstName, lastName, email, phone) VALUES ('$_POST[firstName]', '$_POST[lastName]', '$_POST[email]', '$_POST[phone]')"; if (!mysql_query($sql, $db)) { die('FAIL!: ' . mysql_error()); } echo "1 New record added"; mysql_close($db); ?> <br><br><a href="entries.php">Return to the directory.</a> <br><a href="DBform.html">Submit another contact.</a> </body> </html> "DBform.html" <html> <body> <form action="insert.php" method="POST"> <table> <tr> <td colspan="2"><h2>Submit new Contact Information.</h2></td> </tr> <tr> <td>First Name:</td> <td><input type="text" name="firstName" size="40" /></td><br> </tr> <tr> <td>Last Name:</td> <td><input type="text" name="lastName" size="40" /></td><br> </tr> <tr> <td>E-Mail:</td> <td><input type="text" name="email" size="40"/></td><br> </tr> <tr> <td>Phone Number:</td> <td><input type="text" name="phone" size="40"/></td><br> </tr> <tr> <td colspan="2"><input type="submit" value="Submit new Contact." /></td> </tr> </table> </form> <a href="entries.php">Return to the Directory.</a> </body> </html> "phonelist" CREATE TABLE phonelist( ID int primary key AUTO_INCREMENT, firstName varchar(15), lastName varchar(25), email varchar(35), phone varchar(12), post text ) Quote Link to comment Share on other sites More sharing options...
Maq Posted March 6, 2009 Share Posted March 6, 2009 Okay.... I'm not going through all that code especially when you didn't use tags. Wherever you POST the input fields check to see if they're empty and w/e other validity checks you desire. If any of them are invalid, then redirect to the contact form. If not, then insert. You can also check with Javascript before you submit to the next page but I would suggest doing the PHP server-side check first. To prevent mysql injections invoke the mysql_real_escape_string() on anything you insert in the DB... Quote Link to comment Share on other sites More sharing options...
Hillary Posted March 7, 2009 Author Share Posted March 7, 2009 i want to be able to select certain data from the table. i made this code(select.php) it runs the database check but no other info is displayed. how to i pull info from my table? select.php <?php include ("dbinit.php"); ?><br> <?php $result = mysql_query("SELECT * FROM phonelist WHERE firstName='%'"); $result = mysql_query("SELECT * FROM phonelist WHERE lastName='%'"); $result = mysql_query("SELECT * FROM phonelist WHERE email='%'"); $result = mysql_query("SELECT * FROM phonelist WHERE phone='%'"); while ($contacts = mysql_fetch_array($result)){ echo "$contacts[firstName] $contacts[lastName] $contacts[email] $contacts[phone]<br />"; } ?> All my other codes: HTML form to submit new data: <html> <body> <form action="insert.php" method="POST"> <table> <tr> <td colspan="2"><h2>Submit new Contact Information.</h2></td> </tr> <tr> <td>First Name:</td> <td><input type="text" name="firstName" size="40" /></td><br> </tr> <tr> <td>Last Name:</td> <td><input type="text" name="lastName" size="40" /></td><br> </tr> <tr> <td>E-Mail:</td> <td><input type="text" name="email" size="40"/></td><br> </tr> <tr> <td>Phone Number:</td> <td><input type="text" name="phone" size="40"/></td><br> </tr> <tr> <td colspan="2"><input type="submit" value="Submit new Contact." /></td> </tr> </table> </form> <a href="entries.php">Return to the Directory.</a> </body> </html> insert.php Verifies the new addition. <html> <body> <?php $db = mysql_connect("localhost", "student1546", "--------"); if ($db){ echo "Mission Accomplished"; }else{ echo "Fail: "; echo mysql_error(); } mysql_select_db("student1546", $db); ?> <br><br> <?php $sql="INSERT INTO phonelist (firstName, lastName, email, phone) VALUES ('$_POST[firstName]', '$_POST[lastName]', '$_POST[email]', '$_POST[phone]')"; if (!mysql_query($sql, $db)) { die('FAIL!: ' . mysql_error()); } echo "1 New record added"; mysql_close($db); ?> <br><br><a href="entries.php">Return to the directory.</a> <br><a href="DBform.html">Submit another contact.</a> </body> </html> entries.php displays the Directory. <html> <body> <?php include ("dbinit.php"); ?><br> <h1>Directory</h1> <br><?php $entries = mysql_query('select * from phonelist', $db); if ($entries){ while ($contacts = mysql_fetch_assoc($entries)){?> <li><?php echo $contacts['firstName']?> <?php echo $contacts['lastName']?> <?php echo $contacts['email']?> <?php echo $contacts['phone']?><br> <?php } }else{?></li> <p>No entries found.</p> <?php } ?><br><br><br> <a href="DBform.html">Submit new user information!!</a> </body> </html> GETform.php the form used to retrieve information. <html> <body> <br> <form action="select.php" method="GET"> <table> <tr> <td colspan="2"><h2>Find a Contact</h2></td> </tr> <tr> <td>First Name:</td> <td><input type="text" name="firstName" size="40" /></td><br> </tr> <tr> <td>Last Name:</td> <td><input type="text" name="lastName" size="40" /></td><br> </tr> <tr> <td>E-Mail:</td> <td><input type="text" name="email" size="40"/></td><br> </tr> <tr> <td>Phone Number:</td> <td><input type="text" name="phone" size="40"/></td><br> </tr> <tr> <td colspan="2"><input type="submit" value="Find a Contact." /></td> </tr> </table> </form> <a href="entries.php">Return to the Directory.</a> </body> </html> phpmyadmin: my table == phonelist CREATE TABLE phonelist( ID int primary key AUTO_INCREMENT, firstName varchar(15), lastName varchar(25), email varchar(35), phone varchar(12), post text ); Quote Link to comment Share on other sites More sharing options...
Hillary Posted March 7, 2009 Author Share Posted March 7, 2009 ok so i modified this code (select.php) from above now i receive ERROR message: Notice: Undefined variable: contacts in C:\Inetpub\wwwroot\StudentWeb\WIS-220-B1N01-SPRING2009\student1546\HHwis220\select.php on line 10 Line 10 is if ('$contacts') { how can i make this work? what do i need to fix? <?php include ("dbinit.php"); ?><br> <?php if (isset($_GET['phonelist'])) { $query = sprintf("select * from phonelist where id=%d", mysql_real_escape_string($_GET['id'])); $result = mysql_query($query, $db); $contacts = mysql_fetch_assoc($result); } if ($contacts) { ?> <?php echo $result['firstName'] ?> <?php echo $result['lastName'] ?> <?php echo $result['email'] ?> <?php echo $result['phone'] ?> <?php include('entries.php') ?> <?php } else { ?> <p>The contact you have searched for is not listed in this Directory.</p> <?php } ?> Quote Link to comment Share on other sites More sharing options...
Hillary Posted March 7, 2009 Author Share Posted March 7, 2009 how do i make all the info in one single table. right now each piece of data is placed into its own table. <html> <body> <?php include ("dbinit.php"); ?><br> <h1>Directory</h1> <br><?php $entries = mysql_query('select * from phonelist', $db); if ($entries){ while ($contacts = mysql_fetch_assoc($entries)){?> <table border="1"> <tr bgcolor="#9ACD32"> <th>First Name</th> <th>Last Name</th> <th>E-mail</th> <th>Phone Number</th> </tr> <tr> <td><?php echo $contacts['firstName']?></td> <td><?php echo $contacts['lastName']?></td> <td width="300"><?php echo $contacts['email']?></td> <td><?php echo $contacts['phone']?></td></tr> </table><br> <?php } }else{?> <p>No contacts found.</p> <?php } ?><br><br><br> <a href="DBform.html">Submit new user information!!</a> ?> </body> </html> can any of you help me at all? Quote Link to comment Share on other sites More sharing options...
fenway Posted March 9, 2009 Share Posted March 9, 2009 Okay.... I'm not going through all that code especially when you didn't use tags. Then PLEASE stop asking for code!!!! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.