Results 1 to 6 of 6

Thread: PHP Guestbook

  1. #1

    PHP Guestbook

    hi there,

    I've just followed a tutorial to create a PHP/MySQL guestbook which seemed to be working but it seems the entries aren't being added to the database as I check the contents of the table in phpmyadmin, each is empty apart from the id and date/time fields.

    you can view the guestbook here : http://www.predator-uk.net/naa/index.php?p=guestbook

    I was assuming it would be the script used to add the data to the database that is the problem but I can't seem to find whats wrong. This is the script used to process the form data :

    PHP Code:
    mysql_connect("$host""$username""$password")or die("cannot connect server ");
    mysql_select_db("$db_name")or die("cannot select DB");

    $datetime=date("y-m-d h:i:s");

    $sql="INSERT INTO $tbl_name(name, email, comment, datetime) VALUES 

    ('
    $name', '$email', '$comment', '$datetime')";
    $result=mysql_query($sql);

    if(
    $result){
    echo 
    "Successful";
    echo 
    "<BR>";
    echo 
    "<a href='index.php?p=viewguestbook'>View guestbook</a>"
    }

    else {
    echo 
    "ERROR";
    }

    mysql_close(); 
    Hope someone can help,

    Cheers,

    Jeff

  2. #2
    I recommend you to use mysql_error() command, which returns you last error on query. See if
    PHP Code:
    $result mysql_query($sql)or die(mysql_error()); 
    gives you any errors

  3. #3
    I'm not so good at this sql thing, but could it be because you forgot to whrite $ in front of $sql="INSERT INTO $tbl_name(name, email, comment, datetime) VALUES ?

    EDIT: i mean in front of the variables
    name, email, comment and datetime
    Last edited by gonzolo; July 21st, 2009 at 06:06 PM.
    Catchy... eh?

  4. #4
    First thing, I dont know if you created the variable $name or $comment.. it should be..

    $name = $_POST['form_name_field'];
    $comment = $_POST['form_comment_field'];
    $email = $_POST['form_email_field'];

  5. #5
    thanks for that irkevin,

    I added that and it works fine now.

  6. Another bit of advice:

    Be sure to sanitize your input before sending it to your database. Don't want to deal with any nasty SQL injection attacks... even though you're not a prime target, you still may get some random trouble maker causing problems if they find out you're doing things the way you are.

    A quick read that should help you take the first step in your PHP / MySQL security journey:

    - http://www.tizag.com/mysqlTutorial/m...-injection.php
    "Give me the place to stand, and I shall move the earth" - Archimedes
    "The whole problem with the world is that fools and fanatics are always so certain of themselves, but wiser people so full of doubts." - Bertrand Russell

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Home About kirupa.com Meet the Moderators Advertise

 Link to Us

 Credits

Copyright 1999 - 2012