Hi guys,

I have a problem which has been sticking with me for 2 weeks now, I haven't found any solution so I decided i will start my own thread.

The problem:

I want to implement my calendar.php into my book.php . However everytime i try i get a blank screen on my localhost:8080/start/booking/book.php or it just wont insert the data into the database.

The files:

book.php


<?php
echo "<h1>book</h1>";

$submit = $_POST['submit'];
//form data

$fullname = strip_tags($_POST['fullname']);
$service = strip_tags($_POST['service']);
$address = strip_tags($_POST['address']);
$veichle = strip_tags($_POST['veichle']);
$date = date ("Y-m-d");

if ($submit)
{
//check for existance
if ($fullname&&$service&&$address&&$veichle)
{


//register the user!

//encrypt password
// $password = md5($password);
// $repeatpassword = md5($repeatpassword);

//open our database
$connect = mysql_connect ("localhost", "root", "");
mysql_select_db("autoservice"); //select database
$queryreg = mysql_query("
INSERT INTO booking VALUES ('','$fullname','$service','$address','$veichle','$date')
");

die ("You have been registered! <a href='index.php'> Return to login page</a>");
}
}



else {
echo "Please fill in <b>all</b> fields!";
}

?>
<html>
<p>
<form action='book.php' method='POST'>
<table>
<tr>
<td>
Your full name:

</td>
<td>
<input type='text' name='fullname'>
</td>
</tr>
<tr>
<td>
Choose a service:

</td>
<td>
<input type='text' name='service'>
</td>
</tr>
<tr>
<td>
Address:

</td>
<td>
<input type='text' name='address'>
</td>
</tr>
<tr>
<td>
Veichle:

</td>
<td>
<input type='text' name='veichle'>
</td>
</tr>
</table>
<p>
<input type='submit' name='submit' value='Register'>

</form>





</html>


Calendar.php

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Bookings</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<script type="text/javascript" src="calendarDateInput.js">

/***********************************************
* Jason's Date Input Calendar- By Jason Moon http://calendar.moonscript.com/dateinput.cfm
* Script featured on and available at http://www.dynamicdrive.com
* Keep this notice intact for use.
***********************************************/

</script>
</head>
<body>
<?php
$DBConnect = @mysql_connect("localhost", "root");
if (!$DBConnect)
{die("<p>The database server is not available</p>");
}

$dbselect = @mysql_select_db("autoservice");

if (!$dbselect){
die("<p>The database is not available</p>");
}

$inp = $_POST['date']; // Get the textbox that holds the date
$table_name='booking'; // Set the name of your table
$col_name = 'fromdate'; // Set the column that will hold the dates

if(isset($_POST['submit']))
{
$sQuery = "INSERT INTO $table_name($col_name) VALUES ('($inp)')"; // Insert query
//This function encodes will change any type of date and format it to (YYYY-mm-dd) and will store the date into mysql table
function encodeDate ($inp) {
$tab = explode ("-", $inp);
$r = $tab[2]."-".$tab[1]."-".$tab[0];
return $r;
}
mysql_query($sQuery) or die(mysql_error()); // Do the query
}


?>

<form method="POST" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<script>DateInput('date', true, 'YYYY-MM-DD')</script>
<input type="submit" name="submit" value="Submit">
</form>

</body>
</html>


More info:

The files work fine when testing them each seperately.
I also appreciate any help :D please dont spam this thread i.e "Do it yourself" as I said i have been looking for 2 weeks.


Thank you :)

Just one quick note about (one of the) scripts you posted.

This line (from the second)


<form method="POST" action="<?php echo $_SERVER['PHP_SELF']; ?>">
is dangerous as it leaves you open to XSS attack.

Use this instead


<form method="POST" action="<?php echo esc_url( $_SERVER['PHP_SELF'] ); ?>">

Correct me if I'm wrong
Keyboard1333

Just one quick note about (one of the) scripts you posted.

This line (from the second)


<form method="POST" action="<?php echo $_SERVER['PHP_SELF']; ?>">
is dangerous as it leaves you open to XSS attack.

Use this instead


<form method="POST" action="<?php echo esc_url( $_SERVER['PHP_SELF'] ); ?>">

Correct me if I'm wrong
Keyboard1333

Thanks for the note.

I'm not entirely sure how you want to combine them- do you want to put the "Jason's input date..." thing in the original form?

Is there are a reason you need the user to input the date? If you are just looking to store the date that the user submits the form, you can use the php date() function.

Please clarify what it is you want to accomplish here.

On an unrelated note, your original form has some issues. "book.php" should function in the following order:

1) Check if any post data is sent
2) If so, evaluate post data, if not proceed to page

Like this:


<?php
if (count($_POST) > 0) {
// Evaluate form data here
}
?><!DOCTYPE html>
<html>
... rest of page goes here
</html>

Also your PHP code is outputting HTML data before your first <html> tag. What you should do instead is this:


if ($fullname && $service && $address && $veichle) {
// ...Do database stuff
$message = "You have been registered... etc.";
}

And further down your page, somewhere in your body:

<?php
if (isset($message)) echo "<div>$message</div>";
?>

I'm not entirely sure how you want to combine them- do you want to put the "Jason's input date..." thing in the original form?

Is there are a reason you need the user to input the date? If you are just looking to store the date that the user submits the form, you can use the php date() function.

Please clarify what it is you want to accomplish here.

Hi mburt,

Thanks for you great answers! Sorry i didn't explain my aim.

My aim:

I want to create an appointment page for my client so his customers can book a date for an appointment (that is the purpose of the calendar).

So i basically need help by putting all this code into 1 file, so it should be like this:

Full name:
Service:
Address:
Veichle:
[The calendar]
Submit button

The problem is I have the calendar in 1 file and the rest (full name,service e.t.c) in another file. I need them both in 1 file. :) hope you got that :D

Look back at this line in the "book.php":


INSERT INTO booking VALUES ('','$fullname','$service','$address','$veichle','$date')");

Does $date need to be the inputted date by the user?

And one more thing... Do you mean "vehicle" every time "veichle" is written there?

Look back at this line in the "book.php":


INSERT INTO booking VALUES ('','$fullname','$service','$address','$veichle','$date')");

Does $date need to be the inputted date by the user?

And one more thing... Do you mean "vehicle" every time "veichle" is written there?

For the "$date" no it shouldn't be inputted by the user the form automatically sents the date of submission into my database.

And for the "veichle" yes the person has to type in their veichle company.

I know this sound stupid but im going to change this later ;)

IMPORTANT
One other quick note -
You should never post your database connection details online



$DBConnect = @mysql_connect("localhost", "*****");
if (!$DBConnect)
{die("<p>The database server is not available</p>");
}


do that instead

You'll have to change it back after someone's answered the question, but it will stop other people from accessing your database.

So where does the inputted date go? Which column is it in your database?

This script combines both of those things, however, in the mysql_query the inputted date is NOT included:


<?php
if (count($_POST) > 0) {
function s($x) { return strip_tags(stripslashes($_POST[$x])); }
$fullname = s("fullname"); $service = s("service");
$address = s("address"); $vehicle = s("vehicle");
$date = date("Y-m-d");
$input_date = s("date"); // this is the user inputted appointment date
if ($fullname && $service && $address && $vehicle && $date) {
mysql_connect("localhost", "root", "");
mysql_select_db("autoservice");
mysql_query("INSERT INTO booking VALUES('', '$fullname', '$service', '$address', '$vehicle', '$date')");
mysql_close();
$message = "You have been registered! <a href=\"index.php\"> Return to login page</a>";
} else $message = "Please fill in <b>all</b> fields";
}
?><!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Book an Appointment</title>
<style type="text/css">
.row { margin-bottom: 5px; }
.field { float: left; width: 150px; }
.clear { clear: left; }
.message { color: red; }
</style>
<script type="text/javascript" src="calendarDateInput.js">
/***********************************************
* Jason's Date Input Calendar- By Jason Moon http://calendar.moonscript.com/dateinput.cfm
* Script featured on and available at http://www.dynamicdrive.com
* Keep this notice intact for use.
***********************************************/
</script>
</head>
<body>
<form action="book.php" method="post">
<div class="row">
<div class="field">Your full name:</div>
<div class="field"><input name="fullname"></div>
<div class="clear"></div>
</div>
<div class="row">
<div class="field">Choose a service:</div>
<div class="field"><input name="service"></div>
<div class="clear"></div>
</div>
<div class="row">
<div class="field">Address:</div>
<div class="field"><input name="address"></div>
<div class="clear"></div>
</div>
<div class="row">
<div class="field">Vehicle:</div>
<div class="field"><input name="vehicle"></div>
<div class="clear"></div>
</div>
<div class="row">
<div class="field">Date:</div>
<div class="field"><script type="text/javascript">DateInput('date', true, 'YYYY-MM-DD')</script></div>
<div class="clear"></div>
</div>
<div class="row">
<div class="field">&nbsp;</div>
<div class="field"><input type="submit" value="Register!"></div>
<div class="clear"></div>
</div>
</form><?php
if (isset($message)) echo "\n <div class=\"message\">$message</div>";
?>
</body>
</html>

You need to figure out which field the inputted date (appointment date) goes into, then I can update it appropriately.

There's another small problem with this as well, but it's a bit more complex. Once submits this form and creates an appointment, the same page is loaded again. Someone could just press refresh and enter the data in your database again.

There needs to be some condition so that after the form is sent, it can't be sent again (unless you don't care about that).

This will require more validation on the database end, eg. if a user is registered, limit a user to one appointment until that appointment has ended (logical).

But if this type of page is available to unregistered users, then there is no way of validating it.

It's kind of complicated but we'll need more information about the structure of your database if you wish to make it more secure.

IMPORTANT
One other quick note -
You should never post your database connection details online



$DBConnect = @mysql_connect("localhost", "*****");
if (!$DBConnect)
{die("<p>The database server is not available</p>");
}


do that instead

You'll have to change it back after someone's answered the question, but it will stop other people from accessing your database.

Thank for pointing this out, however i was going to call another php file with the db details in them.


@mburt

The column which the appointment date goes into is "fromdate" (without ""). The "$date" goes into a column called "date" but it isn't inputted by the user it is automatically inputted into the database when the user presses submit.


Thank youu again both of you! I really appreciate your kind help:)

There's another small problem with this as well, but it's a bit more complex. Once submits this form and creates an appointment, the same page is loaded again. Someone could just press refresh and enter the data in your database again.

There needs to be some condition so that after the form is sent, it can't be sent again (unless you don't care about that).

This will require more validation on the database end, eg. if a user is registered, limit a user to one appointment until that appointment has ended (logical).

But if this type of page is available to unregistered users, then there is no way of validating it.

It's kind of complicated but we'll need more information about the structure of your database if you wish to make it more secure.

Nice point, i already have a built in login system and I can restrict pages to users who are not logged in. And this "booking page" is only available to logged in users, but I have no clue of restricting the user to another appointment until the last one has finished. ("This will require more validation on the database end, eg. if a user is registered, limit a user to one appointment until that appointment has ende") .


Thank You mate :)

Hi mburt & keyboard,

I managed to edit your code a llittle and the booking works fine now! I can't express how much i thank you and keyboard for your support :) .

However I have another question :confused: , how can I generate a unique user id? because on the form I want 1 submisssion per account. I wasn't sure if I should create another thread on this question so I posted it here :cool: .

Thank you guys!

You can use uniqueid -



<?php
uniqid(prefix,more_entropy)
?>


Check out this (http://www.w3schools.com/PHP/func_misc_uniqid.asp) website for an explanation

Then I'd suggest that when you generate a uniqueid you also check if its been already used.




$uniqeid = uniqid(prefix,true)
$query = mysql_query("SELECT * FROM tablename WHERE fieldwithuniqueid='$uniqueid'") or die(mysql_error());
$num_rows = mysql_num_rows($query);
if($num_rows != 0) {
Here
}


I'm not sure where to go from Here. Any help anyone else?

Well, if it's only for registered users, make a new column (you can call it "appointment_made" or something) in your DB. When the user submits the form, insert any value in the new column (eg. "1"), and then make an if statement to control it in the PHP side of the form:


if (whatever column is empty...) {
// execute code
}

Pretty simple if the appointment page is only usable by logged in members.

EDIT: This system is also good too, because once a users appointment is over, you can clear the "appointment_made" field to blank, then the user can use the form again. @Autoservice if you need this coded for you, just let me know.

Hi mburt & keyboard,

Thanks again for your great help but I got a little stuck on the code keyboard showed me, "<?php
uniqid(prefix,more_entropy)
?>" do I put this code in my register form?

and also do I put this code in the appointment page? "$uniqeid = uniqid(prefix,true)
$query = mysql_query("SELECT * FROM tablename WHERE fieldwithuniqueid='$uniqueid'") or die(mysql_error());
$num_rows = mysql_num_rows($query);
if($num_rows != 0) {
Here
}" Im sorry with my "noobish" questions :D im kind of new to php but I am finding great people in this forum and I am also learning alo't :) .

Again thank you for both your help!

____Autoservice.