one file php html page

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
kapil1089theking
Forum Commoner
Posts: 46
Joined: Wed May 28, 2008 1:51 pm
Location: Kolkata, India
Contact:

one file php html page

Post by kapil1089theking »

I want to display an html page with a table and a submit button which will insert anathor row to the same table and will come to the same page with updated record, How I coded it is :

Code: Select all

<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
 
<body>
<?php   define( "DATABASE_SERVER", "localhost" );
    define( "DATABASE_USERNAME", "root" );
    define( "DATABASE_PASSWORD", "password" );
    define( "DATABASE_NAME", "comments" );
    //connect to the database
    $mysql = mysql_connect(DATABASE_SERVER, DATABASE_USERNAME) or die(mysql_error());
    //select the database
    mysql_select_db( DATABASE_NAME );
    //asign the data passed from Flex to variables
    //Query the database to see if the given username/password combination is valid.
    $query = "SELECT * FROM comments_table";
    
    $result = mysql_query($query);
if (!$result) {
    die("Query to show fields from table failed");
}
echo "<table border='1'>";
echo "<tr>";
echo "</td>";
echo "<h1>Showing 30 Entries:</h1>";
echo "<table border='1'>";
    while($row = mysql_fetch_row($result))
    {
        echo "<tr>";
 
    // $row is array... foreach( .. ) puts every element
    // of $row to $cell variable
        echo "<td>$row[1]</td>";
        echo "<td>$row[2]</td>";
        echo "</tr> <br/>";
    }
        mysql_free_result($result);
        echo "</td>";
        echo "</tr> <br/>";
 
 ?>
 <tr>
 <td>
<form name="form1" method="post" action="">
      <textarea  name="textarea" cols="100" width="100%"></textarea>
      <input type="submit" name="Submit" value="Submit">
</form>
</td>
</tr>
</body>
</html>
 
Now I have stucked at the button action in the code as commented, what to do there and where exactly I need to write the function any help apprecieated.
User avatar
dbsuk
Forum Newbie
Posts: 7
Joined: Thu Dec 17, 2009 9:22 am
Location: London, England

Re: one file php html page

Post by dbsuk »

Hi Kapil,

You could do something like this.

Code: Select all

<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
 
<body>
<?php   define( "DATABASE_SERVER", "localhost" );
    define( "DATABASE_USERNAME", "root" );
    define( "DATABASE_PASSWORD", "password" );
    define( "DATABASE_NAME", "comments" );
    //connect to the database
    $mysql = mysql_connect(DATABASE_SERVER, DATABASE_USERNAME) or die(mysql_error());
    //select the database
    mysql_select_db( DATABASE_NAME );
 
    // if($_POST['Submit']) {
 
       // !Note! ** you should clean the contents of the POST variables.
       // eg. array_walk($_POST,'SomePostCleaningFunction');
       // Check out this cleaning function - http://www.webmasterworld.com/php/3143214.htm
 
      // You might want to remove HTML that the user may have put in the textarea
      // e.g. $textarea = strip_tags($POST['textarea']);
 
     // You might want to turn line returns into html breaks.
     // e.g. $textarea = nl2br($textarea);
 
       // Then you would be ready to add data to database
       // $add_data = mysql_query("INSERT INTO comments_table (textarea) VALUES ('".$textarea."')");
       // if(!$add_data) {
       // die(mysql_error());
       // } else {
         // you could put a success message here!!
         // e.g. either
         // echo 'Success';
         // or
         // $success = 1; /* see line 50 for the effect of this. */
 
    } 
 
    $query = "SELECT * FROM comments_table";
   
    $result = mysql_query($query);
if (!$result) {
    die("Query to show fields from table failed");
}
 
// check if $success is set variable set in line 38.
// if($success==1) {
//  echo '<p style="color:red">Thanks, your post was added.</p>';
// }
 
 
echo "<table border='1'>";
echo "<tr>";
echo "</td>";
echo "<h1>Showing 30 Entries:</h1>";
echo "<table border='1'>";
    while($row = mysql_fetch_row($result))
    {
        echo "<tr>";
 
    // $row is array... foreach( .. ) puts every element
    // of $row to $cell variable
        echo "<td>$row[1]</td>";
        echo "<td>$row[2]</td>";
        echo "</tr> <br/>";
    }
        mysql_free_result($result);
        echo "</td>";
        echo "</tr> <br/>";
 
 ?>
 <tr>
 <td>
<form name="form1" method="post" action="<? print $_SERVER['PHP_SELF']; ?>">
      <textarea  name="textarea" cols="100" width="100%"></textarea>
      <input type="submit" name="Submit" value="Submit">
</form>
</td>
</tr>
</body>
</html>
All the best

Richard
Last edited by dbsuk on Thu Dec 17, 2009 8:19 pm, edited 2 times in total.
User avatar
dbsuk
Forum Newbie
Posts: 7
Joined: Thu Dec 17, 2009 9:22 am
Location: London, England

Re: one file php html page

Post by dbsuk »

The function to clean post data

Code: Select all

<?
   /**
    *  Clean the post data from http://www.webmasterworld.com/php/3143214.htm
    */ 
 
  function PostCleaner($value) {
        // Stripslashes
        if (get_magic_quotes_gpc()) {
              $value = stripslashes($value);
        }
        // Quote if not a number or a numeric string
        if (!is_numeric($value)) {
              $value = "'" . mysql_real_escape_string($value) . "'";
        }
        return $value;
   }   
 
?>
Last edited by dbsuk on Thu Dec 17, 2009 8:20 pm, edited 1 time in total.
kapil1089theking
Forum Commoner
Posts: 46
Joined: Wed May 28, 2008 1:51 pm
Location: Kolkata, India
Contact:

Re: one file php html page

Post by kapil1089theking »

In the text field no URLS or HTML is allowed, how to do that?

Why are you using the cleaning function and where from I have to call it and what is advantage of using this?
User avatar
dbsuk
Forum Newbie
Posts: 7
Joined: Thu Dec 17, 2009 9:22 am
Location: London, England

Re: one file php html page

Post by dbsuk »

Hi again,

To remove HTML thats all HTML tags you use the strip_tags() function to remove HTML from a variable.

Code: Select all

 
<?
 
  // variable with HTML in it
 
  $var = '<a href="http://devnetwork.net">Testing</a>';
 
  // remove HTML tags
 
  $varNoHtml = strip_tags($var);
   
  // test the output.
  // echo the orignal $var variable.
 
  echo '$var = '.$var.'<br />';
 
  // echo $varNoHtml
 
  echo $varNoHtml = '.$varNoHtml;
 
?>
 
See http://php.net/manual/en/function.strip-tags.php for more details.

The cleaning function

Forms are vunerable to SQL injection (http://en.wikipedia.org/wiki/SQL_injection).

You should use a the cleaning function to remove unwanted characters from any user input fields to make them safe before passing them to a database, otherwise it is possible for a cracker to break your code and potentially manipulate your database and / or site files.

Including your own functions

Usually I place functions in an external file and include them, but you can just place them on the page where they are called.

For example you could place the code for the PostCleaner() function in a file called "common.php" and then include it in you page like this.

Code: Select all

<?
 
    include 'common.php';
 
 
    // now the file is included you can use the function as needed.
 
    $textarea = PostCleaner($_POST['textarea']);
 
    // Now text area contains clean code.
 
?>
More about include here: http://php.net/manual/en/function.include.php

I suggest you paste the code into your favourite text editor, upload to your server and play about with them to get an idea of what they do.

Regards

Richard
Last edited by dbsuk on Thu Dec 17, 2009 8:20 pm, edited 1 time in total.
kapil1089theking
Forum Commoner
Posts: 46
Joined: Wed May 28, 2008 1:51 pm
Location: Kolkata, India
Contact:

Re: one file php html page

Post by kapil1089theking »

I don't want to ignore HTML tag but i wont allow an HTML code, I mean when html is input no data will be inserted in table. So I need to check out for HTML tag I guess. How to do that.
I have posted it as another topic U may check it.
viewtopic.php?f=1&t=110369
Post Reply