Guestbook help

Vestras

Retired
Reaction score
248
hey guys, i'm making a guestbook - i have the whole interface ready, the comment box, the post button, reset button, however - what now? how do i make the posts display? (<.<)

Code:
    <font class="mainstyle"></font><hr>
    <form method=POST action="guestbook.htm">
      <font class="mainstyle">Name:   </font><input type=text name=realname size=40><br><br>
      <font class="mainstyle">E-Mail: </font><input type=text name=username size=40><br><br>
      <font class="mainstyle">Comments:</font><br>
      <textarea name=comments COLS=60 ROWS=4></textarea><p>
      <input type=submit title="Post" value="Post"> * <input type=reset title="Reset" value="Reset">
    </form>
 

UndeadDragon

Super Moderator
Reaction score
448
What language do you want it in? (PHP/MySQL?)
 

UndeadDragon

Super Moderator
Reaction score
448
Ok, I will see if I can write you a basic guestbook script.

EDIT: Ok, it took me a bit longer than I thought, but I managed to write up your guestbook.

guestbook.php:

PHP:
<html>
<head>
<title>Guestbook</title>
</head>

<body>
<?php
$con = mysql_connect("localhost", "USER", "PASSWORD") or die("Cannot connect");
$rs = mysql_select_db("DATABASE", $con);
$sql = "SELECT * FROM guestbook ORDER BY time desc LIMIT 5";
$rs = mysql_query($sql);
while ($row = mysql_fetch_array($rs))
	{
	echo("<b>Name: </b>".htmlspecialchars($row["realname"])."<br><b>Email: </b>".htmlspecialchars($row["username"])."<br><b>Comments -</b><br>".htmlspecialchars($row["comments"])."<hr>");
	}
?>
	<h1>Post your comments</h1>
    <font class="mainstyle"></font>
    <form method=POST action="sign.php">
      <font class="mainstyle">Name:   </font><input type=text name=realname size=40><br><br>
      <font class="mainstyle">E-Mail: </font><input type=text name=username size=40><br><br>
      <font class="mainstyle">Comments:</font><br>
      <textarea name=comments COLS=60 ROWS=4></textarea><p>
      <input type=submit title="Post" value="Post"> * <input type=reset title="Reset" value="Reset">
    </form>
</body>
</html>

sign.php:

PHP:
<?php
$realname = mysql_real_escape_string($_POST['realname']);
$username = mysql_real_escape_string($_POST['username']);
$comments = mysql_real_escape_string($_POST['comments']);

$con = mysql_connect("localhost", "USER", "PASSWORD") or die("Cannot connect");
$rs = mysql_select_db("DATABASE", $con);

if ($realname and $comments)
	{
	$sql = "INSERT INTO guestbook (realname,username,comments) VALUES (\"$realname\",\"$username\",\"$comments\")";
	$rs = mysql_query($sql,$con);
	header('Location: guestbook.php');
	}
else
	{
	echo("Your comment has not been posted. Click <a href=\"guestbook.php\">here</a> to return.");
	}

query.sql:

PHP:
USE DATABASE;
CREATE table guestbook (
id integer auto_increment,
realname text,
username text,
comments text,
time timestamp(14), primary key(id)
);

--------------------------

To use it, you must first create a MySQL user on your host and then create a database. Run query.sql on your database to create the table.

You must change the following things to work on your database:

PHP:
$con = mysql_connect("localhost", "USER", "PASSWORD") or die("Cannot connect");

Where USER is your username, PASSWORD is your password and:

PHP:
$rs = mysql_select_db("DATABASE", $con);

DATABASE is the database name.
 

UndeadDragon

Super Moderator
Reaction score
448
No problem at all, just ask if you need help installing it.
 

Artificial

Without Intelligence
Reaction score
326
In signup.php:
PHP:
$realname = $_POST['realname'];
$username = $_POST['username'];
$comments = $_POST['comments'];
->
PHP:
$realname = mysql_real_escape_string($_POST['realname']);
$username = mysql_real_escape_string($_POST['username']);
$comments = mysql_real_escape_string($_POST['comments']);

You might wanna do that small change. Otherwise you'll have a pretty vulnerable guestbook there. ;p
Code:
[COLOR="Blue"][B]insert into[/B][/COLOR] guestbook [B][COLOR="Blue"]([/COLOR][/B]realname, username, comments[COLOR="Blue"][B])
values ([/B][/COLOR][COLOR="Gray"]"$a"[/COLOR], [COLOR="Gray"]"$b"[/COLOR], [COLOR="Gray"]"$c"[/COLOR][COLOR="Blue"][B]);[/B][/COLOR]

[COLOR="Green"]-- Now let's assume $c = 'Hello, world! "); drop table guestbook;--'
-- The SQL becomes this:[/COLOR]

[COLOR="Blue"][B]insert into[/B][/COLOR] guestbook [COLOR="Blue"][B]([/B][/COLOR]realname, username, comments[COLOR="Blue"][B])
values ([/B][/COLOR][COLOR="Gray"]"something"[/COLOR], [COLOR="Gray"]"something"[/COLOR], [COLOR="Gray"]"Hello, world! "[/COLOR][B][COLOR="Blue"]); drop table[/COLOR][/B] guestbook[COLOR="Blue"][B];[/B][/COLOR][COLOR="Green"]--");[/COLOR]

[COLOR="Green"]-- With mysql_real_escape_string it would've becomed this:
[/COLOR]
[COLOR="Blue"][B]insert into[/B][/COLOR] guestbook [COLOR="Blue"][B]([/B][/COLOR]realname, username, comments[COLOR="Blue"][B])
values ([/B][/COLOR][COLOR="Gray"]"something"[/COLOR], [COLOR="Gray"]"something"[/COLOR], [COLOR="Gray"]"Hello, world! \"); drop table guestbook;--"[/COLOR][COLOR="Blue"][B]);[/B][/COLOR]

In guestbook.php:
PHP:
echo("<b>Name: </b>".strip_tags($row["realname"])."<br><b>Email: </b>".strip_tags($row["username"])."<br><b>Comments -</b><br>".strip_tags($row["comments"])."<hr>");
And if I was you, I'd also replace those 'strip_tags' calls with 'htmlspecialchars' calls (the arguments are same in this case), as then the users would also be able to use the '<' character (yet without messing anything up). Currently e.g. "I <3 You!" would display as "I ", whereas with htmlspecialchars it'd be displayed as assumed, "I <3 You!".
 

UndeadDragon

Super Moderator
Reaction score
448
Ah yes, I did add those to one version I wrote and then I changed it and forgot to add those back.

>I'd also replace those 'strip_tags' calls with 'htmlspecialchars' calls

Good idea. Changed.

Thanks Arti.
 

Vestras

Retired
Reaction score
248
hmm, i don't know why, but when i do everything you said and then test, it doesn't do anything, doesn't create messages or anything.

www.vestras.net/guestbook.php

code:
PHP:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
 <title>3D model, 3D models, 3D animations - Vestras.net</title>
 <link rel="stylesheet" type="text/css" href="css/styles.css" /> 
</head>
<body bgcolor="Black">

<center>
<br> <br> <br>

<table cellpadding="0" cellspacing="0" border="0" width="800">
 <tr>
  <td>
   <img src="images/vestras-logo.jpg">
  </td>
 </tr>
</table>

<br> <br> <br>

<table cellpadding="0" cellspacing="0" border="0" width="800" height="400">
 <tr>
  <td width="200" valign="top">
   <a href="index.htm" class="menu"    >HOME</a> <br>
   <a href="gallery.htm" class="menu"  >GALLERY</a><br>
   <a href="guestbook.htm" class="menu">GUESTBOOK</a><br>
   <a href="about.htm" class="menu"    >ABOUT</a> <br>
   <a href="faq.htm" class="menu"      >FAQ</a><br>
  </td>
   <td valign="top">
	 <?php
    $con = mysql_connect("localhost", "user removed", "pass removed") or die("Cannot connect");
    $rs = mysql_select_db("vestrasbase", $con);
    $sql = "SELECT * FROM guestbook ORDER BY time desc LIMIT 5";
    $rs = mysql_query($sql);
    while ($row = mysql_fetch_array($rs))
    {
     echo("<b>Name: </b>".htmlspecialchars($row["realname"])."<br><b>Email: </b>".htmlspecialchars($row["username"])."<br><b>Comments -</b><br>".htmlspecialchars($row["comments"])."<hr>");
    }
   ?>
    <font class="mainstyle"></font><hr>
    <form method=POST action="guestbook.php">
      <font class="mainstyle">Name:   </font><input type=text name=realname size=40><br><br>
      <font class="mainstyle">E-Mail: </font><input type=text name=username size=40><br><br>
      <font class="mainstyle">Comments:</font><br>
      <textarea name=comments COLS=60 ROWS=4></textarea><p>
      <input type=submit title="Post" value="Post"> * <input type=reset title="Reset" value="Reset">
	  </form>
	 <hr>
  </td>
 </tr>
</table>

<br> <br> <br>

<font class="footer">© Copyright Vestras.net - Vestras.net from 2009</font>
</center>

</body>
</html>

PHP:
USE DATABASE;
CREATE table guestbook (
id integer auto_increment,
realname text,
username text,
comments text,
time timestamp(14), primary key(id)
);

PHP:
<?php
$realname = mysql_real_escape_string($_POST['realname']);
$username = mysql_real_escape_string($_POST['username']);
$comments = mysql_real_escape_string($_POST['comments']);

$con = mysql_connect("localhost", "user removed", "pass removed") or die("Cannot connect");
$rs = mysql_select_db("vestrasbase", $con);

if ($realname and $comments)
    {
    $sql = "INSERT INTO guestbook (realname,username,comments) VALUES (\"$realname\",\"$username\",\"$comments\")";
    $rs = mysql_query($sql,$con);
    header('Location: guestbook.php');
    }
else
    {
    echo("Your comment has not been posted. Click <a href=\"guestbook.php\">here</a> to return.");
    }

wut?
 

Artificial

Without Intelligence
Reaction score
326
In guestbook.php:
PHP:
or die("Cannot connect");
You're getting that error (black text on black background just isn't quite visible).

Replace that with this:
PHP:
or die('<font style="color: white;">' . mysql_error() . '</font>');
And then see what error it gives.
 

UndeadDragon

Super Moderator
Reaction score
448
Also, check whether your host runs the database through localhost, or if it is another remote location.
 

Vestras

Retired
Reaction score
248
oh, i see, damn.

> Also, check whether your host runs the database through localhost, or if it is another remote location.

uhm... i just installed mysql on my comp, that isn't correct i asume? sorry, it's been 4 years since i last did this kinda stuff.
 

UndeadDragon

Super Moderator
Reaction score
448
It should be fine through your computer, and localhost should work properly. What error did it give?
 

UndeadDragon

Super Moderator
Reaction score
448
The only option would be to change host. Most hosts support MySQL now.
 

UndeadDragon

Super Moderator
Reaction score
448
Unless you can get them to use MySQL, I am afraid there is nothing else you can do, apart from change my script to work with XML/txt file, but I do not know how to do that.
 
General chit-chat
Help Users
  • No one is chatting at the moment.

      The Helper Discord

      Members online

      No members online now.

      Affiliates

      Hive Workshop NUON Dome World Editor Tutorials

      Network Sponsors

      Apex Steel Pipe - Buys and sells Steel Pipe.
      Top