Jump to content

Recommended Posts

Hi All,

 

Hope you can help. I am doing a very basic guestbook. Having problems with the posting method.

The code is below all I am doing is insert a record into a mysql table but when I post getting a blank page with no obvious errors! code is below.

 

 

if ($_POST['submit'])

{

 

$name = $_POST['name'];

$email = $_POST['email'];

$message = $_POST['message'];

$date = $_POST("Y-m-d");

$time = $_POST("H:i:s");

 

if($name&&$email&&$message)

{

$querypost = mysql_query("INSERT INTO guestbook (id, name, email, message, date, time) VALUES ('','$name','$email','$message','$date','$time')");

 

echo "Please wait.... <meta http-equiv='refresh' content='2'>";

}

else

echo "Please fill out all fields.";

 

 

 

}

 

Link to comment
https://forums.phpfreaks.com/topic/221503-guestbook-problem-please-help/
Share on other sites

Now, I don't know your html form, but I kinda fixed up a bit on your php... I'm not too happy about some of the input names either, try to just use letters.

 

if(isset($_POST['submit'])){
$formfilled=0;
$formsforgot=array();
if(!empty($_POST['name'])){
	$name = $_POST['name'];
	$formfilled++;
}else{
	$formsforgot[]='name';
}
if(!empty($_POST['email'])){
	$email = $_POST['email'];
	$formfilled++;
}else{
	$formsforgot[]='email';
}
if(!empty($_POST['message'])){
	$message = $_POST['message'];
	$formfilled++;
}else{
	$formsforgot[]='message';
}
if(!empty($_POST['Y-m-d'])){
	$date = $_POST['Y-m-d'];
	$formfilled++;
}else{
	$formsforgot[]='Y-m-d';
}
if(!empty($_POST['H:i:s'])){
	$time = $_POST['H:i:s'];
	$formfilled++;
}else{
	$formsforgot[]='H:i:s';
}
if($formfilled==5){
	mysql_query("INSERT INTO guestbook (id, name, email, message, date, time) VALUES ('','$name','$email','$message','$date','$time')") or die(mysql_error());
	echo "Please wait.... <meta http-equiv='refresh' content='2'>";
}else{
	echo "Please fill out all fields.";
	foreach($formsforgot AS $forgot){
		echo '<br />You forgot to fill out '.$forgot;
	}
}
}

if(isset($_POST['submit'])){
if(!empty($_POST['name'])&&!empty($_POST['email'])&&!empty($_POST['message'])&&!empty($_POST['Y-m-d'])&&!empty($_POST['H:i:s'])){
	// mysql_real_escape_string to at least spare you from some trouble...
	$query="INSERT INTO guestbook (id, name, email, message, date, time) VALUES ('','".mysql_real_escape_string($_POST['name'])."','".mysql_real_escape_string($_POST['email'])."','".mysql_real_escape_string($_POST['message'])."','".mysql_real_escape_string($_POST['Y-m-d'])."','".mysql_real_escape_string($_POST['H:i:s'])."')";
	echo $query; // just for testing purposes...
	mysql_query($query) or die(mysql_error());
	echo "Please wait.... <meta http-equiv='refresh' content='2'>";
}else{
	echo "Please fill out all fields.";
}
}

 

I still want to see the html code, and also, you need to connect to the mysql server and select database before the mysql query...

 

also, the meta tag should be in the header of the html code...

Full post just trying your solutions! much appreciated!

 

<?

echo "<h1> Make a Post</h1>";

 

echo "<hr>";

 

if ($_POST['submit'])

{

 

$name = $_POST['name'];

$email = $_POST['email'];

$message = $_POST['message'];

$date = $_POST("Y-m-d");

$time = $_POST("H:i:s");

 

if($name&&$email&&$message)

{

$querypost = mysql_query("INSERT INTO guestbook (id, name, email, message, date, time) VALUES ('','$name','$email','$message','$date','$time')");

 

echo "Please wait.... <meta http-equiv='refresh' content='2'>";

}

else

echo "Please fill out all fields.";

 

 

 

}

 

 

//connect

require("connectegamerdb.php");//connecting to sql

//get all data entries

$queryget = mysql_query("SELECT * FROM guestbook") or die ("error");

 

while($row = mysql_fetch_assoc($queryget))

{

//get and store var

$id = $row['id'];

$name = $row['name'];

$email = $row['email'];

$message = $row['message'];

$date = $row['date'];

$time = $row['time'];

 

//echo out

echo

"

 

<table>

<tr>

<td>

<b>Posted by $name ($email) on $date at $time.</b>

</td>

</tr>

 

<tr>

<td>

".nl2br(strip_tags($message))."

 

</td>

 

 

</tr>

 

 

 

</table>

 

";

 

 

}

 

 

echo "<hr>";

 

echo "

 

<form action='guestbook.php' method='POST'>

 

<table width='100'>

 

<tr>

<td width = '20%'>

Your Name:

</td>

<td>

<input type='text' name='name' maxlength='25'>

</td>

</tr>

 

<tr>

<td>

Your email:

</td>

<td>

<input type='text' name='email' maxlength='35'>

</td>

</tr>

 

<tr>

<td valign = 'top'>

Your message:

</td>

<td>

<textarea cols='20' rows='2' name='message' maxlength='250'></textarea>

 

<p><input type ='submit' name='submit' value='Post'>

</td>

</tr>

 

 

</table>

If id is a PRIMARY KEY and AUTO INCREMENTED You don't need to put this in your insert query. MySQL can handle this field, this is probably why your getting a white page.

$query="INSERT INTO guestbook (name, email, message, date, time) VALUES (".mysql_real_escape_string($_POST['name'])."','".mysql_real_escape_string($_POST['email'])."','".mysql_real_escape_string($_POST['message'])."','".mysql_real_escape_string($_POST['Y-m-d'])."','".mysql_real_escape_string($_POST['H:i:s'])."')";
	echo $query; // just for testing purposes...
	mysql_query($query) or die(mysql_error());

 

and as MMDE shows, always sanitize user input before inserting into your db.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.