Funkymonkey
06-17-2005, 06:35 AM
I've now made my guestbook which lets the user know when they didn't enter a name, e-mail or comment. The problem is it puts them in the guestbook anyway. The address is www.sharesnaps.net/guest/guestbook.php.
The code for the form is:
<?php
// Set the page title and include the HTML header.
$page_title = 'Guestbook';
include ('header.inc');
if (isset($_POST['submit'])) { // Handle the form.
$message = NULL; // Create an empty new variable.
// Check for a name.
if (strlen($_POST['first_name']) >0){
$_POST['first_name'] = stripslashes($_POST['first_name']);
$fn = $_POST['first_name'];
} else {
$_POST['first_name'] = NULL;
echo 'You forgot to enter your name!!!';
}
// Check for an e-mail.
if (strlen($_POST['email']) >0){
$_POST['email'] = stripslashes($_POST['email']);
$e = $_POST['email'];
} else {
$_POST['email'] = NULL;
echo 'You forgot to enter your e-mail address!!!';
}
// Check for a comment
if (strlen($_POST['comment']) >0){
$_POST['comment'] = stripslashes($_POST['comment']);
$c = $_POST['comment'];
} else {
$_POST['comment'] = NULL;
echo 'You forgot to enter a comment!!!';
}
if ('$fn' && '$e' && '$c') { // If everything's OK.
// Add the guest to the database.
require_once ('mysql_connect.php'); // Connect to the db.
// Make the query.
$query = "INSERT INTO users (first_name, email, comment) VALUES ('$fn', '$e', '$c')";
$result = @mysql_query ($query); // Run the query.
if ($result) { // If it ran OK.
// Send an email, if desired.
echo '<p><b>You have been added to the guestbook!</b></p>';
include ('footer.inc'); // Include the HTML footer.
exit(); // Quit the script.
} else { // If it did not run OK.
$message = '<p>You could not be added to the guestbook due to a system error. We apologize for any inconvenience.</p><p>' . mysql_error() . '</p>';
}
mysql_close(); // Close the database connection.
} else {
$message .= '<p>Please try again.</p>';
}
} // End of the main Submit conditional.
// Print the message if there is one.
if (isset($message)) {
echo '<font color="red">', $message, '</font>';
}
?>
:o :o
The code for the form is:
<?php
// Set the page title and include the HTML header.
$page_title = 'Guestbook';
include ('header.inc');
if (isset($_POST['submit'])) { // Handle the form.
$message = NULL; // Create an empty new variable.
// Check for a name.
if (strlen($_POST['first_name']) >0){
$_POST['first_name'] = stripslashes($_POST['first_name']);
$fn = $_POST['first_name'];
} else {
$_POST['first_name'] = NULL;
echo 'You forgot to enter your name!!!';
}
// Check for an e-mail.
if (strlen($_POST['email']) >0){
$_POST['email'] = stripslashes($_POST['email']);
$e = $_POST['email'];
} else {
$_POST['email'] = NULL;
echo 'You forgot to enter your e-mail address!!!';
}
// Check for a comment
if (strlen($_POST['comment']) >0){
$_POST['comment'] = stripslashes($_POST['comment']);
$c = $_POST['comment'];
} else {
$_POST['comment'] = NULL;
echo 'You forgot to enter a comment!!!';
}
if ('$fn' && '$e' && '$c') { // If everything's OK.
// Add the guest to the database.
require_once ('mysql_connect.php'); // Connect to the db.
// Make the query.
$query = "INSERT INTO users (first_name, email, comment) VALUES ('$fn', '$e', '$c')";
$result = @mysql_query ($query); // Run the query.
if ($result) { // If it ran OK.
// Send an email, if desired.
echo '<p><b>You have been added to the guestbook!</b></p>';
include ('footer.inc'); // Include the HTML footer.
exit(); // Quit the script.
} else { // If it did not run OK.
$message = '<p>You could not be added to the guestbook due to a system error. We apologize for any inconvenience.</p><p>' . mysql_error() . '</p>';
}
mysql_close(); // Close the database connection.
} else {
$message .= '<p>Please try again.</p>';
}
} // End of the main Submit conditional.
// Print the message if there is one.
if (isset($message)) {
echo '<font color="red">', $message, '</font>';
}
?>
:o :o