Address Database.

[lszanto]

I have been learning some mysql and decided to just see if I could make a decent script using php and mysql so I came up with the idea of making an online address database called Addy Online.

I have tested most things and believe everything is working but I just wanted you guys to see what you though of it and if it runs fine. You can find the database at www.lszanto.com/addyonline/ and the login is username - admin, password - password.

You can also download and install the script from www.lszanto.com/addyonline.zip I have included a readme file just to see if the instructions are clear on how to install.

Please post what you think and if I could improve it because I believe I will make a newer version soon with a search and different ways to order address's and such.

[c4onastick]

Looks great actually. CSS-based layout, clean appearance, user customizable styles, and it works! The margin at top is a little big for my taste, just a personal thing. Depending on your experience, you could add a little JS to edit addresses in-place on that table, that would be slick. I didn't see it on there, but you're definitely planning on adding a search feature right? It might be fun to play with some MySQL stats too, like how many people in the address book have gmail accounts, live in CA, etc. Looks like a great start and a fun project!

[lszanto]

Yeah I've been planning to make a newer version with some extra features which I will do in the future.

[emehrkay]

I just tested it out, mark@mark.mark lol

I havent looked at the code but just from my one entry I do have a few suggestions.

You should include the edit feature in the address list, that way the user doesnt have to get the name exactly right to edit it. I added "Mark" twice and then I did the search to edit and it brought up both results - thats kinda kludgy to me.

I tried to add a username like this "<script>alert()</script>" it doesnt input it - thats awesome, but your error page doesnt follow your styling.

Maybe you should set some standard fields for your addresses just so that you can make them searchable/sortable at a later date

I will play around with it some more and give more impressions later, but it does work well. good work

[corbin]

Yeah, it is kinda odd how it just puts out,
[code]
Not Acceptable
An appropriate representation of the requested resource /addyonline/addaddress.php could not be found on this server.
[/code]

The average user would sit there wondering what they did wrong...

Also, are the addresses in any order at all?  The phone number can be all letters which is kinda odd... But besides that it's great!

[lszanto]

Thanks, and nah there not in any order but as I said above I plan to make it so you can sort address's and search and stuff in the next version of addyonline.

[corbin]

Just got curios and downloaded the source...

I suggest you add the nav thing to a file and include it so that if you want to change it you dont have to alter every file.  Also, a small error, but in runonce you have
[code=php:0]
$database = "addyonline";

//Connect to mysql, don't edit below here.
mysql_connect($host, $username, $password) or die(mysql_error());

//Tell user results.
echo "\n\nConnected to mysql.<br />\n";

//Query to create database.
$databasesql = "CREATE DATABASE `addyonline` DEFAULT CHARACTER SET ascii COLLATE ascii_bin";
[/code]

Wouldn't really cause problems, but might confuse some users when they change the DB name and it still creates addyonline lol...

Also, if you want to get really specific, you should define a primary key in the admin table (doesn't really matter unless you add multiple user support in a later version)

I don't think it really matters, but can I ask why the charset ascii?

When I put <script>alert();</script> into a field when i was running it on my local server, it went through and inserted into the DB...

Maybe in addaddress.php add

[code=php:0]
if(get_magic_quotes_gpc()) {
$addslashes = 0;
}
foreach($_GET as $k => $v) {
str_replace("<", "&lt;", $v);
str_replace(">", "&gt", $v);
if($addslashes != 0) {
$_GET[$k] = addslashes($v);
}
}
}
[/code]

Also I personally would like to make a user input data instead of making it unknown lol... Atleast make them put in a name IMO.

Additionally I suggest using POST instead of GET... I like to use GET only on relatively small data...

Also you should put connect.php in a .htaccess protected folder or check the URI or something so that a user can't spam that page possibly causing problems with mysql although the chances are small and php auto closes mysql connections...

Oh and if you do use addslashes you're going to want to stripslashes() on the view page...

[lszanto]

Thanks, I'll take all that into mind when I'm fixing it up.

[lszanto]

Sorry for double post, but if you haven't been able to get in it's because somebody had changed the password to "h@ck3r" so I had to change it back, and please if you change it change it back when your done, thanks.

[ober]

Someone changed it again.  I can't get in to test it.

[lszanto]

I've fixed it again, and please don't do it again or I'll just have to disable people doing it.

[ober]

A few things:

1) I think you'd probably want more input fields to give it a little more depth.
2) Make it a little more user friendly and add 2 columns to the display table to allow users to click on a record directly to edit/delete.
3) make the table a little more readable and alternate the row background color.

[neylitalo]

[quote author=lszanto link=topic=120537.msg495602#msg495602 date=1167771683]please don't do it again or I'll just have to disable people doing it.[/quote]

Good luck with that.

[matto]

Think you could have some validation of what data is entered into the database.....just a thought...managed to enter "Testing" (with the quotes)

Would also be better if the name field was broken down into first, last etc rather than having one field..

;)

[corbin]

You might want to disable changing the password... Someone changed it again... Anyways, can I ask what the purpose of this script is?

Since only the admin can add info is it supposed to be used for like a personal address book?  Or whats a practical use of this?

There maybe something I'm missing completely with the uses though...

[Ninjakreborn]

I love it, I can't see it, but I like it, I tried it a minute earlier.  Iw ould like a chance to be able to login, if you don't mind.  After you fix it, since you have it available for download, where is a page that give's information on new version releases.  I like it, and want to give it a try, I was just about to create one, to keep track of client information, this'll save me some work.

[curt22]

It looks okay except for an overlap.
[img]http://curtis.ifastnet.com/overlap.bmp[/img]

[masaeurope]

Hi everybody,

first of all: Don't kill me. I am a newbie to PHP and mySQL. :o)

a) Do I get support/help here regarding "Online Addy"?

b) cant get it run. After the /install/ it keeps telling me I had an error in my database. But, 2 forums run fine on this mySQL DB-Server (puretec.de)

c) I can't find the "/install/runonce.php"... in /install/ there is an "index.php" only.

anxious looking forward to your replies,
I cant wait to have Online Addy running :)
Martin.

[masaeurope]

I am a tiny step ahead...

I downloaded the ZIp-File again and "boom" the "runonce.php" was there". In the script I filled out hostname, dbname and password. Now it tells me this:

"Connected to mysql.
You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'DEFAULT CHARACTER SET ascii COLLATE ascii_bin' at line 1".

[trecool999]

Someone changed it again :(.

I recommend you disable the whole 'change password' thing for testing.

[trecool999]

runonce.php gives me:

Access denied for user 'root'@'localhost' (using password: YES)