Jump to content

danelkayam

New Members
  • Posts

    2
  • Joined

  • Last visited

    Never

Profile Information

  • Gender
    Not Telling

danelkayam's Achievements

Newbie

Newbie (1/5)

0

Reputation

  1. I tried making a script for a petition to get a member banned in another forum. I wrote it in php using a mySQL database. I keep getting a pesky "File not specified." error when I run the signing part. I also need help making a "one signature per i.p." mechanism and maybe a better way of displaying the results. (Yes, I suck at design. I learn quickly code-wise but I'm a hopeless failure with anything design related such as css, image rendering, etc.) Heres what I've done so far. (Also, is pspad a good program for php? I love using it for html since you can do so much with its tag editing options but how it automatically closes brackets, quotes, and parentheses is irratating for long mySQL queries with escape_string which gets ultra confusing making sure the program didn't close my quotes) Main Page which displays signatures and terms: [code]<html> <head> <title>Petition Against *Insert What the petition is against, here*</title> </head> <body> To the *Insert whom the petition is supposed to affect*, <p>*Insert terms of petition here* <br>Click <a href="sign.php">Here</a> to sign the petition </body> <? // Connection Info $host = "*Insert host name here*"; $username =  "*Insert username here*"; $password = "*Insert password here*"; // Connecting to the host (Adapted so users won't see unsightly errors they don't understand \\ $connect = mysql_connect("$host" , "$username" , "$password") OR DIE("The site is currently down, please try again later"); // Selecting the database @mysql_select_db('petitionscript') OR DIE('The site is currently down, please try again later'); $first=$Post_['f_name']; $last=$Post_['l_name']; $email=$Post_['email']; // Showing all signatures $query = "Select * FROM signature"; $result=mysql_query($query); $num=mysql_numrows($result); mysql_close(); echo "<b><center>$num Signature(s)</center></b>"; $i=0; while ($i < $num){ $FirstName=mysql_result($result,$i,"FirstName"); $LastName=mysql_result($result,$i,"LastName"); $Email=mysql_result($result,$i,"Email"); $TSDate=mysql_result($result,$i,"TSDate"); echo "<br>First Name:<b>$FirstName</b>"; echo "<br>Last Name:<b>$LastName</b>"; echo "<br>E-mail:<b>$Email</b>"; echo "<br>Time of signature:<b>$TSDate</b>"; $i++; } ?>[/code] The sign.php file which allows the user to sign the petition(this is where I get my error): [code] <? if ($_GET['check'] == TRUE) { // Connection Info $host = "*host name here*"; $username =  "*user name here*"; $password = "*password here*"; // Connecting to the host $connect=mysql_connect("$host" , "$username" , "$password") OR DIE("The site is currently down, please try again later"); // Selecting the database @mysql_select_db('petitionscript') OR DIE('The site is currently down, please try again later'); // inserting information (escape_string to prevent query injections) $query = "INSERT INTO signature (FirstName, LastName, Email, TSDate) VALUES ('". mysql_real_escape_string($_GET['f_name']) ."', '". mysql_real_escape_string($_GET['l_name']) ."', '". mysql_real_escape_string($_GET['email']) ."', '". time() ."')"; mysql_query($query) or die(mysql_error()); mysql_close($connect); }else{ ?> <html> <head> <title>Signing the petition</title> </head> <body> <FORM action="sign.php" method="GET"> <INPUT type="text" name="f_name" value="First Name" ><br> <INPUT type="text" name="l_name" value="Last Name"><br> <INPUT type="text" name="email" value="E-mail Address"><br> <INPUT type="submit" value="Submit"> <INPUT type="hidden" name="check" value="TRUE"> </body> </html> <? } ?> [/code] Another note, when I try replacing the line: [code]<FORM action="sign.php" method="GET">[/code] With: [code]<FORM action="<?php echo $_SERVER['PHP_SELF']; ?>" method="GET"> [/code]I still get the same problem.
  2. You also want to use the escape_string function. That script is really prone to sql injection.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.