Page 1 of 1

Wondering if you can review this code

Posted: Thu Jan 20, 2011 9:07 pm
by Katman
***** PLEASE USE PHP CODE TAG *****

Code: Select all

<?php
$submit = $_POST['submit'];


$first_name = strip_tags($_POST['first_name']);
$last_name = strip_tags($_POST['last_name']);
$email = strip_tags($_POST['first_name']);
$retype_email = strip_tags($_POST['retype_email']);
$password = strip_tags($_POST['password']);
$retype_password = strip_tags($_POST['retype_password']);

if ($submit)
{
	if {
		($first_name&&$last_name&&$email&&$retype_email&&$password&&$retype_password)
		$password = md5($password);
		$retype_password = md5($retype_password);

		if {
			($password == $retype_password)	

			if (strlen($username)>25||strlen($first_name)>25||strlen($last_name)>25)
				{
				addError "Your username or first or last name must be between 6 and 25 characters!";
				}
			else
				{
					
					if (strlen($password)<6||($password)>25)
					{
					addError "Your password must be between 6 and 25 characters!";						
					}
					else{
						$check = mysql_query("SELECT * FROM users WHERE username='$username'");
						if (mysql_num_rows($check)>=1)
							addError "That username is already taken";
						else {
							//generate random code
							$code = rand(1111111,9999999);
							
							//send activation email
							$to = $email;
							$subject = "Activate your account";
							$headers = "From:"
							$body = "";
							
							if (!mail($to,$subject,$body,$headers))
								echo "We couldn't sign you up at this time. Please try again later.";
							else{
								//register into database
								$register = mysql_query("INSERT INTO users VALUE ('','$username','$password','$email','$code','0')");
								echo "You have been registered successfully! Please check your ($email) to activate your account";
							}
					}
				}

		}
		
		else	{
			addError "Your passwords do not match!";	
			}
	
	else 	{
		addError "Please fill in ALL fields!";
		}
	}
}
?>
I wondering if you guys can make sure that I got all the brackets and such in. I looked many times but found nothing wrong. Also my html forum is not even submitting so there is no way for me to test to see if I have got all the code in right.

Thanks in advance

Re: Wondering if you can review this code

Posted: Fri Jan 21, 2011 2:01 am
by Christopher
Are you getting an error? I don't understand the "my html forum is not even submitting so there is no way for me to test to see if I have got all the code in right." Do you mean "html form"? Do you mean it is submitting but there are errors? Do you have error reporting on? Have you check the server logs (if errors are being sent there)?

Re: Wondering if you can review this code

Posted: Fri Jan 21, 2011 9:34 am
by brothaofdes
Put this at the top of you page:

Code: Select all

error_reporting(-1);
echo "<pre>";
 echo "--> Form data (POST) <-- <br>";
print_r ($_POST);
echo "--> Form data (GET) <-- <br>";
print_r ($_GET);
echo "--> Header List <-- <br>";
echo "--> Form data (SESSION) <-- <br>";
print_r ($_SESSION);
The error_reporting(-1); will display any and all errors on your page. Use it, learn it, love it!

The other arrays will tell you what is being passed back and forth, use this to help debug.

Re: Wondering if you can review this code

Posted: Fri Jan 21, 2011 8:09 pm
by Katman
I think I know why my form does nothing. I did not attach a testing server. Also i meant form stupid iphane auto corrected to forum. Oops fail on my part. Thanks for the code to check for errors.

Basically I'm trying to make a web application so expect more questions from me.

Re: Wondering if you can review this code

Posted: Mon Jan 24, 2011 3:00 pm
by Katman
so after attaching a testing server and that code to check for errors i get this error.

Parse error: parse error, expecting `'('' in C:\wamp\www\Allinone\welcome.php on line 22

I checked that line and there seems to be nothing wrong with it. I don't think I am missing a semicolon or anything and I believe that I do have all my brackets in place.

Re: Wondering if you can review this code

Posted: Mon Jan 24, 2011 3:34 pm
by flying_circus
Katman wrote:I wondering if you guys can make sure that I got all the brackets and such in. I looked many times but found nothing wrong.
This code is full of syntax errors. What are you using for a development environment? I coppied and pasted this code into NuSphere PHP IDE and the screen lit up with errors.

Code: Select all

<?php
  /*
   * Always check variable existence before referencing it.
   * Assign default values if the reference does not exist.
   */
  # Fetch $_POST Vars
    $submit = isset($_POST['submit']) ? $_POST['submit'] : 0;
    $first_name = isset($_POST['first_name']) ? strip_tags($_POST['first_name']) : '';
    $last_name = isset($_POST['last_name']) ? strip_tags($_POST['last_name']) : '';
    $email = isset($_POST['email']) ? strip_tags($_POST['email']) : '';
    $retype_email = isset($_POST['retype_email']) ? strip_tags($_POST['retype_email']) : '';
    $password = isset($_POST['password']) ? strip_tags($_POST['password']) : '';
    $retype_password = isset($_POST['retype_password']) ? strip_tags($_POST['retype_password']) : '';
    
  # Do Something
    if ($submit) {
      if(!empty($first_name) && !empty($last_name) && !empty($email) && !empty($retype_email) && !empty($password) && !empty($retype_password)) {
        /* Reassigning these variables to a hash here will confuse your code further down */
        $password = md5($password);
        $retype_password = md5($retype_password);
              
        if($password == $retype_password) {
          if (strlen($username)>25 || strlen($first_name)>25 || strlen($last_name)>25) {
            addError("Your username or first or last name must be between 6 and 25 characters!");
          } else {
            
            /* This will always fail because you assigned $password to a 32 character md5 hash up above. */
            /* I can see you've removed 'strlen' function to handle this problem... Not a good solution. */
            if(strlen($password)<6 ||($password)>25) {
              addError("Your password must be between 6 and 25 characters!");
            } else {
              /* This has SQL Injection written ALL over it.  ALWAYS escape data to be put into a mysql query.  It's easy... really. */
              /* I dont know where you connect to the database, but I'll assume you did it elsewhere, not listed in this code. */
              $escaped_username = mysql_real_escape_string($username);
              $check = mysql_query("SELECT * FROM users WHERE username='$escaped_username'");
              
              if (mysql_num_rows($check)>=1) {
                addError("That username is already taken");
              } else {
              /* Surely this can be done better? */
              //generate random code
                $code = rand(1111111,9999999);
              
              //send activation email
                $to = $email;
                $subject = "Activate your account";
                $headers = "From:"; // From Who?
                $body = ""; // Should something be in the body of your email?
              
                if(!mail($to,$subject,$body,$headers)) {
                  echo "We couldn't sign you up at this time. Please try again later.";
                } else {
                /* See above comments about SQL Injection */
                //register into database
                  $register = mysql_query("INSERT INTO users VALUE ('','$username','$password','$email','$code','0')");
                  echo "You have been registered successfully! Please check your ($email) to activate your account";
                }
              }
            }
                              
          }
        } else {
          addError("Your passwords do not match!");
        }
      } else {
        addError("Please fill in ALL fields!");
      }
    }
?>

Re: Wondering if you can review this code

Posted: Mon Jan 24, 2011 6:48 pm
by Katman
hey just tried that program you suggested, and your revised code but it still gave me an error.

Parse error: parse error, expecting `'('' in C:\wamp\www\Allinone\welcome.php on line 22

To develop the code I used notepad and I tested it in wamp. When I tested your in the program you gave me your code was ok, but when I tried it on wampI got the above error. I tried this:

Code: Select all

<?php
if ($first_name&&$last_name&&$email&&$retype_email&&$username&&$password&&$retype_password==0)
{   
     echo "Please fill in all fields!";
}else
    if (strlen($username)>25||strlen($first_name)>25||strlen($last_name)>25)
         echo "Your first and/or last name are too long!";
    else
            if ($email!=$retype_email)
                echo "Your emails do not match!";
            else
                if(strlen($password)>32) 
                    echo "Your password must not be greater than 32 characters!";
                else
                    if ($password!=$retype_password)
                        echo "Your passwords do not match!";
                            else
                                $check = mysql_query("SELECT * FROM users WHERE username='$username'");
                                 if (mysql_num_rows($check)>=1) :oops: 
                                    echo "That username is already in use!";
?>
and only got the error:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in E:\Allinone\welcome.php on line 21 (marked by the smiley)

using your program and the same parsing error using wamp. To answer one of the questions you poised in your edit, I connect to my db using include_once "dbconnect.php". This file has all my database information on it.

Re: Wondering if you can review this code

Posted: Tue Jan 25, 2011 1:14 am
by flying_circus
Katman wrote:Parse error: parse error, expecting `'('' in C:\wamp\www\Allinone\welcome.php on line 22
Where is the rest of the code from welcome.php?

Katman wrote:Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in E:\Allinone\welcome.php on line 21
This basically means your query failed.

Re: Wondering if you can review this code

Posted: Tue Jan 25, 2011 6:32 am
by divedj
Try the following in yor sql query:

Code: Select all

$check = mysql_query("SELECT * FROM users WHERE username='$username'"); // replace this line with the next one

$check = mysql_query("SELECT * FROM users WHERE username=".$username.""); /than make sure the spelling is all correct eg. userName user_name ....

Re: Wondering if you can review this code

Posted: Tue Jan 25, 2011 3:53 pm
by Katman

Code: Select all

<?php include_once "dbconnect.php"  ?>

<?php
if ($first_name&&$last_name&&$email&&$retype_email&&$username&&$password&&$retype_password==0)
{   
     echo "Please fill in all fields!";
}else
    if (strlen($username)>25||strlen($first_name)>25||strlen($last_name)>25)
         echo "Your first and/or last name are too long!";
    else
            if ($email!=$retype_email)
                echo "Your emails do not match!";
            else
                if(strlen($password)>32) 
                    echo "Your password must not be greater than 32 characters!";
                else
                    if ($password!=$retype_password)
                        echo "Your passwords do not match!";
                            else
                                $check = mysql_query("SELECT * FROM users WHERE username='$username'");
                                 if (mysql_num_rows($check)>=1)
                                    echo "That username is already in use!";
?>

<html>
<head>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<title>AllinOne.com - All your social networking needs</title>
<link rel="stylesheet" type="text/css" href="layout1.css"/>
</head>


<body>
<div id="logo">
<a href="welcome.php"><img style="float:left;border:none;" src="logo.png" /></a>
</div>

      Username:<td><input type="text" name="Username" value="" size="15" /></td>
      Password:<td><input type="password" name="Password" value="" size="15" /></td>
      <td><input type="submit" value="Login" /></td>


<div id="main">
<div id="registration">
<form method="post" name="form1">
  <table align="center">
    <tr valign="baseline">
      <td nowrap align="left">First Name:</td>
      <td><input type="text" name="first_name" value="" size="20"></td>
    </tr>

    <tr valign="baseline">
      <td nowrap align="left">Last Name:</td>
      <td><input type="text" name="last_name" value="" size="20"></td>
    </tr>
    <tr valign="baseline">
      <td nowrap align="left">Email:</td>
      <td><input type="text" name="email" value="" size="20"></td>
    </tr>

    <tr valign="baseline">
      <td nowrap align="left">Re-type Email:</td>
      <td><input type="text" name="retype_email" value="" size="20"></td>
    </tr>
    <tr valign="baseline">
      <td nowrap align="left">Password:</td>
      <td><input type="password" name="password" value="" size="20"></td>
    </tr>

    <tr valign="baseline">
      <td nowrap align="leftt">Re-type Password:</td>
      <td><input type="password" name="retype_password" value="" size="20"></td>
    </tr>
    <tr valign="baseline">
      <td nowrap align="left">&nbsp;</td>
      <td><input type="submit" value="Register"></td>
    </tr>

  </table>
</form>
</div>

<div id="content">
AllInOne.com is a site designed to allow you to access all of your social networking or email needs in one site. This allows you to simplify your internet accessing. This site is configured to allow you to connect with your Facebook, GMail, Hotmail, Myspace, YahooMail or Twitter accounts.
</div>


<div id="footer" style="text-align: center;">
<a href="contact.php">Contact Us!</a>
<br/>AllinOne ©2010 - Designed by Hassan Said
</div>
</div>

</body>

</html>
that is the full code for the welcome.php file. I was trying to get the register portion on the same page as the information about what my site wishes to do. I have to finish a couple of school assignments but I will try your code tonight divedj. Also I am going to change those if else statements at the beginning.

Re: Wondering if you can review this code

Posted: Tue Jan 25, 2011 4:07 pm
by John Cartwright
Please start using PHP tags when posting code here. I.e., wrap your php code in [syntax=php][/syntax].

While your at it, you might want to take the time to read our forum rules (found in my signature).

Re: Wondering if you can review this code

Posted: Wed Jan 26, 2011 5:23 pm
by Katman
[text]
Notice: Undefined variable: first_name in C:\wamp\www\Allinone\welcome.php on line 4

Notice: Undefined variable: username in C:\wamp\www\Allinone\welcome.php on line 8

Notice: Undefined variable: first_name in C:\wamp\www\Allinone\welcome.php on line 8

Notice: Undefined variable: last_name in C:\wamp\www\Allinone\welcome.php on line 8

Notice: Undefined variable: retype_email in C:\wamp\www\Allinone\welcome.php on line 11

Notice: Undefined variable: email in C:\wamp\www\Allinone\welcome.php on line 11

Notice: Undefined variable: password in C:\wamp\www\Allinone\welcome.php on line 14

Notice: Undefined variable: retype_password in C:\wamp\www\Allinone\welcome.php on line 17

Notice: Undefined variable: password in C:\wamp\www\Allinone\welcome.php on line 17

Notice: Undefined variable: username in C:\wamp\www\Allinone\welcome.php on line 20

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\wamp\www\Allinone\welcome.php on line 21
[/text]

Those are the new errors coming up. Using this code...

Code: Select all

<?php include_once "dbconnect.php"  ?>

<?php
  /*
   * Always check variable existence before referencing it.
   * Assign default values if the reference does not exist.
   */
  # Fetch $_POST Vars
   //$submit = isset($_POST['submit']) ? $_POST['submit'] : 0;
   //$first_name = isset($_POST['first_name']) ? strip_tags($_POST['first_name']) : '';
   //$last_name = isset($_POST['last_name']) ? strip_tags($_POST['last_name']) : '';
   //$email = isset($_POST['email']) ? strip_tags($_POST['email']) : '';
   //$retype_email = isset($_POST['retype_email']) ? strip_tags($_POST['retype_email']) : '';
   //$password = isset($_POST['password']) ? strip_tags($_POST['password']) : '';
   //$retype_password = isset($_POST['retype_password']) ? strip_tags($_POST['retype_password']) : '';

   $submit = $_POST['submit'];
   $fullname = $_POST['first_name'].''.$_POST['last_name'];
   $email = $_POST['email'];
   $retype_email = $_POST['retype_email'];
   $password = strip_tags($_POST('password'));
   $retype_password = strip_tags($_POST('retype_password'));
   
  # Do Something
   if ($submit) {
      if(!empty($first_name) && !empty($last_name) && !empty($email) && !empty($retype_email) && !empty($password) && !empty($retype_password)) {
        /* Reassigning these variables to a hash here will confuse your code further down */
        $password = md5($password);
        $retype_password = md5($retype_password);
             
        if($password == $retype_password) {
          if (strlen($username)>25 || strlen($first_name)>25 || strlen($last_name)>25) {
            addError("Your username or first or last name must be between 6 and 25 characters!");
          } else {
           
            /* This will always fail because you assigned $password to a 32 character md5 hash up above. */
            /* I can see you've removed 'strlen' function to handle this problem... Not a good solution. */
            if(strlen($password)<6 ||($password)>25) {
              addError("Your password must be between 6 and 25 characters!");
            } else {
              /* This has SQL Injection written ALL over it.  ALWAYS escape data to be put into a mysql query.  It's easy... really. */
              /* I dont know where you connect to the database, but I'll assume you did it elsewhere, not listed in this code. */
              $escaped_username = mysql_real_escape_string($username);
             $check = mysql_query("SELECT * FROM users WHERE username=".$username."");
             
              if (mysql_num_rows($check)>=1) {
                addError("That username is already taken");
              } else {
              /* Surely this can be done better? */
              //generate random code
                $code = rand(1111111,9999999);
             
              //send activation email
                $to = $email;
                $subject = "Activate your account";
                $headers = "From:"; // From Who?
                $body = ""; // Should something be in the body of your email?
             
                if(!mail($to,$subject,$body,$headers)) {
                  echo "We couldn't sign you up at this time. Please try again later.";
                } else {
                /* See above comments about SQL Injection */
                //register into database
                  $register = mysql_query("INSERT INTO users VALUE ('','$username','$password','$email','$code','0')");
                  echo "You have been registered successfully! Please check your ($email) to activate your account";
                }
              }
            }
                             
          }
        } else {
          addError("Your passwords do not match!");
        }
      } else {
        addError("Please fill in ALL fields!");
      }
    }
?>

<html>
<head>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<title>AllinOne.com - All your social networking needs</title>
<link rel="stylesheet" type="text/css" href="layout1.css"/>
</head>


<body>
<div id="logo">
<a href="welcome.php"><img style="float:left;border:none;" src="logo.png" /></a>
</div>

      Username:<td><input type="text" name="Username" value="" size="15" /></td>
      Password:<td><input type="password" name="Password" value="" size="15" /></td>
      <td><input type="submit" value="Login" /></td>


<div id="main">
<div id="registration">
<form method="post" name="form1">
  <table align="center">
    <tr valign="baseline">
      <td nowrap align="left">First Name:</td>
      <td><input type="text" name="first_name" value="" size="20"></td>
    </tr>

    <tr valign="baseline">
      <td nowrap align="left">Last Name:</td>
      <td><input type="text" name="last_name" value="" size="20"></td>
    </tr>
    <tr valign="baseline">
      <td nowrap align="left">Email:</td>
      <td><input type="text" name="email" value="" size="20"></td>
    </tr>

    <tr valign="baseline">
      <td nowrap align="left">Re-type Email:</td>
      <td><input type="text" name="retype_email" value="" size="20"></td>
    </tr>
    <tr valign="baseline">
      <td nowrap align="left">Password:</td>
      <td><input type="password" name="password" value="" size="20"></td>
    </tr>

    <tr valign="baseline">
      <td nowrap align="leftt">Re-type Password:</td>
      <td><input type="password" name="retype_password" value="" size="20"></td>
    </tr>
    <tr valign="baseline">
      <td nowrap align="left">&nbsp;</td>
      <td><input type="submit" value="Register"></td>
    </tr>

  </table>
</form>
</div>

<div id="content">
AllInOne.com is a site designed to allow you to access all of your social networking or email needs in one site. This allows you to simplify your internet accessing. This site is configured to allow you to connect with your Facebook, GMail, Hotmail, Myspace, YahooMail or Twitter accounts.
</div>


<div id="footer" style="text-align: center;">
<a href="contact.php">Contact Us!</a>
<br/>AllinOne ©2010 - Designed by Hassan Said
</div>
</div>

</body>

</html>

Re: Wondering if you can review this code

Posted: Thu Jan 27, 2011 11:26 am
by flying_circus
Katman wrote:[text]
Notice: Undefined variable: first_name in C:\wamp\www\Allinone\welcome.php on line 4

Notice: Undefined variable: username in C:\wamp\www\Allinone\welcome.php on line 8

Notice: Undefined variable: first_name in C:\wamp\www\Allinone\welcome.php on line 8

Notice: Undefined variable: last_name in C:\wamp\www\Allinone\welcome.php on line 8

Notice: Undefined variable: retype_email in C:\wamp\www\Allinone\welcome.php on line 11

Notice: Undefined variable: email in C:\wamp\www\Allinone\welcome.php on line 11

Notice: Undefined variable: password in C:\wamp\www\Allinone\welcome.php on line 14

Notice: Undefined variable: retype_password in C:\wamp\www\Allinone\welcome.php on line 17

Notice: Undefined variable: password in C:\wamp\www\Allinone\welcome.php on line 17

Notice: Undefined variable: username in C:\wamp\www\Allinone\welcome.php on line 20

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\wamp\www\Allinone\welcome.php on line 21
[/text]

Those are the new errors coming up. Using this code...
And those are all very easy to understand and solve. For the most part, they are pretty self explanitory. Lets dissect one:

"Notice: Undefined variable: first_name in C:\wamp\www\Allinone\welcome.php on line 4"

This means that you are referencing a variable ($first_name) in your code, but it has not been defined.
Back to the basics, to define a variable you need to set it or assign it to something.

ex: $first_name = 'Katman';

As we look over your code, we see that you are checking if $first_name is empty:
"if(!empty($first_name) && !empty($last_name) && !empty($email) && !empty($retype_email) && !empty($password) && !empty($retype_password)) {"

$first_name is not set, so you cant check to see if it is empty. If there is confusion on what the empty() function does, you should pull up the php documentation here

if you want to check to see if a variable has been defined, you can use the isset() function, and you can read about it here

There we go, the order in which you must do things:
1. Declare the variable.
2. Set it to something.
3. Use it in your code.

Ok, that should address all but the last warning.

"Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\wamp\www\Allinone\welcome.php on line 21"

first, we need to know what parameter 1 of mysql_num_rows is. We can do that by checking the reference here

Ok, this means, that mysql_num_rows() is expecting a resource (i.e. a sucessfull query to the database). If the mysql_query fails, it will return FALSE, which is a boolean data type. To read more about the return values of mysql_query, you should reference it here


Perfect! Now, rather than telling you the answer, I've taught you to solve it. This will make you a much better developer!
Go back through the code that I posted and think very carefully about the comments I made to your code. Try to understand why I wrote portions of the code the way that I did, especially this part:

Code: Select all

<?php
  /*
   * Always check variable existence before referencing it.
   * Assign default values if the reference does not exist.
   */
  # Fetch $_POST Vars
    $submit = isset($_POST['submit']) ? $_POST['submit'] : 0;
    $first_name = isset($_POST['first_name']) ? strip_tags($_POST['first_name']) : '';
    $last_name = isset($_POST['last_name']) ? strip_tags($_POST['last_name']) : '';
    $email = isset($_POST['email']) ? strip_tags($_POST['email']) : '';
    $retype_email = isset($_POST['retype_email']) ? strip_tags($_POST['retype_email']) : '';
    $password = isset($_POST['password']) ? strip_tags($_POST['password']) : '';
    $retype_password = isset($_POST['retype_password']) ? strip_tags($_POST['retype_password']) : '';
?>
Hint: $_POST['first_name'] will not be set if you access the page through a GET request. If I punch into my browser: http://www.example.org/welcome.php and click enter... that's a GET request. All of your reference's to $_POST variable will fail, because there is no $_POST data, until you click submit on your form (which has a method of "post"). So you see, before you reference $_POST data, you should first check to make sure that it exists. Otherwise you will always be plagued by these type of Notice's and Warnings. PHP is trying to tell you what the problem is.

Good luck with your code!

Re: Wondering if you can review this code

Posted: Wed Mar 02, 2011 6:01 pm
by Katman
ok now on to the topic of email. How can i get someone to receive an email after it is entered into a field.

i have attached the code i am looking to use.

Code: Select all

<?php require_once('Connections/Registration.php'); ?>
<?php
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
  $insertSQL = sprintf("INSERT INTO ratings (name, email, appearance, communication, ease, reliability, comments) VALUES (%s, %s, %s, %s, %s, %s, %s)",
                       GetSQLValueString($_POST['name'], "text"),
                       GetSQLValueString($_POST['email'], "text"),
                       GetSQLValueString($_POST['appearance'], "int"),
                       GetSQLValueString($_POST['communication'], "int"),
                       GetSQLValueString($_POST['ease'], "int"),
                       GetSQLValueString($_POST['reliability'], "int"),
                       GetSQLValueString($_POST['comments'], "text"));

  mysql_select_db($database_Registration, $Registration);
  $Result1 = mysql_query($insertSQL, $Registration) or die(mysql_error());

  $insertGoTo = "ratings.php";
  if (isset($_SERVER['QUERY_STRING'])) {
    $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
    $insertGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $insertGoTo));
}

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
  $insertSQL = sprintf("INSERT INTO ratings (name, email, appearance, communication, ease, reliability, comments) VALUES (%s, %s, %s, %s, %s, %s, %s)",
                       GetSQLValueString($_POST['name'], "text"),
                       GetSQLValueString($_POST['email'], "text"),
                       GetSQLValueString($_POST['appearance'], "int"),
                       GetSQLValueString($_POST['communication'], "int"),
                       GetSQLValueString($_POST['ease'], "int"),
                       GetSQLValueString($_POST['reliability'], "int"),
                       GetSQLValueString($_POST['comments'], "text"));

  mysql_select_db($database_Registration, $Registration);
  $Result1 = mysql_query($insertSQL, $Registration) or die(mysql_error());
}

mysql_select_db($database_Registration, $Registration);
$query_Recordset1 = "SELECT name, email, appearance, communication, ease, reliability, comments FROM ratings";
$Recordset1 = mysql_query($query_Recordset1, $Registration) or die(mysql_error());
$row_Recordset1 = mysql_fetch_assoc($Recordset1);
$totalRows_Recordset1 = mysql_num_rows($Recordset1);
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>DateRateNow.com | Ratings</title>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<link rel="stylesheet" media="screen,projection" type="text/css" href="css/main.css" />
<!--[if lte IE 6]><link rel="stylesheet" type="text/css" href="css/main-msie.css" /><![endif]-->
<link rel="stylesheet" media="screen,projection" type="text/css" href="css/scheme.css" />
<link rel="stylesheet" media="print" type="text/css" href="css/print.css" />
</head>
<body>
<div id="main">
  <div id="header">
<a href="ratings.php"><img src="design/logo.png"></a>

&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;


<script type="text/javascript"><!--
google_ad_client = "pub-4898832998962019";
/* 468x60, created 11/6/10 */
google_ad_slot = "9173704282";
google_ad_width = 468;
google_ad_height = 60;
//-->
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>



    <hr class="noscreen" /><br>
    <hr class="noscreen" />
  </div>

  <div id="cols" class="box">
    <div id="content">

<h1 id="title">
<a href="ratings.php">Ratings</a> - 
<a href="about.php">About Us</a>
</h1>


      <div id="perex" class="box">

        <p>

<h3>Post a Date!</h3>


    <form method="post" name="form1" action="<?php echo $editFormAction; ?>">
        <table width="394" height="303" align="center">
          <tr valign="baseline">
            <td height="24" align="right" nowrap>Full Name:</td>
            <td><input type="text" name="name" value="" size="32"></td>
          </tr>
          <tr valign="baseline">
            <td height="27" align="right" nowrap>Friend's Email:</td>
            <td><input type="text" name="email" value="" size="32"></td>
          </tr>
          <tr valign="baseline">
            <td height="32" align="right" nowrap>Appearance:</td>
            <td valign="baseline"><table width="212">
              <tr>
                <td width="51"><input type="radio" name="reliability" value="1" />
                  1</td>
                <td width="48"><input type="radio" name="reliability" value="2" />
                  2</td>
                <td width="51"><input type="radio" name="reliability" value="3" />
                  3</td>
                <td width="51"><input type="radio" name="reliability" value="4" />
                  4</td>
                <td width="63"><input type="radio" name="reliability" value="5" />
                  5</td>
              </tr>
            </table></td>
          </tr>
          <tr valign="baseline">
            <td height="33" align="right" nowrap>Communication:</td>
            <td valign="baseline"><table width="212">
              <tr>
                <td width="51"><input type="radio" name="reliability" value="1">
                1</td>
                <td width="48"><input type="radio" name="reliability" value="2" />
                2</td>
                <td width="51"><input type="radio" name="reliability" value="3" />
                3</td>
                <td width="51"><input type="radio" name="reliability" value="4" />
                4</td>
                <td width="63"><input type="radio" name="reliability" value="5" />
                5</td>
              </tr>
            </table></td>
          </tr>
          <tr valign="baseline">
            <td height="32" align="right" nowrap>Ease:</td>
            <td valign="baseline"><table width="212">
                <tr>
                  <td width="46"><input type="radio" name="reliability" value="1">
                  1</td>
                  <td width="44"><input type="radio" name="reliability" value="2" />
                  2</td>
                  <td width="46"><input type="radio" name="reliability" value="3" />
                  3</td>
                  <td width="43"><input type="radio" name="reliability" value="4" />
                  4</td>
                  <td width="53"><input type="radio" name="reliability" value="5" />
                  5</td>
                </tr>
              </table></td>
          </tr>
          <tr valign="baseline">
            <td height="36" align="right" nowrap>Reliability:</td>
            <td valign="baseline"><table width="212">
                <tr>
                  <td width="46"><input type="radio" name="reliability" value="1" >
                  1</td>
                  <td width="44"><input type="radio" name="reliability" value="2" />
2</td>
                  <td width="46"><input type="radio" name="reliability" value="3" />
3</td>
                  <td width="45"><input type="radio" name="reliability" value="4" />
4</td>
                  <td width="52"><input type="radio" name="reliability" value="5" />
5</td>
                </tr>

            </table></td>
          </tr>
          <tr valign="baseline">
            <td height="30" align="right" nowrap>Comments:</td>
            <td><textarea name="comments" cols="32"></textarea></td>
          </tr>
          <tr valign="baseline">
            <td nowrap align="right">&nbsp;</td>
            <td><input type="submit" value="POST!"></td>
          </tr>
        </table>
        <input type="hidden" name="MM_insert" value="form1">
      </form>
<div>

</div></p>


  </div>
     <br />
      <div class="box"> <span class="f-right"><!-- <a href="http://www.dateratenow.com/" class="button">Button</a> --></span></div>
      <hr class="noscreen" />
    </div>

    <div id="aside">

<center>

<script type="text/javascript"><!--
google_ad_client = "pub-4898832998962019";
/* 200x200, created 11/6/10 */
google_ad_slot = "3302337412";
google_ad_width = 200;
google_ad_height = 200;
//-->
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>

<br></center>

      <!-- <h4>Links</h4> -->
      <ul class="nav">
        <!-- <li class="nav-active"><a href="http://www.facebook.com/">Facebook</a></li> -->


      </ul>

     
      <hr class="noscreen" />
    </div>
  </div>
  <div id="footer" class="box">
    <p class="f-right">&copy;&nbsp;2010 <a href="http://www.dateratenow.com/">Dateratenow.com</a> Designed by <a href="http://www.abinweb.com/">Rachid</a></p>

    <hr class="noscreen" />
    <p><a href="contactus.php">Contact</a> | <a href="terms.php"> Terms</a></p>
  </div>
</div>
</body>
</html>