FreePgs.com Forum

darkdemun · March 17, 2006, 08:06:54 PM

i am making my site before i get hosting on here, i need some help though i have made a form in html to submit a joke.
the form looks like:

Quote<FORM name="jokes" action="submit.php" method="">
*Your Name: <INPUT type="text" name="pname"><br><br>
*Your Email: <INPUT type="text" name="pemail"><br><br>
*Show your email: <INPUT type="checkbox" name="email?"><br><br>
*Category: <select name="categ">
<option name="none">----no category----
<option name="littlej">Little Johnny
<option name="yomama">Yo Mama
<option name="sickj">Sick Jokes
<option name="rjokes">Random jokes
<option name="bjokes">Bar Jokes
<option name="bljokes">Blonde Jokes
<option name="kijokes">Kids Jokes
<option name="rejokes">Redneck Jokes
<option name="vijokes">Viagra jokes
<option name="tajokes">Tasteless jokes
<option name="rejokes">religous jokes
<option name="pojokes">Political jokes
<option name="clajokes">Classic Jokes
</select><br><br>
*Joke Name: <INPUT type="text" name="jname"><br><br>
*Joke: <br> <br> <textarea name="joke" rows="10" cols="30"></textarea><br><br>
<INPUT type="submit" value="Submit"><br><br>

i need to know how to make a php form print that onto a new page then create a link in the actual website to get to the page.

Evilsprouts · March 17, 2006, 09:23:41 PM

What so you want the information in the form to be submitted to your site so every one can view it? I.e. you want it to be entered into a database?

darkdemun · March 17, 2006, 09:44:35 PM

yeah

Evilsprouts · March 17, 2006, 09:51:03 PM

Well you will need to setup a database via the options panel then "submit.php" must contain something like this:

Code Select

<?php
mysql_connect("localhost","DATABASE USERNAME","DATABASE PASSWORD");
@mysql_select_db(DATABASE NAME) or die( "Unable to select database"); 
mysql_query("INSERT INTO table_name VALUES ('','$pname','$pemail','$email?','$categ','$jname','$joke')");
mysql_close();
?>

And I'm not sure if the public email thing can have a "?" in the variable.

webzone (archived) · March 18, 2006, 12:52:46 AM

Quotemysql_query("INSERT INTO table_name VALUES ('','$pname','$pemail','$email?','$categ','$jname','$joke')");

This code wont work with register_globals=off and is vulnerable to SQL injection. The following example is safer:

Code Select

mysql_query("INSERT INTO table_name VALUES ('','".addslashes($_REQUEST['pname'])."','".addslashes($_REQUEST['pemail'])."','".addslashes($_REQUEST['email'])."','".addslashes($_REQUEST['categ'])."','".addslashes($_REQUEST['jname'])."','".addslashes($_REQUEST['joke'])."')");

darkdemun · March 18, 2006, 02:41:31 AM

tyvm, do you know how to make it automatically print onto a page like how a forum does it or a php guest book?

Evilsprouts · March 18, 2006, 10:16:11 AM

Quote from: webzone on March 18, 2006, 12:52:46 AM
Quotemysql_query("INSERT INTO table_name VALUES ('','$pname','$pemail','$email?','$categ','$jname','$joke')");

This code wont work with register_globals=off and is vulnerable to SQL injection. The following example is safer:

Code Select Expand
mysql_query("INSERT INTO table_name VALUES ('','".addslashes($_REQUEST['pname'])."','".addslashes($_REQUEST['pemail'])."','".addslashes($_REQUEST['email'])."','".addslashes($_REQUEST['categ'])."','".addslashes($_REQUEST['jname'])."','".addslashes($_REQUEST['joke'])."')");

Oh sorry, you learn something everyday.

Cheers for correcting me webzone.

darkdemun · March 20, 2006, 04:39:19 AM

tyvm, do you know how to make it automatically print onto a page like how a forum does it or a php guest book?

darkdemun · March 20, 2006, 07:05:43 PM

sorry for double post, when i posted it said the mail() has been disabled for security reasons so i tryed posting again

News:

php