Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    New Coder
    Join Date
    Aug 2004
    Location
    Uppsala, Sweden
    Posts
    94
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Guestbook ignore

    I have this guestbook at our website in which Name and Message are the text inside the boxes. Now, if one would press Send I'd get an entry that say "Name Message". This is not welcome, alot of "spam" this way How do I code the page so it checks if the submited form contains "Name" and "Message" and then ignore inserting it to the db if it's true?

    The website:
    http://skiss.threedaysindarkness.com

    The code:
    PHP Code:
    <?php 
        $host 
    'localhost'// This should be either localhost or 127.0.0.1
        
    $username ''// Your database username
        
    $password ''// Your database password
        
    $dbname ''// Your database name
        
    $link = @mysql_connect($host$username$password) or die("Unable to connect to the database. Reason: " mysql_error());
        
    mysql_select_db($dbname$link) or die("Unable to find database. Reason: " mysql_error());
        
        if (isset(
    $_POST['submit'])) {
            foreach(
    $_POST as $key => $val){
                 
    $_POST[$key] = addslashes($val);
            } 
            
    $ip $_SERVER['REMOTE_ADDR'];

            
    $sql "INSERT INTO `guestbook` SET
                `uname` = '$_POST[uname]',
                `entry` = '$_POST[entry]',
                `dates` = NOW(),
                `ip` = '$ip'"

                
            
    $result = @mysql_query($sql) or die("Error with mysql query on line ".__LINE__.". <BR />".mysql_error());
        }
    ?>
    <HTML>
    <HEAD>
    <TITLE>T H R E E D A Y S I N D A R K N E S S</TITLE>
    <LINK REL="stylesheet" HREF="style.css" TYPE="text/css">
    </HEAD>
    <BODY CLASS="b3">
    <TABLE HEIGHT="100%" WIDTH="100%" BORDER="0" CELLSPACING="6" CELLPADDING="0">
        <TR>
            <TD VALIGN="top">
                <FONT CLASS="f2">GUESTBOOK</FONT>            
            </TD>
            <TD>
                <FORM ACTION="<?php echo $PHP_SELF?>" METHOD="post" NAME="guestbook">
                    <INPUT TYPE="text" NAME="uname"    SIZE="22" MAXLENGTH="30" VALUE="&nbsp;Name" CLASS="formstyle" OnFocus="javascript:this.select()"><BR>
                    <TEXTAREA NAME="entry" ROWS="4" COLS="19" MAXLENGTH="80" CLASS="formstyle" OnFocus="javascript:this.select()">&nbsp;Message</TEXTAREA><BR>
                    <INPUT TYPE="submit" NAME="submit" VALUE="&nbsp;Send&nbsp;" CLASS="submitstyle">
                    <INPUT TYPE="reset" NAME="reset" VALUE="&nbsp;Reset&nbsp;" CLASS="submitstyle">
                </FORM>
            </TD>
        </TR>
        <TR>
            <TD COLSPAN="2" ALIGN="center" VALIGN="top">
                <?php 
                    $sql 
    "SELECT uname,entry, DATE_FORMAT(dates,'%a, %b %D, %Y') AS dates FROM guestbook ORDER BY id  DESC";
                    
    $result = @mysql_query($sql) or die("Error with mysql query on line "__LINE__.".<BR />"mysql_error());
        
                    if (@
    mysql_num_rows($result) > 0) {
                        while (
    $row mysql_fetch_assoc($result)) {
                            foreach(
    $row as $key => $val){
                                
    $row[$key] = htmlentities(trim(stripslashes($val)));
                            } 
                            echo 
    '<TABLE WIDTH="450" BORDER="0" CELLSPACING="6" CELLPADDING="0" STYLE="border-bottom:1px DASHED #000000">'."\n";
                            echo 
    '    <TR>'."\n";
                            echo 
    '        <TD ALIGN="left" VALIGN="middle">'."\n";
                            echo 
    '            <IMG SRC="images/icon.gif" WIDTH="11" HEIGHT="11">&nbsp;<FONT CLASS="f6">'.$row['uname'].'</FONT><BR>'."\n";
                            echo 
    '            <FONT CLASS="f3">'.$row['dates'].'</FONT><BR>'."\n";
                            echo 
    '        </TD>'."\n";
                            echo 
    '    </TR>'."\n";
                            echo 
    '    <TR>'."\n";
                            echo 
    '        <TD ALIGN="left" VALIGN="middle">'."\n";
                            echo 
    '            <DIV ALIGN="justify">'."\n";
                            echo 
    '                <FONT>'."\n";
                            echo                      
    nl2br($row['entry']);
                            echo 
    '                </FONT>'."\n";
                            echo 
    '            </DIV>'."\n";
                            echo 
    '        </TD>'."\n";
                            echo 
    '    </TR>'."\n";
                            echo 
    '</TABLE>'."\n";
                        } 
                    }
                    else {
                        echo 
    "<FONT>No entries yet.</FONT>\n";
                    } 
                
    ?>
                <BR>
            </TD>
        </TR>
    </TABLE>
    </BODY>
    </HTML>

  • #2
    New Coder
    Join Date
    Aug 2004
    Location
    Uppsala, Sweden
    Posts
    94
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I tried doing this. But all that is returned is "You did not enter a message. Please try again." no matter what I submit in the form.

    PHP Code:
    <?php
        
    if (isset($_POST['submit'])) {
            if (
    $_POST['uname'] == "Name" ||$_POST['uname'] == "&nbsp;Name" || $_POST['uname'] == ""){
                echo 
    '<FONT CLASS="f3">You did not enter your name.<BR>Please try again.</FONT>'."\n";
            }
            else{
                if (
    $_POST['message'] == "Message" ||$_POST['message'] == "&nbsp;Message" || $_POST['message'] == ""){
                    echo 
    '<FONT CLASS="f3">You did not enter a message.<BR>Please try again.</FONT>'."\n";
                }
                else{ 

                    foreach(
    $_POST as $key => $val){
                            
    $_POST[$key] = addslashes($val);
                    } 
                    
    $ip $_SERVER['REMOTE_ADDR'];

                    
    $sql "INSERT INTO `guestbook` SET
                        `uname` = '$_POST[uname]',
                        `entry` = '$_POST[entry]',
                        `dates` = NOW(),
                        `ip` = '$ip'"

                
                    
    $result = @mysql_query($sql) or die("Error with mysql query on line ".__LINE__.". <BR />".mysql_error());
                }
            }
        }
    ?>

  • #3
    Regular Coder
    Join Date
    Jan 2003
    Posts
    867
    Thanks
    4
    Thanked 8 Times in 8 Posts
    In your form you are referring to your textarea as "entry" but in your php code you are referring to it as "message". When you check the value of $_POST['message'] it will always be blank since you never pass a request variable of that name.

    <TEXTAREA NAME="entry" ROWS="4" COLS="19" MAXLENGTH="80" CLASS="formstyle" OnFocus="javascript:this.select()">&nbsp;Message</TEXTAREA>


    $_POST['message']

  • #4
    New Coder
    Join Date
    Aug 2004
    Location
    Uppsala, Sweden
    Posts
    94
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Yeah, missed that part. Clumsy.

    I redid it a bit now. But even if the values are what the if-statement look for it still insert it.
    PHP Code:
                <?php 
                    $name 
    $_POST['name'];
                    
    $entry $_POST['entry'];
                    
    $ip $_SERVER['REMOTE_ADDR'];

                    if (isset(
    $_POST['submit'])) {
                        if (
    $name == "Name" || $name == "&nbsp;Name" || empty($name) || $entry == "Message" || $entry == "&nbsp;Message" || empty($entry)){
                            echo 
    '<FONT CLASS="f3">You did not enter a message.<BR>Please try again.</FONT>'."\n";
                        }
                        else{
                            foreach(
    $_POST as $key => $val){
                                 
    $_POST[$key] = addslashes($val);
                            } 
                            
    $sql "INSERT INTO `guestbook` (`name`, `entry`, `dates`, `ip`) VALUES ('$name', '$entry', NOW(), '$ip')";
                            
    $result = @mysql_query($sql) or die("Error with mysql query on line ".__LINE__.". <BR />".mysql_error());
                        }
                    }
                
    ?>


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •