...

View Full Version : Guestbook ignore



Noumenon
02-15-2006, 11:50 PM
I have this guestbook at our website in which Name and Message are the text inside the boxes. Now, if one would press Send I'd get an entry that say "Name Message". This is not welcome, alot of "spam" this way ;) How do I code the page so it checks if the submited form contains "Name" and "Message" and then ignore inserting it to the db if it's true?

The website:
http://skiss.threedaysindarkness.com

The code:


<?php
$host = 'localhost'; // This should be either localhost or 127.0.0.1
$username = ''; // Your database username
$password = ''; // Your database password
$dbname = ''; // Your database name
$link = @mysql_connect($host, $username, $password) or die("Unable to connect to the database. Reason: " . mysql_error());
mysql_select_db($dbname, $link) or die("Unable to find database. Reason: " . mysql_error());

if (isset($_POST['submit'])) {
foreach($_POST as $key => $val){
$_POST[$key] = addslashes($val);
}
$ip = $_SERVER['REMOTE_ADDR'];

$sql = "INSERT INTO `guestbook` SET
`uname` = '$_POST[uname]',
`entry` = '$_POST[entry]',
`dates` = NOW(),
`ip` = '$ip'";

$result = @mysql_query($sql) or die("Error with mysql query on line ".__LINE__.". <BR />".mysql_error());
}
?>
<HTML>
<HEAD>
<TITLE>T H R E E D A Y S I N D A R K N E S S</TITLE>
<LINK REL="stylesheet" HREF="style.css" TYPE="text/css">
</HEAD>
<BODY CLASS="b3">
<TABLE HEIGHT="100%" WIDTH="100%" BORDER="0" CELLSPACING="6" CELLPADDING="0">
<TR>
<TD VALIGN="top">
<FONT CLASS="f2">GUESTBOOK</FONT>
</TD>
<TD>
<FORM ACTION="<?php echo $PHP_SELF; ?>" METHOD="post" NAME="guestbook">
<INPUT TYPE="text" NAME="uname" SIZE="22" MAXLENGTH="30" VALUE="&nbsp;Name" CLASS="formstyle" OnFocus="javascript:this.select()"><BR>
<TEXTAREA NAME="entry" ROWS="4" COLS="19" MAXLENGTH="80" CLASS="formstyle" OnFocus="javascript:this.select()">&nbsp;Message</TEXTAREA><BR>
<INPUT TYPE="submit" NAME="submit" VALUE="&nbsp;Send&nbsp;" CLASS="submitstyle">
<INPUT TYPE="reset" NAME="reset" VALUE="&nbsp;Reset&nbsp;" CLASS="submitstyle">
</FORM>
</TD>
</TR>
<TR>
<TD COLSPAN="2" ALIGN="center" VALIGN="top">
<?php
$sql = "SELECT uname,entry, DATE_FORMAT(dates,'%a, %b %D, %Y') AS dates FROM guestbook ORDER BY id DESC";
$result = @mysql_query($sql) or die("Error with mysql query on line ". __LINE__.".<BR />". mysql_error());

if (@mysql_num_rows($result) > 0) {
while ($row = mysql_fetch_assoc($result)) {
foreach($row as $key => $val){
$row[$key] = htmlentities(trim(stripslashes($val)));
}
echo '<TABLE WIDTH="450" BORDER="0" CELLSPACING="6" CELLPADDING="0" STYLE="border-bottom:1px DASHED #000000">'."\n";
echo ' <TR>'."\n";
echo ' <TD ALIGN="left" VALIGN="middle">'."\n";
echo ' <IMG SRC="images/icon.gif" WIDTH="11" HEIGHT="11">&nbsp;<FONT CLASS="f6">'.$row['uname'].'</FONT><BR>'."\n";
echo ' <FONT CLASS="f3">'.$row['dates'].'</FONT><BR>'."\n";
echo ' </TD>'."\n";
echo ' </TR>'."\n";
echo ' <TR>'."\n";
echo ' <TD ALIGN="left" VALIGN="middle">'."\n";
echo ' <DIV ALIGN="justify">'."\n";
echo ' <FONT>'."\n";
echo nl2br($row['entry']);
echo ' </FONT>'."\n";
echo ' </DIV>'."\n";
echo ' </TD>'."\n";
echo ' </TR>'."\n";
echo '</TABLE>'."\n";
}
}
else {
echo "<FONT>No entries yet.</FONT>\n";
}
?>
<BR>
</TD>
</TR>
</TABLE>
</BODY>
</HTML>

Noumenon
02-16-2006, 01:30 PM
I tried doing this. But all that is returned is "You did not enter a message. Please try again." no matter what I submit in the form.



<?php
if (isset($_POST['submit'])) {
if ($_POST['uname'] == "Name" ||$_POST['uname'] == "&nbsp;Name" || $_POST['uname'] == ""){
echo '<FONT CLASS="f3">You did not enter your name.<BR>Please try again.</FONT>'."\n";
}
else{
if ($_POST['message'] == "Message" ||$_POST['message'] == "&nbsp;Message" || $_POST['message'] == ""){
echo '<FONT CLASS="f3">You did not enter a message.<BR>Please try again.</FONT>'."\n";
}
else{

foreach($_POST as $key => $val){
$_POST[$key] = addslashes($val);
}
$ip = $_SERVER['REMOTE_ADDR'];

$sql = "INSERT INTO `guestbook` SET
`uname` = '$_POST[uname]',
`entry` = '$_POST[entry]',
`dates` = NOW(),
`ip` = '$ip'";

$result = @mysql_query($sql) or die("Error with mysql query on line ".__LINE__.". <BR />".mysql_error());
}
}
}
?>

arnyinc
02-16-2006, 03:13 PM
In your form you are referring to your textarea as "entry" but in your php code you are referring to it as "message". When you check the value of $_POST['message'] it will always be blank since you never pass a request variable of that name.

<TEXTAREA NAME="entry" ROWS="4" COLS="19" MAXLENGTH="80" CLASS="formstyle" OnFocus="javascript:this.select()">&nbsp;Message</TEXTAREA>


$_POST['message']

Noumenon
02-16-2006, 04:01 PM
Yeah, missed that part. Clumsy.

I redid it a bit now. But even if the values are what the if-statement look for it still insert it.


<?php
$name = $_POST['name'];
$entry = $_POST['entry'];
$ip = $_SERVER['REMOTE_ADDR'];

if (isset($_POST['submit'])) {
if ($name == "Name" || $name == "&nbsp;Name" || empty($name) || $entry == "Message" || $entry == "&nbsp;Message" || empty($entry)){
echo '<FONT CLASS="f3">You did not enter a message.<BR>Please try again.</FONT>'."\n";
}
else{
foreach($_POST as $key => $val){
$_POST[$key] = addslashes($val);
}
$sql = "INSERT INTO `guestbook` (`name`, `entry`, `dates`, `ip`) VALUES ('$name', '$entry', NOW(), '$ip')";
$result = @mysql_query($sql) or die("Error with mysql query on line ".__LINE__.". <BR />".mysql_error());
}
}
?>



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum