PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
I want to display an html page with a table and a submit button which will insert anathor row to the same table and will come to the same page with updated record, How I coded it is :
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<?php define( "DATABASE_SERVER", "localhost" );
define( "DATABASE_USERNAME", "root" );
define( "DATABASE_PASSWORD", "password" );
define( "DATABASE_NAME", "comments" );
//connect to the database
$mysql = mysql_connect(DATABASE_SERVER, DATABASE_USERNAME) or die(mysql_error());
//select the database
mysql_select_db( DATABASE_NAME );
//asign the data passed from Flex to variables
//Query the database to see if the given username/password combination is valid.
$query = "SELECT * FROM comments_table";
$result = mysql_query($query);
if (!$result) {
die("Query to show fields from table failed");
}
echo "<table border='1'>";
echo "<tr>";
echo "</td>";
echo "<h1>Showing 30 Entries:</h1>";
echo "<table border='1'>";
while($row = mysql_fetch_row($result))
{
echo "<tr>";
// $row is array... foreach( .. ) puts every element
// of $row to $cell variable
echo "<td>$row[1]</td>";
echo "<td>$row[2]</td>";
echo "</tr> <br/>";
}
mysql_free_result($result);
echo "</td>";
echo "</tr> <br/>";
?>
<tr>
<td>
<form name="form1" method="post" action="">
<textarea name="textarea" cols="100" width="100%"></textarea>
<input type="submit" name="Submit" value="Submit">
</form>
</td>
</tr>
</body>
</html>
Now I have stucked at the button action in the code as commented, what to do there and where exactly I need to write the function any help apprecieated.
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<?php define( "DATABASE_SERVER", "localhost" );
define( "DATABASE_USERNAME", "root" );
define( "DATABASE_PASSWORD", "password" );
define( "DATABASE_NAME", "comments" );
//connect to the database
$mysql = mysql_connect(DATABASE_SERVER, DATABASE_USERNAME) or die(mysql_error());
//select the database
mysql_select_db( DATABASE_NAME );
// if($_POST['Submit']) {
// !Note! ** you should clean the contents of the POST variables.
// eg. array_walk($_POST,'SomePostCleaningFunction');
// Check out this cleaning function - http://www.webmasterworld.com/php/3143214.htm
// You might want to remove HTML that the user may have put in the textarea
// e.g. $textarea = strip_tags($POST['textarea']);
// You might want to turn line returns into html breaks.
// e.g. $textarea = nl2br($textarea);
// Then you would be ready to add data to database
// $add_data = mysql_query("INSERT INTO comments_table (textarea) VALUES ('".$textarea."')");
// if(!$add_data) {
// die(mysql_error());
// } else {
// you could put a success message here!!
// e.g. either
// echo 'Success';
// or
// $success = 1; /* see line 50 for the effect of this. */
}
$query = "SELECT * FROM comments_table";
$result = mysql_query($query);
if (!$result) {
die("Query to show fields from table failed");
}
// check if $success is set variable set in line 38.
// if($success==1) {
// echo '<p style="color:red">Thanks, your post was added.</p>';
// }
echo "<table border='1'>";
echo "<tr>";
echo "</td>";
echo "<h1>Showing 30 Entries:</h1>";
echo "<table border='1'>";
while($row = mysql_fetch_row($result))
{
echo "<tr>";
// $row is array... foreach( .. ) puts every element
// of $row to $cell variable
echo "<td>$row[1]</td>";
echo "<td>$row[2]</td>";
echo "</tr> <br/>";
}
mysql_free_result($result);
echo "</td>";
echo "</tr> <br/>";
?>
<tr>
<td>
<form name="form1" method="post" action="<? print $_SERVER['PHP_SELF']; ?>">
<textarea name="textarea" cols="100" width="100%"></textarea>
<input type="submit" name="Submit" value="Submit">
</form>
</td>
</tr>
</body>
</html>
All the best
Richard
Last edited by dbsuk on Thu Dec 17, 2009 8:19 pm, edited 2 times in total.
<?
/**
* Clean the post data from http://www.webmasterworld.com/php/3143214.htm
*/
function PostCleaner($value) {
// Stripslashes
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
// Quote if not a number or a numeric string
if (!is_numeric($value)) {
$value = "'" . mysql_real_escape_string($value) . "'";
}
return $value;
}
?>
Last edited by dbsuk on Thu Dec 17, 2009 8:20 pm, edited 1 time in total.
You should use a the cleaning function to remove unwanted characters from any user input fields to make them safe before passing them to a database, otherwise it is possible for a cracker to break your code and potentially manipulate your database and / or site files.
Including your own functions
Usually I place functions in an external file and include them, but you can just place them on the page where they are called.
For example you could place the code for the PostCleaner() function in a file called "common.php" and then include it in you page like this.
<?
include 'common.php';
// now the file is included you can use the function as needed.
$textarea = PostCleaner($_POST['textarea']);
// Now text area contains clean code.
?>
I don't want to ignore HTML tag but i wont allow an HTML code, I mean when html is input no data will be inserted in table. So I need to check out for HTML tag I guess. How to do that.
I have posted it as another topic U may check it. viewtopic.php?f=1&t=110369