music_fan01 Posted October 4, 2011 Share Posted October 4, 2011 I have a working guestbook, but adjusting the time is whats getting me. I am trying to get the time to change depending on the timezone. And I also trying to get the time in the format 1:00 PM, not 21:00. Then on a different note, how can I stop spamming and injections. Index page for guestbook <HTML> <HEAD> <style type="text/css"> <!-- .style1 {font-size: 12px} body,td,th { font-size: 14px; } a { font-size: 12px; } body { background-color: #CCCCCC; SCROLLBAR-FACE-COLOR: #0066FF; MARGIN: 0px; SCROLLBAR-HIGHLIGHT-COLOR: #0066FF; SCROLLBAR-SHADOW-COLOR: #0066FF; SCROLLBAR-3DLIGHT-COLOR: #0066FF; SCROLLBAR-ARROW-COLOR: #51B0F2; SCROLLBAR-TRACK-COLOR: #51B0F2; Courier New; SCROLLBAR-DARKSHADOW-COLOR: #000000 } a:link { color: #0066FF; text-decoration: none; } a:visited { text-decoration: none; color: #0066FF; } a:hover { text-decoration: underline; color: #0066FF; } a:active { text-decoration: none; } --> </style> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><BODY> <form method="post" action="addguestbook.php"> <div align="center"></div> <div align="center"></div> <div align="center" class="style1"></div> <div align="center"><span class="style1">Name:</span><br /> <input name="name" type="text" size="30" maxlength="40" /> <br /> <span class="style1"><br /> Email:</span><br /> <input name="email" type="text" size="30" maxlength="40" /> <br /> <br /> <span class="style1">Home Page:</span><br /> <input name="site" type="text" size="30" value="http://" maxlength="40" /> <br /> <br /> <span class="style1">Message:</span><br /> <textarea name="msg" cols="22" rows="6"></textarea> <br /> <br /> <input type="reset" value="Reset" /> <input type="submit" value="Send" /> </div> <div align="center"> <p> </p> <?php $file = "guestbook.txt"; if (fopen($file, "r")) { $fil = "guestbook.txt"; $fo = fopen ($fil, "r"); $con = fread ($fo,filesize ($fil)); fclose ($fo); echo "$con"; } else { echo "<h3>Sorry there was an error please contact us now<h3>"; } ?></div> </BODY> </HTML> addguestbook.php <HTML> <HEAD> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><style type="text/css"> <!-- body,td,th { font-size: 12px; color: #000000; } a:link { text-decoration: none; color: #0066FF; } a:visited { text-decoration: none; color: #0066FF; } a:hover { text-decoration: underline; color: #0066FF; } a:active { text-decoration: none; } body { background-color: #CCCCCC; SCROLLBAR-FACE-COLOR: #0066FF; MARGIN: 0px; SCROLLBAR-HIGHLIGHT-COLOR: #0066FF; SCROLLBAR-SHADOW-COLOR: #0066FF; SCROLLBAR-3DLIGHT-COLOR: #0066FF; SCROLLBAR-ARROW-COLOR: #51B0F2; SCROLLBAR-TRACK-COLOR: #51B0F2; Courier New; SCROLLBAR-DARKSHADOW-COLOR: #000000 } --> </style> </HEAD> <BODY> <?php function is_leapyear($year = 2004) { return ($year%4)==0; } $file = "guestbook.txt"; $name = $_POST['name']; $email = $_POST['email']; $site = $_POST['site']; $msg = $_POST['msg']; $site = stripslashes($site); $msg = stripslashes($msg); $email = stripslashes($email); $name = stripslashes($name); $msg = str_replace ("<","<",$msg); $msg = str_replace ("\n","<br>",$msg); $site = str_replace ("<","<",$site); $site = str_replace ("\n","<br>",$site); $email = str_replace ("<","<",$email); $email = str_replace ("\n","<br>",$email); $name = str_replace ("<","<",$name); $name = str_replace ("\n","<br>",$name); if(empty($email) || empty($name) || empty($msg)) { echo "<h3>Sorry all fields are required</h3>"; } else { $fp = fopen($file,"a"); $timestamp=date("M/D/Y h:m:s"); fwrite($fp, ' <font size="3"> <BR><BR> Posted: '.$timestamp.'<br /> Name: '.$name.'<BR> Email: <a href="mailto:'.$email.'">'.$email.'</a><BR> Home Page: <a href="'.$site.'">'.$site.'</a><BR>Message: '.$msg.'<BR> '); fclose($fp); echo '<font size="3"><p align="center">Thank you '.$name.' for singing my guestbook</p></font>'; } ?> <div align="center"></div> <div align="center"></div> <div align="center"></div> <div align="center"></div> <p align="center"><a href="index.php">Back to GuestBook</a></p> <div align="center"></div> </BODY> </HTML> Link to comment https://forums.phpfreaks.com/topic/248373-adjusting-the-time-in-php-for-a-guestbook/ Share on other sites More sharing options...
MasterACE14 Posted October 4, 2011 Share Posted October 4, 2011 I am trying to get the time to change depending on the timezone. date_default_timezone_set() trying to get the time in the format 1:00 PM, not 21:00. date() Link to comment https://forums.phpfreaks.com/topic/248373-adjusting-the-time-in-php-for-a-guestbook/#findComment-1275463 Share on other sites More sharing options...
marcus Posted October 4, 2011 Share Posted October 4, 2011 date('h:i:s a') 11:24:15 pm Link to comment https://forums.phpfreaks.com/topic/248373-adjusting-the-time-in-php-for-a-guestbook/#findComment-1275464 Share on other sites More sharing options...
mikesta707 Posted October 4, 2011 Share Posted October 4, 2011 To answer your other question about injections, you don't use a database of any kind, so you don't need to worry about injections. However, if you output the contents of your guest book on a page, you do want to make sure that you convert any html to their respective html entities. You do that some what, but there is a better way. This task is so common that PHP created a built in function for converting html code to its respective entities. its called htmlentities(). You have the right idea with converting < (less than sign) to its entity, but you don't go as far as the htmlentities function (manual entry: http://php.net/manual/en/function.htmlentities.php) also, there is a PHP function for converting new lines into HTML lines breaks called nl2br nl2br: http://php.net/manual/en/function.nl2br.php. //old version $msg = str_replace ("<","<",$msg); $msg = str_replace ("\n","<br>",$msg); $site = str_replace ("<","<",$site); $site = str_replace ("\n","<br>",$site); $email = str_replace ("<","<",$email); $email = str_replace ("\n","<br>",$email); $name = str_replace ("<","<",$name); $name = str_replace ("\n","<br>",$name); //can be replaced by $msg = nl2br(htmlentities($msg)); $site = nl2br(htmlentities($site)); $email = nl2br(htmlentities($email)); $name = nl2br(htmlentities($name)); if you are interested in creating a database (which I suggest you do, as its overall better than using txt files) and want to know how to make variables safe for inserting into queries, I wrote a tutorial on the basics of sanitizing variables. You can read it here: http://wp.me/p1AGMt-22 Link to comment https://forums.phpfreaks.com/topic/248373-adjusting-the-time-in-php-for-a-guestbook/#findComment-1275471 Share on other sites More sharing options...
music_fan01 Posted October 4, 2011 Author Share Posted October 4, 2011 I am trying to get the time to change depending on the timezone. date_default_timezone_set() trying to get the time in the format 1:00 PM, not 21:00. date() For the timezone, do I need to put something in the function? I was reading the tutorial and there are some examples that do have something in the function. Link to comment https://forums.phpfreaks.com/topic/248373-adjusting-the-time-in-php-for-a-guestbook/#findComment-1275829 Share on other sites More sharing options...
music_fan01 Posted October 5, 2011 Author Share Posted October 5, 2011 To answer your other question about injections, you don't use a database of any kind, so you don't need to worry about injections. However, if you output the contents of your guest book on a page, you do want to make sure that you convert any html to their respective html entities. You do that some what, but there is a better way. This task is so common that PHP created a built in function for converting html code to its respective entities. its called htmlentities(). You have the right idea with converting < (less than sign) to its entity, but you don't go as far as the htmlentities function (manual entry: http://php.net/manual/en/function.htmlentities.php) also, there is a PHP function for converting new lines into HTML lines breaks called nl2br nl2br: http://php.net/manual/en/function.nl2br.php. //old version $msg = str_replace ("<","<",$msg); $msg = str_replace ("\n","<br>",$msg); $site = str_replace ("<","<",$site); $site = str_replace ("\n","<br>",$site); $email = str_replace ("<","<",$email); $email = str_replace ("\n","<br>",$email); $name = str_replace ("<","<",$name); $name = str_replace ("\n","<br>",$name); //can be replaced by $msg = nl2br(htmlentities($msg)); $site = nl2br(htmlentities($site)); $email = nl2br(htmlentities($email)); $name = nl2br(htmlentities($name)); if you are interested in creating a database (which I suggest you do, as its overall better than using txt files) and want to know how to make variables safe for inserting into queries, I wrote a tutorial on the basics of sanitizing variables. You can read it here: http://wp.me/p1AGMt-22 To make sure that I am understanding how to build a database, would I go about it like: SELECT * FROM user_table WHERE name=’$name’ email=’$email’ site="$site' AND msg="$msg" Link to comment https://forums.phpfreaks.com/topic/248373-adjusting-the-time-in-php-for-a-guestbook/#findComment-1275833 Share on other sites More sharing options...
mikesta707 Posted October 5, 2011 Share Posted October 5, 2011 Almost. The valid form of the query you posted would be SELECT * FROM user_table WHERE name=’$name’ AND email=’$email’ AND site="$site' AND msg="$msg" You need to connect each equivalency test with a logical operator (AND or OR). Also, this is just 1 part of managing and building a database. You have to first create the database/populate it with data/ etc. Link to comment https://forums.phpfreaks.com/topic/248373-adjusting-the-time-in-php-for-a-guestbook/#findComment-1275835 Share on other sites More sharing options...
music_fan01 Posted October 5, 2011 Author Share Posted October 5, 2011 Almost. The valid form of the query you posted would be SELECT * FROM user_table WHERE name=’$name’ AND email=’$email’ AND site="$site' AND msg="$msg" You need to connect each equivalency test with a logical operator (AND or OR). Also, this is just 1 part of managing and building a database. You have to first create the database/populate it with data/ etc. Before I get into building the database anymore, I dont have to link an admin name or password into the database? Link to comment https://forums.phpfreaks.com/topic/248373-adjusting-the-time-in-php-for-a-guestbook/#findComment-1275851 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.