News:

LVCS.NET offers low cost domain registration services.

Main Menu

php

Started by darkdemun, March 17, 2006, 08:06:54 PM

Previous topic - Next topic

darkdemun

i am making my site before i get hosting on here, i need some help though i have made a form in html to submit a joke.
the form looks like:
Quote<FORM name="jokes" action="submit.php" method="">
*Your Name: <INPUT type="text" name="pname"><br><br>
*Your Email: <INPUT type="text" name="pemail"><br><br>
*Show your email: <INPUT type="checkbox" name="email?"><br><br>
*Category: <select name="categ">
<option name="none">----no category----
<option name="littlej">Little Johnny
<option name="yomama">Yo Mama
<option name="sickj">Sick Jokes
<option name="rjokes">Random jokes
<option name="bjokes">Bar Jokes
<option name="bljokes">Blonde Jokes
<option name="kijokes">Kids Jokes
<option name="rejokes">Redneck Jokes
<option name="vijokes">Viagra jokes
<option name="tajokes">Tasteless jokes
<option name="rejokes">religous jokes
<option name="pojokes">Political jokes
<option name="clajokes">Classic Jokes
</select><br><br>
*Joke Name: <INPUT type="text" name="jname"><br><br>
*Joke: <br> <br> <textarea name="joke" rows="10" cols="30"></textarea><br><br>
<INPUT type="submit" value="Submit"><br><br>

i need to know how to make a php form print that onto a new page then create a link in the actual website to get to the page.

Evilsprouts

What so you want the information in the form to be submitted to your site so every one can view it? I.e. you want it to be entered into a database?

darkdemun


Evilsprouts

#3
Well you will need to setup a database via the options panel then "submit.php" must contain something like this:

<?php
mysql_connect
("localhost","DATABASE USERNAME","DATABASE PASSWORD");
@
mysql_select_db(DATABASE NAME) or die( "Unable to select database"); 
mysql_query("INSERT INTO table_name VALUES ('','$pname','$pemail','$email?','$categ','$jname','$joke')");
mysql_close();
?>



And I'm not sure if the public email thing can have a "?" in the variable.

webzone (archived)

Quotemysql_query("INSERT INTO table_name VALUES ('','$pname','$pemail','$email?','$categ','$jname','$joke')");

This code wont work with register_globals=off and is vulnerable to SQL injection. The following example is safer:

mysql_query("INSERT INTO table_name VALUES ('','".addslashes($_REQUEST['pname'])."','".addslashes($_REQUEST['pemail'])."','".addslashes($_REQUEST['email'])."','".addslashes($_REQUEST['categ'])."','".addslashes($_REQUEST['jname'])."','".addslashes($_REQUEST['joke'])."')");

darkdemun

tyvm, do you know how to make it automatically print onto a page like how a forum does it or a php guest book?

Evilsprouts

Quote from: webzone on March 18, 2006, 12:52:46 AM
Quotemysql_query("INSERT INTO table_name VALUES ('','$pname','$pemail','$email?','$categ','$jname','$joke')");

This code wont work with register_globals=off and is vulnerable to SQL injection. The following example is safer:

mysql_query("INSERT INTO table_name VALUES ('','".addslashes($_REQUEST['pname'])."','".addslashes($_REQUEST['pemail'])."','".addslashes($_REQUEST['email'])."','".addslashes($_REQUEST['categ'])."','".addslashes($_REQUEST['jname'])."','".addslashes($_REQUEST['joke'])."')");

Oh sorry, you learn something everyday.

Cheers for correcting me webzone.

darkdemun

tyvm, do you know how to make it automatically print onto a page like how a forum does it or a php guest book?

darkdemun

sorry for double post, when i posted it said the mail() has been disabled for security reasons  so i tryed posting again