calumogg
10-18-2007, 02:46 PM
Hi, I have been updating my site to PHP and during this process I have merged my html and PHP files, but I am having a slight problem. On my guest book for example when I go on the add page it automatically reloads to the view page (a separate file) I know this is happening because all the code is in one page and when the page loads it will run the script, but how can I get the script to run only when the user click continue? Or will I have to separate all my files again?
Here is the code I am using:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="author" content="Calum Ogg">
<meta name="keywords" content="Calum Ogg's Photography, Calum Ogg, Calum, Ogg, Calum's Photos, Calums Pics, Photography, Photos, Pics, Digital photography, images, imaging, Landscapes, Panoramas, Panoramic photography, Views, Camera, Cameras,">
<meta name="robots" content="index, follow">
<meta name="description" content="Calum Ogg's Photography, a selection of my best photography. ">
<title>Calum Ogg's Photography - Guestbook |</title>
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
<script type="text/javascript">
_uacct = "UA-755937-1";
urchinTracker();
</script>
<script type="text/javascript" src="../res/js/SpryValidationTextField.js"></script>
<script type="text/javascript" src="../res/js/SpryValidationTextarea.js"></script>
<link href="../res/css/styles.css" rel="stylesheet">
<link href="../res/css/SpryValidationTextarea.css" rel="stylesheet">
<link href="../res/css/SpryValidationTextField.css" rel="stylesheet">
</head>
<body>
<table width="800" border="2" align="center" cellpadding="5" cellspacing="0" bordercolor="#333333" bgcolor="#999999">
<tr>
<td><?php require_once '../include/menu.php'; ?>
<p align="center" class="text"><span class="title">Guest Book</span></p>
<p align="center" class="text">Welcome to the guestbook, please leave me a comment letting me know what you think of the photography on my site, or the site itself. Or if you have a question, use the contact page and send me a message. Thanks for taking the time to leave a message.</p>
<p align="center" class="text">Or you can <a href="view.php" class="link">View the Guestbook</a></p>
<form name="guestbook" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<table width="72%" border="0" align="center" cellpadding="3" cellspacing="1">
<tr>
<td width="117">Name</td>
<td width="14">:</td>
<td width="357"><input name="name" type="text" class="text" id="name" size="40" /></td>
</tr>
<tr>
<td>Email</td>
<td>:</td>
<td><input name="email" type="text" id="email" size="40" /></td>
</tr>
<tr>
<td valign="top"><p>Comment</p>
<p>(Max. 500 characters)</p></td>
<td valign="top">:</td>
<td><textarea name="comment" cols="40" rows="3" id="comment"></textarea></td>
</tr>
<tr>
<td colspan="3"><div align="center">
<input type="submit" name="Submit" value="Add Comment" />
<input type="reset" name="Submit2" value="Reset" />
</div></td>
</tr>
</table>
</form>
<?php require_once '../include/footer.php'; ?></td>
</tr>
</table>
<script type="text/javascript">
var name = new Spry.Widget.ValidationTextField("name", "none", {regExpFilter:/^[^\'"\*]{0,15}$/, validateOn:["blur"]});
var email = new Spry.Widget.ValidationTextField("email", "email", {validateOn:["blur"]});
var comment = new Spry.Widget.ValidationTextarea("comment", {useCharacterMasking:true, maxChars:500, counterType:"chars_count", counterId:"Countvalidta1", validateOn:["blur"]});
</script>
</body>
</html>
<?php
$host="******"; // Host name
$username="******"; // Mysql username
$password="******"; // Mysql password
$db_name="******"; // Database name
$tbl_name="******"; // Table name
// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect server ");
mysql_select_db("$db_name")or die("cannot select DB");
$datetime=date("d/m/y"); //date
$ip = $_SERVER['REMOTE_ADDR']; //IP address
$name = $_POST["name"];
$email = $_POST["email"];
$comment = $_POST["comment"];
// Attempt to defend against header injections:
$badStrings = array("Content-Type:", "MIME-Version:", "Content-Transfer-Encoding:", "to:", "bcc:", "cc:", "text/html", "charset", "/HTML", "X-Postfix-Sender", "Final-Recipient:", "X-Original-To:", "a href");
// Loop through each POST'ed value and test if it contains
// one of the $badStrings:
foreach($_POST as $k => $v){
foreach($badStrings as $v2){
if(strpos($v, $v2) !== false){
logBadRequest();
header("HTTP/1.0 403 Forbidden");
exit;
}
}
}
// Made it past spammer test, free up some memory
// and continue rest of script:
unset($k, $v, $v2, $badStrings, $authHosts, $fromArray, $wwwUsed);
$sql="INSERT INTO $tbl_name(name, ip, email, comment, datetime)VALUES('$name', '$ip', '$email', '$comment', '$datetime')";
$result=mysql_query($sql);
$mailto="******"; //send mail to
$subject="$name has signed your guestbook"; // subject
$messagebody="$name signed your guestbook on $datetime with the following comment:
$comment
";
mail("$mailto", "$subject", "$messagebody", "From: $email");
//check if query successful
if($result){
echo "<meta http-equiv=\"Refresh\" content=\"0;url=view.php\">";
echo "<link href=\"../res/css/styles.css\" rel=\"stylesheet\" type=\"text/css\" />";
echo "<table width=\"800\" border=\"2\" align=\"center\" cellpadding=\"10\" cellspacing=\"0\" bordercolor=\"#333333\" bgcolor=\"#999999\">";
echo " <tr>";
echo " <td><div align=\"center\" class=\"text\">";
echo " <p>Adding entry... Please Wait</p>";
echo " <p><img src=\"../res/loading.gif\" width=\"126\" height=\"22\" /></p>";
echo " </div></td>";
echo " </tr>";
echo "</table>";
}
else {
echo "<meta http-equiv=\"Refresh\" content=\"0;url=view.php\">";
echo "<link href=\"../res/css/styles.css\" rel=\"stylesheet\" type=\"text/css\" />";
echo "<table width=\"800\" border=\"2\" align=\"center\" cellpadding=\"10\" cellspacing=\"0\" bordercolor=\"#333333\" bgcolor=\"#999999\">";
echo " <tr>";
echo " <td><div align=\"center\" class=\"text\">";
echo " <p>There has been an error please go back and try again</p>";
echo " </div></td>";
echo " </tr>";
echo "</table>";
}
mysql_close();
?>
Thanks in advance for any info
Here is the code I am using:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="author" content="Calum Ogg">
<meta name="keywords" content="Calum Ogg's Photography, Calum Ogg, Calum, Ogg, Calum's Photos, Calums Pics, Photography, Photos, Pics, Digital photography, images, imaging, Landscapes, Panoramas, Panoramic photography, Views, Camera, Cameras,">
<meta name="robots" content="index, follow">
<meta name="description" content="Calum Ogg's Photography, a selection of my best photography. ">
<title>Calum Ogg's Photography - Guestbook |</title>
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
<script type="text/javascript">
_uacct = "UA-755937-1";
urchinTracker();
</script>
<script type="text/javascript" src="../res/js/SpryValidationTextField.js"></script>
<script type="text/javascript" src="../res/js/SpryValidationTextarea.js"></script>
<link href="../res/css/styles.css" rel="stylesheet">
<link href="../res/css/SpryValidationTextarea.css" rel="stylesheet">
<link href="../res/css/SpryValidationTextField.css" rel="stylesheet">
</head>
<body>
<table width="800" border="2" align="center" cellpadding="5" cellspacing="0" bordercolor="#333333" bgcolor="#999999">
<tr>
<td><?php require_once '../include/menu.php'; ?>
<p align="center" class="text"><span class="title">Guest Book</span></p>
<p align="center" class="text">Welcome to the guestbook, please leave me a comment letting me know what you think of the photography on my site, or the site itself. Or if you have a question, use the contact page and send me a message. Thanks for taking the time to leave a message.</p>
<p align="center" class="text">Or you can <a href="view.php" class="link">View the Guestbook</a></p>
<form name="guestbook" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<table width="72%" border="0" align="center" cellpadding="3" cellspacing="1">
<tr>
<td width="117">Name</td>
<td width="14">:</td>
<td width="357"><input name="name" type="text" class="text" id="name" size="40" /></td>
</tr>
<tr>
<td>Email</td>
<td>:</td>
<td><input name="email" type="text" id="email" size="40" /></td>
</tr>
<tr>
<td valign="top"><p>Comment</p>
<p>(Max. 500 characters)</p></td>
<td valign="top">:</td>
<td><textarea name="comment" cols="40" rows="3" id="comment"></textarea></td>
</tr>
<tr>
<td colspan="3"><div align="center">
<input type="submit" name="Submit" value="Add Comment" />
<input type="reset" name="Submit2" value="Reset" />
</div></td>
</tr>
</table>
</form>
<?php require_once '../include/footer.php'; ?></td>
</tr>
</table>
<script type="text/javascript">
var name = new Spry.Widget.ValidationTextField("name", "none", {regExpFilter:/^[^\'"\*]{0,15}$/, validateOn:["blur"]});
var email = new Spry.Widget.ValidationTextField("email", "email", {validateOn:["blur"]});
var comment = new Spry.Widget.ValidationTextarea("comment", {useCharacterMasking:true, maxChars:500, counterType:"chars_count", counterId:"Countvalidta1", validateOn:["blur"]});
</script>
</body>
</html>
<?php
$host="******"; // Host name
$username="******"; // Mysql username
$password="******"; // Mysql password
$db_name="******"; // Database name
$tbl_name="******"; // Table name
// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect server ");
mysql_select_db("$db_name")or die("cannot select DB");
$datetime=date("d/m/y"); //date
$ip = $_SERVER['REMOTE_ADDR']; //IP address
$name = $_POST["name"];
$email = $_POST["email"];
$comment = $_POST["comment"];
// Attempt to defend against header injections:
$badStrings = array("Content-Type:", "MIME-Version:", "Content-Transfer-Encoding:", "to:", "bcc:", "cc:", "text/html", "charset", "/HTML", "X-Postfix-Sender", "Final-Recipient:", "X-Original-To:", "a href");
// Loop through each POST'ed value and test if it contains
// one of the $badStrings:
foreach($_POST as $k => $v){
foreach($badStrings as $v2){
if(strpos($v, $v2) !== false){
logBadRequest();
header("HTTP/1.0 403 Forbidden");
exit;
}
}
}
// Made it past spammer test, free up some memory
// and continue rest of script:
unset($k, $v, $v2, $badStrings, $authHosts, $fromArray, $wwwUsed);
$sql="INSERT INTO $tbl_name(name, ip, email, comment, datetime)VALUES('$name', '$ip', '$email', '$comment', '$datetime')";
$result=mysql_query($sql);
$mailto="******"; //send mail to
$subject="$name has signed your guestbook"; // subject
$messagebody="$name signed your guestbook on $datetime with the following comment:
$comment
";
mail("$mailto", "$subject", "$messagebody", "From: $email");
//check if query successful
if($result){
echo "<meta http-equiv=\"Refresh\" content=\"0;url=view.php\">";
echo "<link href=\"../res/css/styles.css\" rel=\"stylesheet\" type=\"text/css\" />";
echo "<table width=\"800\" border=\"2\" align=\"center\" cellpadding=\"10\" cellspacing=\"0\" bordercolor=\"#333333\" bgcolor=\"#999999\">";
echo " <tr>";
echo " <td><div align=\"center\" class=\"text\">";
echo " <p>Adding entry... Please Wait</p>";
echo " <p><img src=\"../res/loading.gif\" width=\"126\" height=\"22\" /></p>";
echo " </div></td>";
echo " </tr>";
echo "</table>";
}
else {
echo "<meta http-equiv=\"Refresh\" content=\"0;url=view.php\">";
echo "<link href=\"../res/css/styles.css\" rel=\"stylesheet\" type=\"text/css\" />";
echo "<table width=\"800\" border=\"2\" align=\"center\" cellpadding=\"10\" cellspacing=\"0\" bordercolor=\"#333333\" bgcolor=\"#999999\">";
echo " <tr>";
echo " <td><div align=\"center\" class=\"text\">";
echo " <p>There has been an error please go back and try again</p>";
echo " </div></td>";
echo " </tr>";
echo "</table>";
}
mysql_close();
?>
Thanks in advance for any info