...

View Full Version : Mod on Nightfire's PHP GuestBook.



Noumenon
10-08-2004, 07:10 PM
Why do I keep getting this when several rows of text is entered? it messes everything up.

http://212.112.183.83/contents/interactive_guestbook.php

The code is this:

<HTML>
<HEAD>
<TITLE>CLAYMEN</TITLE>
<LINK REL="stylesheet" HREF="../style.css" TYPE="text/css">
</HEAD>
<BODY>
<TABLE HEIGHT="100%" WIDTH="100%" BORDER="0" CELLSPACING="0" CELLPADDING="0">
<TR>
<TD ALIGN="center" VALIGN="top">
<?php
$host = 'localhost'; // This should be either localhost or 127.0.0.1
$username = 'root'; // Your database username
$password = ''; // Your database password
$dbname = 'guestbook'; // Your database name

$listing = 'DESC'; // Choose how you want your guestbook results to show. ASC = ascending (Older entries at the top of the page), DESC = descending (New entries on the top of the page)

$link = @mysql_connect($host,$username,$password) or die("Unable to connect to the database. Reason: ".mysql_error());
mysql_select_db($dbname,$link) or die("Unable to find database. Reason: ".mysql_error());

if(isset($_POST['submit'])){

$sql = "INSERT INTO entries (id,uname,email,website,entry,dates) VALUES ('','".$_POST['uname']."','".$_POST['email']."','".$_POST['website']."','".$_POST['entry']."',NOW())";
$result = @mysql_query($sql) or die("Error with mysql query on line ".__LINE__.". <BR />".mysql_error());

}

$sql = "SELECT uname,email,website,entry,dates FROM entries ORDER BY id ".$listing;
$result = @mysql_query($sql) or die("Error with mysql query on line ". __LINE__.".<BR />". mysql_error());

if(@mysql_num_rows($result) >0){
while($row = mysql_fetch_array($result)){
echo '<TABLE BORDER="0" CELLSPACING="0" CELLPADDING="0" WIDTH="250">'."\n";
echo ' <TR WIDTH="250">'."\n";
echo ' <TD HEIGHT="13" ALIGN="left" BGCOLOR="#455058"><FONT>&nbsp;<B>'.$row['uname'].'</B></FONT></B></TD>'."\n";
echo ' <TD HEIGHT="13" ALIGN="right" BGCOLOR="#455058"><FONT>'.$row['dates'].'&nbsp;</FONT></TD>'."\n";
echo ' </TR>'."\n";
echo ' <TR WIDTH="250">'."\n";
echo ' <TD ALIGN="left" WIDTH="250" COLSPAN="2"><DIV ALIGN="justify" WIDTH="250"><FONT>&nbsp;'.$row['entry'].'</FONT><BR><BR></DIV></TD>'."\n";
echo ' </TR>'."\n";
echo ' <TR WIDTH="250">'."\n";
echo ' <TD ALIGN="center" WIDTH="250" COLSPAN="2"><IMG SRC="../pics/999999.gif" HEIGHT="1" WIDTH="250"><BR><FONT><A HREF="'.$row['website'].'" TARGET="blank_">Website</A>&nbsp;|&nbsp;<A HREF="mailto:'.$row['email'].'">Email</A></FONT><BR><IMG SRC="../pics/999999.gif" HEIGHT="1" WIDTH="250"><BR><BR></TD>'."\n";
echo ' </TR>'."\n";
echo '</TABLE>'."\n";
}
}
else {
echo "<FONT>No entries yet.</FONT>\n";
}
?>
</TD>
<TD ALIGN="right" VALIGN="top">
<FORM ACTION="<?php echo $_SERVER['PHP_SELF']; ?>" METHOD="post">
<INPUT TYPE="text" NAME="uname" SIZE="22" VALUE=" Name" CLASS="formstyle" STYLE="-moz-opacity:0.6;filter:alpha(opacity=60)" onMouseOver="this.style.MozOpacity=1;this.filters.alpha.opacity=100" onMouseOut="this.style.MozOpacity=0.6;this.filters.alpha.opacity=60" onFocus="javascript:this.select()"><BR>
<INPUT TYPE="text" NAME="email" SIZE="22" VALUE=" Email" CLASS="formstyle" STYLE="-moz-opacity:0.6;filter:alpha(opacity=60)" onMouseOver="this.style.MozOpacity=1;this.filters.alpha.opacity=100" onMouseOut="this.style.MozOpacity=0.6;this.filters.alpha.opacity=60" onFocus="javascript:this.select()"><BR>
<INPUT TYPE="text" NAME="website" SIZE="22" VALUE=" Website" CLASS="formstyle" STYLE="-moz-opacity:0.6;filter:alpha(opacity=60)" onMouseOver="this.style.MozOpacity=1;this.filters.alpha.opacity=100" onMouseOut="this.style.MozOpacity=0.6;this.filters.alpha.opacity=60" onFocus="javascript:this.select()"><BR>
<TEXTAREA NAME="entry" ROWS="7" COLS="19" CLASS="formstyle" STYLE="-moz-opacity:0.6;filter:alpha(opacity=60)" onMouseOver="this.style.MozOpacity=1;this.filters.alpha.opacity=100" onMouseOut="this.style.MozOpacity=0.6;this.filters.alpha.opacity=60" onFocus="javascript:this.select()">&nbsp;Message</TEXTAREA><BR>
<INPUT TYPE="submit" VALUE=" Post " NAME="submit" CLASS="submitstyle" STYLE="-moz-opacity:0.6;filter:alpha(opacity=60)" onMouseOver="this.style.MozOpacity=1;this.filters.alpha.opacity=100" onMouseOut="this.style.MozOpacity=0.6;this.filters.alpha.opacity=60">
</FORM>
</TD>
</TR>
</TABLE>
</BODY>
</HTML>

And how do I make it so that there are links at the bottom for other pages when the content of the gb is more than a certain number of pixels or so? (like the google 1,2,3,4,5,6,7,8,9....)

Nightfire
10-08-2004, 08:42 PM
1)
$sql = "INSERT INTO entries (id,uname,email,website,entry,dates) VALUES ('','".$_POST['uname']."','".$_POST['email']."','".$_POST['website']."','".nl2br($_POST['entry'])."',NOW())";

2) Do a search on the forums for pagination. It works by number of records found, not pixels. Would modify it for you myself but haven't got the time tonight to do it

Noumenon
10-08-2004, 08:52 PM
hm. the first bit regarding
$sql = "INSERT INTO entries (id,uname,email,website,entry,dates) VALUES ('','".$_POST['uname']."','".$_POST['email']."','".$_POST['website']."','".nl2br($_POST['entry'])."',NOW())";

that doesn't fix the problem with the "messagemessagemessagemessagemessagemessagemessage" entry, it still doesn't break the line.


btw. shouldn't the guestbook entries show up in an iframe if you have put the gb-code inside an iframe tag?
<IFRAME><GB PHP CODE></IFRAME>

another thing.
if the user don't fill in Website nor Email no link should be printed.
this could be done with an if-statement for each of them, right?

like this


if ($row['website']==website) {
}
else {
echo '<A HREF="'.$row['website'].'" TARGET="blank_">Website</A>'."\n";
}

mrjamin
10-08-2004, 10:46 PM
if ($row['website']==website) {
}
else {
echo '<A HREF="'.$row['website'].'" TARGET="blank_">Website</A>'."\n";
}

try:


echo strlen($row['website']) != 0 || $row['website'] != 'website' ? '<A HREF="'.$row['website'].'" TARGET="_blank">Website</A>'."\n" : NULL;

better yet, do the checking to see if a website/email address has been entered when the data is on the way into the database, provided you set the column to allow NULL values, you can do a simple isset() on the way out

Kurashu
10-08-2004, 10:56 PM
There is a way to deal with the messagemessagemessage thing, however I can't think of the function (I thought it was stripos, but it wasn't). However, I do have the solution for the optional info. =)



<?php
if (isset($row["website"])) { print " <strong><a href=\"". $row["website"] ."\">Website</a></strong>";}

if (isset($row["email"])) { print " <strong><a href=\"mailto:". $row["email"] ."\">E-Mail</a></strong>";}
?>


Edit: Typoed a var name. Never good to leave unfixed. =)

Noumenon
10-09-2004, 12:06 AM
try:


echo strlen($row['website']) != 0 || $row['website'] != 'website' ? '<A HREF="'.$row['website'].'" TARGET="_blank">Website</A>'."\n" : NULL;

better yet, do the checking to see if a website/email address has been entered when the data is on the way into the database, provided you set the column to allow NULL values, you can do a simple isset() on the way out

How would one do that?

mrjamin
10-09-2004, 12:23 AM
How would one do that?

First off, set the email/website columns to allow NULL values using:


ALTER TABLE `entries` CHANGE `website` `website` VARCHAR(255), CHANGE `email` `email` VARCHAR(255)

Change the 'varchar(255)' bits to whatever field type/length they were before, although it doesn't explicitly say it, the above will 'allow' them to have NULL values as it removes the NOT NULL that they may have been created with.

Anyway. Next, do some basic error checking before you build the insert query:



<?php
// Loop through the post vars and escape slashes which might confuse MySQL
foreach($_POST as $key => $val){
$_POST[$key] = addslashes($val);
}
// set the default 'email' form field value so we can check to see if its been changed by the user
$defaultEmail = 'email';
// then do the same for the website field
$defaultWebsite = 'website';

// then, check to see if the fields have no length, or are equal to the default value
// if so then set it to NULL, otherwise add it to the query and pre/append with 's
$email = strlen($_POST['email']) > 0 || $_POST['email'] != 'email' ? "'$_POST[email]'" : "NULL";
$website = strlen($_POST['website']) > 0 || $_POST['website'] != 'website' ? "'$_POST[website]'" : "NULL";

// build the query :: NOTICE THAT $email AND $website DON'T HAVE ' AROUND THEM, LOOK ABOVE!
$sql = "INSERT INTO `entries` SET
`uname` = '$_POST[uname]',
`email` = $email,
`website` = $website`
`entry` = '" . nl2br($_POST['entry']) . "',
`dates` = NOW()";
?>


...and there you have it.

Edit:
Forgot to add, on the way out, just do:


echo isset($row['website']) != 0 ? "<A HREF=\"".$row['website']."\" TARGET=\"_blank\">Website</A>\n" : NULL;
echo isset($row['email']) != 0 ? "<A HREF=\"mailto:".$row['email']."\" TARGET=\"_blank\">Email</A>\n" : NULL;

instead of isset(), you could just use
echo $row['website'] ? /* true */ : /* false */; but you might get some PHP notices if your server's error reporting is too aggressive, its generally bad practice to write could that'd output notices (even if displaying notices are turned off) anyway so probably best avoided full stop and sticking with isset().
ANOTHER EDIT: fixed error checking typo

Noumenon
10-09-2004, 12:58 AM
In phpmyadmin it shows the guestbook DB and the table entries.
for the field email and website null was set to "not null" and now changed to "null".. and still varchar(250)... is this what you meant?

Actually, I don't get it at all *lol*
Have no idea what to do with that code and the previous code. heh.

mrjamin
10-09-2004, 01:01 AM
In phpmyadmin it shows the guestbook DB and the table entries.
for the field email and website null was set to "not null" and now changed to "null".. and still varchar(250)... is this what you meant?
Yep, that'd do it :)

Noumenon
10-09-2004, 01:18 AM
Heh, I feel kinda stupid right now.

what do I change in this code?


<?php
$host = 'localhost'; // This should be either localhost or 127.0.0.1
$username = 'root'; // Your database username
$password = ''; // Your database password
$dbname = 'guestbook'; // Your database name

$listing = 'DESC'; // Choose how you want your guestbook results to show. ASC = ascending (Older entries at the top of the page), DESC = descending (New entries on the top of the page)

$link = @mysql_connect($host,$username,$password) or die("Unable to connect to the database. Reason: ".mysql_error());
mysql_select_db($dbname,$link) or die("Unable to find database. Reason: ".mysql_error());

if(isset($_POST['submit'])){

$sql = "INSERT INTO entries (id,uname,email,website,entry,dates) VALUES ('','".$_POST['uname']."','".$_POST['email']."','".$_POST['website']."','".nl2br($_POST['entry'])."',NOW())";
$result = @mysql_query($sql) or die("Error with mysql query on line ".__LINE__.". <BR />".mysql_error());
}

$sql = "SELECT uname,email,website,entry,dates FROM entries ORDER BY id ".$listing;
$result = @mysql_query($sql) or die("Error with mysql query on line ". __LINE__.".<BR />". mysql_error());

if(@mysql_num_rows($result) >0){
while($row = mysql_fetch_array($result)){
echo '<TABLE BORDER="0" CELLSPACING="0" CELLPADDING="0" WIDTH="250">'."\n";
echo ' <TR WIDTH="250">'."\n";
echo ' <TD HEIGHT="13" ALIGN="left" BGCOLOR="#455058"><FONT>&nbsp;<B>'.$row['uname'].'</B></FONT></B></TD>'."\n";
echo ' <TD HEIGHT="13" ALIGN="right" BGCOLOR="#455058"><FONT>'.$row['dates'].'&nbsp;</FONT></TD>'."\n";
echo ' </TR>'."\n";
echo ' <TR WIDTH="250">'."\n";
echo ' <TD ALIGN="left" WIDTH="250" COLSPAN="2"><DIV ALIGN="justify" WIDTH="250"><FONT>&nbsp;'.$row['entry'].'</FONT><BR><BR></DIV></TD>'."\n";
echo ' </TR>'."\n";
echo ' <TR WIDTH="250">'."\n";
echo ' <TD ALIGN="center" WIDTH="250" COLSPAN="2"><IMG SRC="../pics/999999.gif" HEIGHT="1" WIDTH="250"><BR><FONT><A HREF="'.$row['website'].'" TARGET="blank_">Website</A>&nbsp;|&nbsp;<A HREF="mailto:'.$row['email'].'">Email</A></FONT><BR><IMG SRC="../pics/999999.gif" HEIGHT="1" WIDTH="250"><BR><BR></TD>'."\n";
echo ' </TR>'."\n";
echo '</TABLE>'."\n";
}
}
else {
echo "<FONT>No entries yet.</FONT>\n";
}
?>

mrjamin
10-09-2004, 01:25 AM
what do I change in this code?



<?php
// turn email address into spam-bot proof ones
function mail_mash($addy) {
$addy = 'mailto:'.$addy;
for($i=0;$i<strlen($addy);$i++){
$letters[]=$addy[$i];
}
while (list($key, $val) = each($letters)) {
$r = rand(0,20);
if($r > 9){
$letters[$key] = '&#'.ord($letters[$key]).';';
}
}
$mashed_email_addy = implode('', $letters);
return $mashed_email_addy;
}
$host = 'localhost'; // This should be either localhost or 127.0.0.1
$username = 'root'; // Your database username
$password = ''; // Your database password
$dbname = 'guestbook'; // Your database name

$listing = 'DESC'; // Choose how you want your guestbook results to show. ASC = ascending (Older entries at the top of the page), DESC = descending (New entries on the top of the page)

$link = @mysql_connect($host,$username,$password) or die("Unable to connect to the database. Reason: ".mysql_error());
mysql_select_db($dbname,$link) or die("Unable to find database. Reason: ".mysql_error());

if(isset($_POST['submit'])){
// MRJAMIN'S MOD
// Loop through the post vars and escape slashes which might confuse MySQL
foreach($_POST as $key => $val){
$_POST[$key] = addslashes($val);
}
// set the default 'email' form field value so we can check to see if its been changed by the user
$defaultEmail = 'email';
// then do the same for the website field
$defaultWebsite = 'website';

// then, check to see if the fields have no length, or are equal to the default value
// if so then set it to NULL, otherwise add it to the query and pre/append with 's
$email = strlen($_POST['email']) > 0 || $_POST['email'] != 'email' ? "'$_POST[email]'" : "NULL";
$website = strlen($_POST['website']) > 0 || $_POST['website'] != 'website' ? "'$_POST[website]'" : "NULL";

// build the query :: NOTICE THAT $email AND $website DON'T HAVE ' AROUND THEM, LOOK ABOVE!
$sql = "INSERT INTO `entries` SET
`uname` = '$_POST[uname]',
`email` = $email,
`website` = $website`
`entry` = '$_POST[entry]',
`dates` = NOW()";
// END MRJAMIN'S MOD
$result = @mysql_query($sql) or die("Error with mysql query on line ".__LINE__.". <BR />".mysql_error());
}

$sql = "SELECT uname,email,website,entry,dates FROM entries ORDER BY id ".$listing;
$result = @mysql_query($sql) or die("Error with mysql query on line ". __LINE__.".<BR />". mysql_error());

if(@mysql_num_rows($result) >0){
while($row = mysql_fetch_assoc($result)){
foreach($row as $key => $val){
$row[$key] = htmlentities(trim(stripslashes($val)));
}
$email = "<a href=\"" . mail_mash($row['email']) . "\">email</a>";
echo '<TABLE BORDER="0" CELLSPACING="0" CELLPADDING="0" WIDTH="250">'."\n";
echo ' <TR WIDTH="250">'."\n";
echo ' <TD HEIGHT="13" ALIGN="left" BGCOLOR="#455058"><FONT>&nbsp;<B>'.$row['uname'].'</B></FONT></B></TD>'."\n";
echo ' <TD HEIGHT="13" ALIGN="right" BGCOLOR="#455058"><FONT>'.$row['dates'].'&nbsp;</FONT></TD>'."\n";
echo ' </TR>'."\n";
echo ' <TR WIDTH="250">'."\n";
echo ' <TD ALIGN="left" WIDTH="250" COLSPAN="2"><DIV ALIGN="justify" WIDTH="250"><FONT>&nbsp;'.$row['entry'].'</FONT><BR><BR></DIV></TD>'."\n";
echo ' </TR>'."\n";
echo ' <TR WIDTH="250">'."\n";
echo ' <TD ALIGN="center" WIDTH="250" COLSPAN="2"><IMG SRC="../pics/999999.gif" HEIGHT="1" WIDTH="250"><BR><FONT>';
// MRJAMIN'S MOD
echo isset($row['website']) != 0 ? "<A HREF=\"".$row['website']."\" TARGET=\"_blank\">Website</A>\n" : NULL;
echo isset($row['email']) && isset($row['website']) ? "&nbsp;|&nbsp;" : NULL;
echo isset($row['email']) != 0 ? $email : NULL;
// END MRJAMIN'S MOD
echo '</FONT><BR><IMG SRC="../pics/999999.gif" HEIGHT="1" WIDTH="250"><BR><BR></TD>'."\n";
echo ' </TR>'."\n";
echo '</TABLE>'."\n";
}
}
else {
echo "<FONT>No entries yet.</FONT>\n";
}
?>


that should fix it. I've not tested it in any way, so it may or may not work. Lemme know if it doesn't. I've commented the bits I added.

Don't feel stupid mate, I'm happy to help :)

MrJ

Noumenon
10-09-2004, 01:30 AM
Great! I'll check it tomorrow though.
Have to go to bed now (damn those nagging girlfriends) ;)

mrjamin
10-09-2004, 01:35 AM
Great! I'll check it tomorrow though.
Have to go to bed now (damn those nagging girlfriends) ;)
Top stuff, hope it works. Have just added a couple more improvements:
o Added some code to tidy up the data from the MySQL database
o Made it 'mash up' email addresses so they're harder for spam bots to pick up, but still viewable by users over a web browser. If you mouseover them and look at what the status bar says, it looks like perfectly normal, do a view source on the end result, and you won't be able to spot the address!

Noumenon
10-09-2004, 02:00 AM
it still prints the url and the mail adress.
and the mailadress isn't a link anymore.

mrjamin
10-09-2004, 10:39 AM
it still prints the url and the mail adress.
and the mailadress isn't a link anymore.

try again using the code above again now, made some changes to it last night.

Noumenon
10-09-2004, 02:30 PM
Nope, still prints it out.

BTW the $defaultWebsite and $defaultEmail are never called.

And another thing.
isn't $email being defined twice?


$email = strlen($_POST['email']) > 0 || $_POST['email'] != ' email' ? "'$_POST[email]'" : "NULL";

$email = strlen($_POST['email']) > 0 || $_POST['email'] != ' email' ? "'$_POST[email]'" : "NULL";

mrjamin
10-09-2004, 02:53 PM
Nope, still prints it out.

BTW the $defaultWebsite and $defaultEmail are never called.

And another thing.
isn't $email being defined twice?


Well spotted, you passed the test. ahem.

anyway, try this:


<?php
// turn email address into spam-bot proof ones
function mail_mash($addy) {
$addy = 'mailto:'.$addy;
for($i=0;$i<strlen($addy);$i++){
$letters[]=$addy[$i];
}
while (list($key, $val) = each($letters)) {
$r = rand(0,20);
if($r > 9){
$letters[$key] = '&#'.ord($letters[$key]).';';
}
}
$mashed_email_addy = implode('', $letters);
return $mashed_email_addy;
}
$host = 'localhost'; // This should be either localhost or 127.0.0.1
$username = 'root'; // Your database username
$password = ''; // Your database password
$dbname = 'guestbook'; // Your database name

$listing = 'DESC'; // Choose how you want your guestbook results to show. ASC = ascending (Older entries at the top of the page), DESC = descending (New entries on the top of the page)

$link = @mysql_connect($host,$username,$password) or die("Unable to connect to the database. Reason: ".mysql_error());
mysql_select_db($dbname,$link) or die("Unable to find database. Reason: ".mysql_error());

if(isset($_POST['submit'])){
// MRJAMIN'S MOD
// Loop through the post vars and escape slashes which might confuse MySQL
foreach($_POST as $key => $val){
$_POST[$key] = addslashes($val);
}
// set the default 'email' form field value so we can check to see if its been changed by the user
$defaultEmail = 'email';
// then do the same for the website field
$defaultWebsite = 'website';

// then, check to see if the fields have no length, or are equal to the default value
// if so then set it to NULL, otherwise add it to the query and pre/append with 's
$email = strlen($_POST['email']) > 0 || $_POST['email'] != $defaultEmail ? "'$_POST[email]'" : "NULL";
$website = strlen($_POST['website']) > 0 || $_POST['website'] != $defaultWebsite ? "'$_POST[website]'" : "NULL";

// build the query :: NOTICE THAT $email AND $website DON'T HAVE ' AROUND THEM, LOOK ABOVE!
$sql = "INSERT INTO `entries` SET
`uname` = '$_POST[uname]',
`email` = $email,
`website` = $website`
`entry` = '$_POST[entry]',
`dates` = NOW()";
// END MRJAMIN'S MOD
$result = @mysql_query($sql) or die("Error with mysql query on line ".__LINE__.". <BR />".mysql_error());
}

$sql = "SELECT uname,email,website,entry,dates FROM entries ORDER BY id ".$listing;
$result = @mysql_query($sql) or die("Error with mysql query on line ". __LINE__.".<BR />". mysql_error());

if(@mysql_num_rows($result) >0){
while($row = mysql_fetch_assoc($result)){
foreach($row as $key => $val){
$row[$key] = htmlentities(trim(stripslashes($val)));
}
$email = "<a href=\"" . mail_mash($row['email']) . "\">email</a>";
echo '<TABLE BORDER="0" CELLSPACING="0" CELLPADDING="0" WIDTH="250">'."\n";
echo ' <TR WIDTH="250">'."\n";
echo ' <TD HEIGHT="13" ALIGN="left" BGCOLOR="#455058"><FONT>&nbsp;<B>'.$row['uname'].'</B></FONT></B></TD>'."\n";
echo ' <TD HEIGHT="13" ALIGN="right" BGCOLOR="#455058"><FONT>'.$row['dates'].'&nbsp;</FONT></TD>'."\n";
echo ' </TR>'."\n";
echo ' <TR WIDTH="250">'."\n";
echo ' <TD ALIGN="left" WIDTH="250" COLSPAN="2"><DIV ALIGN="justify" WIDTH="250"><FONT>&nbsp;'.$row['entry'].'</FONT><BR><BR></DIV></TD>'."\n";
echo ' </TR>'."\n";
echo ' <TR WIDTH="250">'."\n";
echo ' <TD ALIGN="center" WIDTH="250" COLSPAN="2"><IMG SRC="../pics/999999.gif" HEIGHT="1" WIDTH="250"><BR><FONT>';
// MRJAMIN'S MOD
echo isset($row['website']) != 0 ? "<A HREF=\"".$row['website']."\" TARGET=\"_blank\">Website</A>\n" : NULL;
echo isset($row['email']) && isset($row['website']) ? "&nbsp;|&nbsp;" : NULL;
echo isset($row['email']) != 0 ? $email : NULL;
// END MRJAMIN'S MOD
echo '</FONT><BR><IMG SRC="../pics/999999.gif" HEIGHT="1" WIDTH="250"><BR><BR></TD>'."\n";
echo ' </TR>'."\n";
echo '</TABLE>'."\n";
}
}
else {
echo "<FONT>No entries yet.</FONT>\n";
}
?>


Run this query in phpMyAdmin (click on the SQL tab once you've selected the right database:



UPDATE `entries` SET `email` = NULL WHERE `email` = '' OR `email` = 'email';

then...


UPDATE `entries` SET `website` = NULL WHERE `website` = '' OR `website` = 'website'


That'll replace all the existing entries with no value, or equal to the fieldname default to NULL so the data gets processed properly on the way out of the DB.

How does that work for you?

Noumenon
10-09-2004, 03:42 PM
it's still the same :confused:



<HTML>
<HEAD>
<TITLE>CLAYMEN</TITLE>
<LINK REL="stylesheet" HREF="../style.css" TYPE="text/css">
</HEAD>
<BODY>
<TABLE HEIGHT="100%" WIDTH="100%" BORDER="0" CELLSPACING="0" CELLPADDING="0">
<TR>
<TD ALIGN="center" VALIGN="top">
<?php
// turn email address into spam-bot proof ones
function mail_mash($addy)
{
$addy = 'mailto:' . $addy;
for($i = 0;$i < strlen($addy);$i++) {
$letters[] = $addy[$i];
} while (list($key, $val) = each($letters)) {
$r = rand(0, 20);
if ($r > 9) {
$letters[$key] = '&#' . ord($letters[$key]) . ';';
}
}
$mashed_email_addy = implode('', $letters);
return $mashed_email_addy;
}

$host = 'localhost'; // This should be either localhost or 127.0.0.1
$username = 'root'; // Your database username
$password = ''; // Your database password
$dbname = 'guestbook'; // Your database name
$listing = 'DESC'; // Choose how you want your guestbook results to show. ASC = ascending (Older entries at the top of the page), DESC = descending (New entries on the top of the page)
$link = @mysql_connect($host, $username, $password) or die("Unable to connect to the database. Reason: " . mysql_error());
mysql_select_db($dbname, $link) or die("Unable to find database. Reason: " . mysql_error());

if (isset($_POST['submit'])) {
// MRJAMIN'S MOD
// Loop through the post vars and escape slashes which might confuse MySQL
foreach($_POST as $key => $val){
$_POST[$key] = addslashes($val);
}
// set the default 'email' form field value so we can check to see if its been changed by the user
$defaultEmail = '&nbsp;E-mail';
// then do the same for the website field
$defaultWebsite = '&nbsp;Website';

// then, check to see if the fields have no length, or are equal to the default value
// if so then set it to NULL, otherwise add it to the query and pre/append with 's
$email = strlen($_POST['email']) > 0 || $_POST['email'] != $defaultEmail ? "'$_POST[email]'" : "NULL";
$website = strlen($_POST['website']) > 0 || $_POST['website'] != $defaultWebsite ? "'$_POST[website]'" : "NULL";

// build the query :: NOTICE THAT $email AND $website DON'T HAVE ' AROUND THEM, LOOK ABOVE!
$sql = "INSERT INTO `entries` SET
`uname` = '$_POST[uname]',
`email` = $email,
`website` = $website,
`entry` = '$_POST[entry]',
`dates` = NOW()";
// END MRJAMIN'S MOD

$result = @mysql_query($sql) or die("Error with mysql query on line " . __LINE__ . ". <BR />" . mysql_error());
}

$sql = "SELECT uname,email,website,entry,dates FROM entries ORDER BY id " . $listing;
$result = @mysql_query($sql) or die("Error with mysql query on line " . __LINE__ . ".<BR />" . mysql_error());

if (@mysql_num_rows($result) > 0) {
while ($row = mysql_fetch_assoc($result)) {
foreach($row as $key => $val) {
$row[$key] = htmlentities(trim(stripslashes($val)));
}
$email = "<A HREF=\"" . mail_mash($row['email']) . "\">E-mail</A>";
echo '<TABLE BORDER="0" CELLSPACING="0" CELLPADDING="0" WIDTH="250">'."\n";
echo ' <TR>'."\n";
echo ' <TD HEIGHT="13" ALIGN="left" BGCOLOR="#455058"><FONT>&nbsp;<B>' . $row['uname'] . '</B></FONT></B></TD>'."\n";
echo ' <TD HEIGHT="13" ALIGN="right" BGCOLOR="#455058"><FONT>' . $row['dates'] . '&nbsp;</FONT></TD>'."\n";
echo ' </TR>'."\n";
echo ' <TR>'."\n";
echo ' <TD ALIGN="left" COLSPAN="2"><DIV ALIGN="justify" WIDTH="250"><FONT>&nbsp;' . $row['entry'] . '</FONT><BR><BR></DIV></TD>'."\n";
echo ' </TR>'."\n";
echo ' <TR>'."\n";
echo ' <TD ALIGN="center" COLSPAN="2"><IMG SRC="../pics/999999.gif" HEIGHT="1" WIDTH="250"><BR><FONT>';
// MRJAMIN'S MOD
echo isset($row['website']) != 0 ? "<A HREF=\"".$row['website']."\" TARGET=\"_blank\">Website</A>\n" : NULL;
echo isset($row['email']) && isset($row['website']) ? "&nbsp;|&nbsp;" : NULL;
echo isset($row['email']) != 0 ? $email : NULL;
// END MRJAMIN'S MOD
echo '</FONT><BR><IMG SRC="../pics/999999.gif" HEIGHT="1" WIDTH="250"><BR><BR></TD>'."\n";
echo ' </TR>'."\n";
echo '</TABLE>'."\n";
}
}
else {
echo "<FONT>No entries yet.</FONT>\n";
}
?>
</TD>
<TD ALIGN="right" VALIGN="top">
<FORM ACTION="<?php echo $_SERVER['PHP_SELF']; ?>" METHOD="post">
<INPUT TYPE="text" NAME="uname" SIZE="22" VALUE="&nbsp;Name" CLASS="formstyle" STYLE="-moz-opacity:0.6;filter:alpha(opacity=60)" onMouseOver="this.style.MozOpacity=1;this.filters.alpha.opacity=100" onMouseOut="this.style.MozOpacity=0.6;this.filters.alpha.opacity=60" onFocus="javascript:this.select()"><BR>
<INPUT TYPE="text" NAME="email" SIZE="22" VALUE="&nbsp;E-mail" CLASS="formstyle" STYLE="-moz-opacity:0.6;filter:alpha(opacity=60)" onMouseOver="this.style.MozOpacity=1;this.filters.alpha.opacity=100" onMouseOut="this.style.MozOpacity=0.6;this.filters.alpha.opacity=60" onFocus="javascript:this.select()"><BR>
<INPUT TYPE="text" NAME="website" SIZE="22" VALUE="&nbsp;Website" CLASS="formstyle" STYLE="-moz-opacity:0.6;filter:alpha(opacity=60)" onMouseOver="this.style.MozOpacity=1;this.filters.alpha.opacity=100" onMouseOut="this.style.MozOpacity=0.6;this.filters.alpha.opacity=60" onFocus="javascript:this.select()"><BR>
<TEXTAREA NAME="entry" ROWS="7" COLS="19" CLASS="formstyle" STYLE="-moz-opacity:0.6;filter:alpha(opacity=60)" onMouseOver="this.style.MozOpacity=1;this.filters.alpha.opacity=100" onMouseOut="this.style.MozOpacity=0.6;this.filters.alpha.opacity=60" onFocus="javascript:this.select()">&nbsp;Message</TEXTAREA><BR>
<INPUT TYPE="submit" NAME="submit" VALUE="&nbsp;Post&nbsp;" CLASS="submitstyle" STYLE="-moz-opacity:0.6;filter:alpha(opacity=60)" onMouseOver="this.style.MozOpacity=1;this.filters.alpha.opacity=100" onMouseOut="this.style.MozOpacity=0.6;this.filters.alpha.opacity=60">
</FORM>
</TD>
</TR>
</TABLE>
</BODY>
</HTML>



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum