<HTML>
<HEAD>
<TITLE>CLAYMEN</TITLE>
<LINK REL="stylesheet" HREF="../style.css" TYPE="text/css">
</HEAD>
<BODY>
<TABLE HEIGHT="100%" WIDTH="100%" BORDER="0" CELLSPACING="0" CELLPADDING="0">
<TR>
<TD ALIGN="center" VALIGN="top">
<?php
$host = 'localhost'; // This should be either localhost or 127.0.0.1
$username = 'root'; // Your database username
$password = ''; // Your database password
$dbname = 'guestbook'; // Your database name
$listing = 'DESC'; // Choose how you want your guestbook results to show. ASC = ascending (Older entries at the top of the page), DESC = descending (New entries on the top of the page)
$link = @mysql_connect($host,$username,$password) or die("Unable to connect to the database. Reason: ".mysql_error());
mysql_select_db($dbname,$link) or die("Unable to find database. Reason: ".mysql_error());
if(isset($_POST['submit'])){
$sql = "INSERT INTO entries (id,uname,email,website,entry,dates) VALUES ('','".$_POST['uname']."','".$_POST['email']."','".$_POST['website']."','".$_POST['entry']."',NOW())";
$result = @mysql_query($sql) or die("Error with mysql query on line ".__LINE__.". <BR />".mysql_error());
}
$sql = "SELECT uname,email,website,entry,dates FROM entries ORDER BY id ".$listing;
$result = @mysql_query($sql) or die("Error with mysql query on line ". __LINE__.".<BR />". mysql_error());
And how do I make it so that there are links at the bottom for other pages when the content of the gb is more than a certain number of pixels or so? (like the google 1,2,3,4,5,6,7,8,9....)
$sql = "INSERT INTO entries (id,uname,email,website,entry,dates) VALUES ('','".$_POST['uname']."','".$_POST['email']."','".$_POST['website']."','".nl2br($_POST['entry'])."',NOW())";
2) Do a search on the forums for pagination. It works by number of records found, not pixels. Would modify it for you myself but haven't got the time tonight to do it
better yet, do the checking to see if a website/email address has been entered when the data is on the way into the database, provided you set the column to allow NULL values, you can do a simple isset() on the way out
There is a way to deal with the messagemessagemessage thing, however I can't think of the function (I thought it was stripos, but it wasn't). However, I do have the solution for the optional info. =)
PHP Code:
<?php
if (isset($row["website"])) { print " <strong><a href=\"". $row["website"] ."\">Website</a></strong>";}
if (isset($row["email"])) { print " <strong><a href=\"mailto:". $row["email"] ."\">E-Mail</a></strong>";}
?>
Edit: Typoed a var name. Never good to leave unfixed. =)
better yet, do the checking to see if a website/email address has been entered when the data is on the way into the database, provided you set the column to allow NULL values, you can do a simple isset() on the way out
Change the 'varchar(255)' bits to whatever field type/length they were before, although it doesn't explicitly say it, the above will 'allow' them to have NULL values as it removes the NOT NULL that they may have been created with.
Anyway. Next, do some basic error checking before you build the insert query:
PHP Code:
<?php
// Loop through the post vars and escape slashes which might confuse MySQL
foreach($_POST as $key => $val){
$_POST[$key] = addslashes($val);
}
// set the default 'email' form field value so we can check to see if its been changed by the user
$defaultEmail = 'email';
// then do the same for the website field
$defaultWebsite = 'website';
// then, check to see if the fields have no length, or are equal to the default value
// if so then set it to NULL, otherwise add it to the query and pre/append with 's
$email = strlen($_POST['email']) > 0 || $_POST['email'] != 'email' ? "'$_POST[email]'" : "NULL";
$website = strlen($_POST['website']) > 0 || $_POST['website'] != 'website' ? "'$_POST[website]'" : "NULL";
// build the query :: NOTICE THAT $email AND $website DON'T HAVE ' AROUND THEM, LOOK ABOVE!
$sql = "INSERT INTO `entries` SET
`uname` = '$_POST[uname]',
`email` = $email,
`website` = $website`
`entry` = '" . nl2br($_POST['entry']) . "',
`dates` = NOW()";
?>
but you might get some PHP notices if your server's error reporting is too aggressive, its generally bad practice to write could that'd output notices (even if displaying notices are turned off) anyway so probably best avoided full stop and sticking with isset(). ANOTHER EDIT: fixed error checking typo
In phpmyadmin it shows the guestbook DB and the table entries.
for the field email and website null was set to "not null" and now changed to "null".. and still varchar(250)... is this what you meant?
Actually, I don't get it at all *lol*
Have no idea what to do with that code and the previous code. heh.
In phpmyadmin it shows the guestbook DB and the table entries.
for the field email and website null was set to "not null" and now changed to "null".. and still varchar(250)... is this what you meant?
<?php
$host = 'localhost'; // This should be either localhost or 127.0.0.1
$username = 'root'; // Your database username
$password = ''; // Your database password
$dbname = 'guestbook'; // Your database name
$listing = 'DESC'; // Choose how you want your guestbook results to show. ASC = ascending (Older entries at the top of the page), DESC = descending (New entries on the top of the page)
$link = @mysql_connect($host,$username,$password) or die("Unable to connect to the database. Reason: ".mysql_error());
mysql_select_db($dbname,$link) or die("Unable to find database. Reason: ".mysql_error());
if(isset($_POST['submit'])){
$sql = "INSERT INTO entries (id,uname,email,website,entry,dates) VALUES ('','".$_POST['uname']."','".$_POST['email']."','".$_POST['website']."','".nl2br($_POST['entry'])."',NOW())";
$result = @mysql_query($sql) or die("Error with mysql query on line ".__LINE__.". <BR />".mysql_error());
}
$sql = "SELECT uname,email,website,entry,dates FROM entries ORDER BY id ".$listing;
$result = @mysql_query($sql) or die("Error with mysql query on line ". __LINE__.".<BR />". mysql_error());
<?php
// turn email address into spam-bot proof ones
function mail_mash($addy) {
$addy = 'mailto:'.$addy;
for($i=0;$i<strlen($addy);$i++){
$letters[]=$addy[$i];
}
while (list($key, $val) = each($letters)) {
$r = rand(0,20);
if($r > 9){
$letters[$key] = '&#'.ord($letters[$key]).';';
}
}
$mashed_email_addy = implode('', $letters);
return $mashed_email_addy;
}
$host = 'localhost'; // This should be either localhost or 127.0.0.1
$username = 'root'; // Your database username
$password = ''; // Your database password
$dbname = 'guestbook'; // Your database name
$listing = 'DESC'; // Choose how you want your guestbook results to show. ASC = ascending (Older entries at the top of the page), DESC = descending (New entries on the top of the page)
$link = @mysql_connect($host,$username,$password) or die("Unable to connect to the database. Reason: ".mysql_error());
mysql_select_db($dbname,$link) or die("Unable to find database. Reason: ".mysql_error());
if(isset($_POST['submit'])){
// MRJAMIN'S MOD
// Loop through the post vars and escape slashes which might confuse MySQL
foreach($_POST as $key => $val){
$_POST[$key] = addslashes($val);
}
// set the default 'email' form field value so we can check to see if its been changed by the user
$defaultEmail = 'email';
// then do the same for the website field
$defaultWebsite = 'website';
// then, check to see if the fields have no length, or are equal to the default value
// if so then set it to NULL, otherwise add it to the query and pre/append with 's
$email = strlen($_POST['email']) > 0 || $_POST['email'] != 'email' ? "'$_POST[email]'" : "NULL";
$website = strlen($_POST['website']) > 0 || $_POST['website'] != 'website' ? "'$_POST[website]'" : "NULL";
// build the query :: NOTICE THAT $email AND $website DON'T HAVE ' AROUND THEM, LOOK ABOVE!
$sql = "INSERT INTO `entries` SET
`uname` = '$_POST[uname]',
`email` = $email,
`website` = $website`
`entry` = '$_POST[entry]',
`dates` = NOW()";
// END MRJAMIN'S MOD
$result = @mysql_query($sql) or die("Error with mysql query on line ".__LINE__.". <BR />".mysql_error());
}
$sql = "SELECT uname,email,website,entry,dates FROM entries ORDER BY id ".$listing;
$result = @mysql_query($sql) or die("Error with mysql query on line ". __LINE__.".<BR />". mysql_error());
Great! I'll check it tomorrow though.
Have to go to bed now (damn those nagging girlfriends)
Top stuff, hope it works. Have just added a couple more improvements:
o Added some code to tidy up the data from the MySQL database
o Made it 'mash up' email addresses so they're harder for spam bots to pick up, but still viewable by users over a web browser. If you mouseover them and look at what the status bar says, it looks like perfectly normal, do a view source on the end result, and you won't be able to spot the address!
Before you post, read our: 
