same php feed back form

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
pearjam
Forum Commoner
Posts: 29
Joined: Sun May 31, 2009 5:05 pm

same php feed back form

Post by pearjam »

So I've gotten this far... lol

I'm currently trying to add form protection to the code, but I'm having a hard time fitting the examples I'm finding on the web into it.

I'm also finding out that it's a poor way to set it up. I'm aiming to be minimal and streamlined or optimized.

So I'm open to suggestions on both!

(ps: If you just post "call a table=/page" or whatever, I'm not going to know what you mean.)



Here is the processing on the "thank you" page:

Code: Select all

<?php
$connect = mysql_connect("localhost","root","xxxxxx") or die(mysql_error());
mysql_select_db("feedback") or die(mysql_error());
$_POST = array_map('mysql_real_escape_string', $_POST);
$time = date("[d My]");
$sql = "INSERT INTO `{$_POST['table']}` (time, site, name, comment) VALUES('$time', '{$_POST['site']}', '{$_POST['name']}', '{$_POST['comment']}')";
mysql_query($sql) or die(did not update);
$ref = $_SERVER['HTTP_REFERER'];
header( 'refresh: 01; url='.$ref);
mysql_close($connect);
?>

Here is the form page that submits it, and displays it:

Code: Select all

<?php
$connect = mysql_connect("localhost","root","xxxxxxxxx") or die(mysql_error());
mysql_select_db("feedback") or die(mysql_error());
$result = mysql_query("SELECT * FROM main");
while($row = mysql_fetch_array($result))
  {
  echo $row['time'] . "&nbsp;" . $row['name'] . "&nbsp;" . $row['site'] . "<br /><i>" . $row['comment'] . "</i><br /><br />";
  }
mysql_close($connect);
?>
<form action="process.php" method="post">
<input type="text" name="name" size="20" value="your name" style="border:0px;color:#A0A0A0;font-size:11px;" onFocus="this.value=''" /><br /><br />
<input type="text" name="site" size="20" value="your website" style="border:0px;color:#A0A0A0;font-size:11px;" onFocus="this.value=''" /><br /><br />
<textarea name="comment" rows="12" cols="19" style="border:0px;color:#A0A0A0;font-size:11px;" onFocus="this.value=''">your feedback</textarea><br />
<div align="right"><input type="submit" value="" /></div><!--end right-->
</form>

So - how can I add stuff like strip_tags() etc, and how can it be better optimized?
User avatar
yacahuma
Forum Regular
Posts: 870
Joined: Sun Jul 01, 2007 7:11 am

Re: same php feed back form

Post by yacahuma »

have you try reading this
http://phpsec.org/projects/guide/2.html
Post Reply