Hunter
February 21st, 2010, 08:28 PM
Just finished writting this in Notepad++ (Which is awesome). I currently have no way of testing it, so please can PHP guru's just scan through it and tell me if there are any problems in the code.
<?php
//Global variables
$dbname = "exclusivedb";
$timezone = "GMT";
$thnkmess = "Thank-you for your comment $name!"; //Thank-you message to be displayed
//Database connection
$dbhost = "localhost";
$dbuser = "username"; //Database username goes here
$dbpass = "password"; //Database password goes here
//Styles
$error = "<p style=\"color:#CC0000; padding:0px; margin:0px; font-size:11px;\"/>";
$succ = "<p style=\"color:#006600; padding:0px; margin:0px; font-size:11px;\"/>";
//#############################\\
//###Check comment table exists###\\
//#############################\\
//Function to check that table exists, should create it when script is first run
function checkTable($tableName, $db) {
$tb = mysql_list_tables ($db);
while (list($temp) = mysql_fetch_array ($tables)) {
if ($temp == $table) {
return true;
}
}
return false;
}
//Connect to database
$con = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error connecting to mysql database');
if (table_exists(checkTable(comments, $dbname)) {
echo $succ."Connected!</p>";
}
else {
echo $error."Error connecting creating table!</p>
<a href=\"../$pid.php?pid=$pid/>-Go Back-</a>";
mysql_select_db($dbname, $con);
$tblc = "CREATE TABLE comments`
(message VARCHAR( 1000 ) NOT NULL ,
name VARCHAR( 20 ) NOT NULL ,`ip` VARCHAR( 20 ) NOT NULL ,
date VARCHAR( 20 ) NOT NULL ,
pid VARCHAR( 20 ) NOT NULL ,
id INT( 10 ) NOT NULL AUTO_INCREMENT PRIMARY KEY COMMENT 'Comment ID')";
if (!$tblc) {
$error."Error creating table! <a href=\"../$pid.php?pid=$pid/>-Go Back-</a>"
}
}
if (table_exists(checkTable(comments, $dbname)) {
echo $succ."Connected!</p>";
}
else {
echo $error."Error creating table, please check connection details!</p> <a href=\"../$pid.php?pid=$pid/>-Go Back-</a>";
}
mysql_close($con);
//Variables for adding and validating comment
date_default_timezone_set(strip_tags($timezone));
$name = real_escape_string(strip_tags($_POST["name"]));
$message = real_escape_string(strip_tags($_POST["message"]));
$date = date(D,w,Y));
$ip = real_escape_string(strip_tags($_SERVER['REMOTE_ADDR']));
$pid = real_escape_string(strip_tags($_GET['pid']));
//Mininum characters
$min = 3
//Finnish variables///////////////////////////////////////
//#############################\\
//#########Field validation########\\
//#############################\\
function validate() {
global $name,$message,$date,$ip,$min;
return true; // Returns true, changes to false if validation is incorrect
if (count($name) !< $min || (count($name) == 0) {
return false; //Returns false if field data length is not more than 3 or is equal to 0
}
if (count($message) !< $min || (count($message) == 0) {
return false;
}
if (count($date) !< $min || (count($date) == 0) {
return false;
}
if (count($ip) !< $min || (count($ip) == 0) {
return false;
}
if (count($pid) == 0) {
return false;
}
}
//#############################\\
//######Add data to database#####\\
//#############################\\
if (validate()==TRUE) {
$query = "INSERT INTO comments (name, message, date, ip, pid) VALUES
('$name','$message','$date','$ip','$pid')";
$result = mysql_query($query);
if (!$result) {
echo $error."Error added comment, please try again!</a>";
}
else {
echo $succ."Successfully added comment!";
header('location: ../$pid.php?pid=$pid&mess=$thnkmess');
}
}
else {
echo "Validation check failed, please fill in all fields!
<a href=\"../$pid.php?pid=$pid/>-Go Back-</a>";
}
?>
<?php
//Global variables
$dbname = "exclusivedb";
$timezone = "GMT";
$thnkmess = "Thank-you for your comment $name!"; //Thank-you message to be displayed
//Database connection
$dbhost = "localhost";
$dbuser = "username"; //Database username goes here
$dbpass = "password"; //Database password goes here
//Styles
$error = "<p style=\"color:#CC0000; padding:0px; margin:0px; font-size:11px;\"/>";
$succ = "<p style=\"color:#006600; padding:0px; margin:0px; font-size:11px;\"/>";
//#############################\\
//###Check comment table exists###\\
//#############################\\
//Function to check that table exists, should create it when script is first run
function checkTable($tableName, $db) {
$tb = mysql_list_tables ($db);
while (list($temp) = mysql_fetch_array ($tables)) {
if ($temp == $table) {
return true;
}
}
return false;
}
//Connect to database
$con = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error connecting to mysql database');
if (table_exists(checkTable(comments, $dbname)) {
echo $succ."Connected!</p>";
}
else {
echo $error."Error connecting creating table!</p>
<a href=\"../$pid.php?pid=$pid/>-Go Back-</a>";
mysql_select_db($dbname, $con);
$tblc = "CREATE TABLE comments`
(message VARCHAR( 1000 ) NOT NULL ,
name VARCHAR( 20 ) NOT NULL ,`ip` VARCHAR( 20 ) NOT NULL ,
date VARCHAR( 20 ) NOT NULL ,
pid VARCHAR( 20 ) NOT NULL ,
id INT( 10 ) NOT NULL AUTO_INCREMENT PRIMARY KEY COMMENT 'Comment ID')";
if (!$tblc) {
$error."Error creating table! <a href=\"../$pid.php?pid=$pid/>-Go Back-</a>"
}
}
if (table_exists(checkTable(comments, $dbname)) {
echo $succ."Connected!</p>";
}
else {
echo $error."Error creating table, please check connection details!</p> <a href=\"../$pid.php?pid=$pid/>-Go Back-</a>";
}
mysql_close($con);
//Variables for adding and validating comment
date_default_timezone_set(strip_tags($timezone));
$name = real_escape_string(strip_tags($_POST["name"]));
$message = real_escape_string(strip_tags($_POST["message"]));
$date = date(D,w,Y));
$ip = real_escape_string(strip_tags($_SERVER['REMOTE_ADDR']));
$pid = real_escape_string(strip_tags($_GET['pid']));
//Mininum characters
$min = 3
//Finnish variables///////////////////////////////////////
//#############################\\
//#########Field validation########\\
//#############################\\
function validate() {
global $name,$message,$date,$ip,$min;
return true; // Returns true, changes to false if validation is incorrect
if (count($name) !< $min || (count($name) == 0) {
return false; //Returns false if field data length is not more than 3 or is equal to 0
}
if (count($message) !< $min || (count($message) == 0) {
return false;
}
if (count($date) !< $min || (count($date) == 0) {
return false;
}
if (count($ip) !< $min || (count($ip) == 0) {
return false;
}
if (count($pid) == 0) {
return false;
}
}
//#############################\\
//######Add data to database#####\\
//#############################\\
if (validate()==TRUE) {
$query = "INSERT INTO comments (name, message, date, ip, pid) VALUES
('$name','$message','$date','$ip','$pid')";
$result = mysql_query($query);
if (!$result) {
echo $error."Error added comment, please try again!</a>";
}
else {
echo $succ."Successfully added comment!";
header('location: ../$pid.php?pid=$pid&mess=$thnkmess');
}
}
else {
echo "Validation check failed, please fill in all fields!
<a href=\"../$pid.php?pid=$pid/>-Go Back-</a>";
}
?>