Guestbook

Hello

I need help.
Well, I did accounting guests but needs to do a lot of changes and Mianowice book that consists ez and from 3 files below.
He wants - add validation e-mail address, because you know with who smoze insert your incorrect - where and how to insert the code should look something like this?

• Do filtering by id, date and email.
• What is the html I learned from the tables shall apply only to the data and the contemporary elements positioned using a div element. - How to convert this god for Divya

Please help me.

guestbook.php

<table width="400" border="0" align="center" cellpadding="3" cellspacing="0">
<tr>
<td><strong>Test Sign Guestbook </strong></td>
</tr>
</table>
<table width="400" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>


<form id="form1" name="form1" method="post" action="addbook.php">
<td>
<table width="400" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td width="117">email</td>
<td width="14">:</td>
<td width="357"><input name="email" type="text" id="email" size="40" /></td>
</tr>
<tr>

<td>Temat</td>
<td>:</td>
<td><input name="temat" type="text" id="temat" size="40" /></td>
</tr>

<tr>
<td valign="top">WPIS</td>
<td valign="top">:</td>
<td><textarea name="wpis" cols="40" rows="3" id="wpis"></textarea></td>
</tr>

<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td><input type="submit" name="Submit" value="Submit" />
<input type="reset" name="Submit2" value="Reset" /></td>
</tr>
</table>
</td>
</form>

</tr>

</table>
<table width="400" border="0" align="center" cellpadding="3" cellspacing="0">
<tr>
<td><strong><a href="wyswietl.php">Wywietl Ksiazke</a> </strong></td>
</tr>
</table>

addbook.php

<?php
$host="localhost"; // Host name
$username="root"; // Mysql username
$password="ryguohdfr"; // Mysql password
$db_name="kg"; // Database name
$tbl_name="ksiega"; // Table name

// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect server ");
mysql_select_db("$db_name")or die("cannot select DB");


$datetime=date("y-m-d h:i:s"); //date time
$email=$_POST['email'];
$temat=$_POST['temat'];
$wpis=$_POST['wpis'];

$sql="INSERT INTO $tbl_name(email, data, temat, wpis)VALUES('$email', '$datetime', '$temat', '$wpis')";
$result=mysql_query($sql);

//check if query successful
if($result){
echo "Successful";

echo "<BR>";

// link to view guestbook page
echo "<a href='wyswietl.php'>Wywietl wpisy</a>";

}

else {
echo "ERROR";
}

mysql_close();
?>

wyswietl.php

<?
//Definicja zmiennych (haslo,login,nazwe bazy i hosta)
$haslo='ryguohdfr';
$login='root';
$host='localhost';
$baza='kg';

//logowanie do serwera mysql
@ $bd = mysql_pconnect($host, $login, $haslo);
if (!$bd)
{
echo 'Połączenie z bazą danych jest teraz nie możliwe.';
exit;
}
mysql_select_db($baza);
//wysyłamy zapytanie
$zapytanie = 'SELECT * FROM `ksiega` WHERE 1 LIMIT 0, 100';
$dd = mysql_query($zapytanie);
$bb = mysql_fetch_array($dd);
while($bb)
{
$wpis=stripslashes($bb['wpis']);
$email=stripslashes($bb['email']);
$data=stripslashes ($bb['data']);
$temat=stripslashes ($bb['temat']);
//wyswietlamy wpis
echo '<br>Napisał z adresu: '.$email.'<br>TEMAT:'.$temat.'<br>';
echo 'DATA: '.$data.'<br>TRESC:'.$wpis.'<br>';
echo '--------------------------------- '.'<br>';
$bb = mysql_fetch_array($dd);
}
?>

– Table structure for table ksiega

CREATE TABLE `ksiega` (
`id` int(4) NOT NULL auto_increment,
`email` varchar(252) NOT NULL default '',
`data` timestamp(14) NOT NULL,
`temat` varchar(250) NOT NULL default '',
`wpis` text NOT NULL,
PRIMARY KEY (`id`)
) TYPE=MyISAM AUTO_INCREMENT=37 ;

When you say ‘add validation email address’, do you mean that you want to validate that the email adress is in a proper format (at least one @ symbol, and at least one . after it) or do you mean that you want to send a validation email so that the entry is only added to the guestbook if they click a link in that validation email?

Also, you need to look at using mysqli or PDO to access the database, mysql calls are deprecated and will stop being supported soon. Plenty of links in here, and a sticky thread pointing to some useful tutorials. Better to change now than when it all stops working. You’ve got no validation or anti-injection checks in the code that inserts into the guestbook, switching to one of the newer methods will help there.

Hello

Chiałbym insert the following code validation, but I do not know in which place?

Can anyone help?

$regEx = ‘/^[1][a-zA-Z0-9_]+(\.[a-zA-Z0-9_]+)\@[a-zA-Z0-9_]+(\.[a-zA-Z0-9_]+)\.[a-zA-Z]{2,4}$/’;
if(preg_match($regEx, $email))
{
echo “Email jest poprawny :)”;
}
else
{
echo “Email jest niepoprawny! :(”;
}

1. ^\W ↩︎

That would go in addbook.php, just after you’ve retrieved the variables from the $_POST array. Once you’ve done checks on any you need to check, if the validation fails you need to not add the entry to the database, just put the user back to the guestbook html form, perhaps with the boxes already filled in for them to correct.

$datetime=date("y-m-d h:i:s"); //date time
$email=$_POST['email'];
$temat=$_POST['temat'];
$wpis=$_POST['wpis'];

$regEx = '/^[^\\W][a-zA-Z0-9_]+(\\.[a-zA-Z0-9_]+)*\\@[a-zA-Z0-9_]+(\\.[a-zA-Z0-9_]+)*\\.[a-zA-Z]{2,4}$/';
if(preg_match($regEx, $email))
{
echo "Email jest poprawny ";
// then go on to validate or escape other data and do the insert statement to add the entry to the guestbook
}
else
{
echo "Email jest niepoprawny! ";
// then display the form again, so the user can correct their mistakes
}

Or you could do a similar thing in javascript as part of the form submission, so it would never get to your php unless validated. Still a good thing to validate, though, in case anyone managed to call addbook.php from a form that didn’t validate first.

ETA: I haven’t checked the regex, just copied it from your post.

Please enter all the code should look like.

First four lines in that code are from your addbook.php, you can add the rest from there. I can’t help you with Javascript.