What's wrong?
Code: Select all
<head>
<title>Jabben</title>
</head>
<?
// db info
$server = "localhost";
$user = "xxxx";
$password = "xxxx";
$dbname = "xxxx";
// ------
if((isset($comment)) && (!empty($comment))&& ($loggeduser != "Nickname") && (!empty($loggeduser))) {
$comment = stripslashes($comment);
$comment = htmlspecialchars($comment);
$comment = str_replace("\n","<br>",$comment);
@ $db = mysql_pconnect($server, $user, $password);
mysql_select_db($dbname);
$datestamp = date("Y-m-d H:i:s");
$htuser = $_SERVERї'PHP_AUTH_USER'];
$query = "INSERT INTO messages (poster,datestamp,message,ipaddress) VALUES('$htuser','$datestamp','$comment','$REMOTE_ADDR')";
$result = mysql_query($query);
}
$connection = mysql_connect($server,$user,$password);
$db = mysql_select_db($dbname, $connection);
$sql = "select * from messages order by id desc limit 30";
$result = mysql_query($sql, $connection);
while($res=mysql_fetch_array($result)) {
$dbcommentї]=$resї"message"];
$dbauthorї]=$resї"poster"];
$dbdatestampї]=$resї"datestamp"];
}
$loop = count($dbauthor);
?>
<table bgcolor="#000000" cellspacing="0" cellpadding="1" width="300" border="1" align="center">
<tr>
<td height="5"> <table bgcolor="#ffffff" cellspacing="0" cellpadding="2" width="300" border="0">
<tr>
<td><table width="300" border=0 align=center cellpadding=1 cellspacing=0 bordercolor="#A2C4FD">
<form id="twall" name="twall" action="index.php" method="post">
<tr>
<td align="center" bgcolor="#D2C8BD">
<div align="center">
<p><b> <font color="#000000">Jabben</font></b></p>
<table width="300" border="0" cellspacing="1">
<tr>
<td><b>Navn :</b></td>
<td>
<input type="text" size="30" maxlength="15" name="loggeduser" disabled value="<? echo $_SERVERї'PHP_AUTH_USER']; ?>">
</td>
</tr>
<tr>
<td><b>blah:</b></td>
<td>
<textarea cols="30" name="comment" rows="3" wrap="VIRTUAL"></textarea>
</td>
</tr>
<tr>
<td colspan="2">
<div align="center">
<input type="submit" name="Submit" value="Schmeck inn!">
</div>
</td>
</tr>
</table>
<p>&nbsp;</p>
</div>
</td>
</tr>
<tr>
<td> <table cellpadding=2 cellspacing=0 border=0 align="center" width="300">
<tr>
<td nowrap align=left width="210" class="datetxt"></td>
<td nowrap align=left></td>
</tr>
<? for($i=0;$i<$loop;$i++) {
if($i%2 == 0) { $tgwcolor = "#D2C8BD"; }
else { $tgwcolor = "#FFFFFF"; }
$dbcommentї$i] = ereg_replace ("<span style='color:blue' title='I'm naughty, are you naughty?'>smurf</span>", "^%&^$@#&", $dbcommentї$i]);
$dbcommentї$i] = ereg_replace ("<span style='color:blue' title='I'm naughty, are you naughty?'>smurf</span>", "^%&^$@#&", $dbcommentї$i]);
$dbcommentї$i] = ereg_replace ("ass", "^%&^$@#&", $dbcommentї$i]);
?>
<tr bgcolor="<?echo $tgwcolor;?>">
<td width="210" align=left nowrap class="datetxt">
<b><?echo $dbauthorї$i];?>
@
<?echo $dbdatestampї$i];?> </b>
</td>
<td align=left nowrap>
<p>
<? $dbcommentї$i] = wordwrap($dbcommentї$i], 20, "<br>", 1);
echo $dbcommentї$i]; ?></p>
</td>
</tr>
<? } ?>
</table></td>
</tr>
<tr>
<td> <table cellpadding=0 cellspacing=0 border=0 align="left" width="100%">
<tr>
<td colspan="2" bgcolor="#D2C8BD">
<div align="center"></div>
</td>
</tr>
<tr>
<td colspan=2><input name="image" type="image" value="images/pixel_black.gif" width="0" height="0"></td>
</tr>
</table></td>
</tr>
</form>
</table></td>
</tr>
</table></td>
</tr>
</table>