Page 2 of 2 FirstFirst 12
Results 11 to 17 of 17

Thread: Please can someone help me implement this script into another script?

  1. #11
    Join Date
    Jul 2006
    Location
    Canada
    Posts
    2,581
    Thanks
    13
    Thanked 28 Times in 28 Posts

    Default

    There's another small problem with this as well, but it's a bit more complex. Once submits this form and creates an appointment, the same page is loaded again. Someone could just press refresh and enter the data in your database again.

    There needs to be some condition so that after the form is sent, it can't be sent again (unless you don't care about that).

    This will require more validation on the database end, eg. if a user is registered, limit a user to one appointment until that appointment has ended (logical).

    But if this type of page is available to unregistered users, then there is no way of validating it.

    It's kind of complicated but we'll need more information about the structure of your database if you wish to make it more secure.
    - Mike

  2. The Following User Says Thank You to mburt For This Useful Post:

    Autoservice (04-03-2012)

  3. #12
    Join Date
    Apr 2012
    Posts
    12
    Thanks
    9
    Thanked 0 Times in 0 Posts

    Default

    Quote Originally Posted by keyboard1333 View Post
    IMPORTANT
    One other quick note -
    You should never post your database connection details online


    Code:
    $DBConnect = @mysql_connect("localhost", "*****");
    if (!$DBConnect)
      {die("<p>The database server is not available</p>");
      }
    do that instead

    You'll have to change it back after someone's answered the question, but it will stop other people from accessing your database.
    Thank for pointing this out, however i was going to call another php file with the db details in them.


    @mburt

    The column which the appointment date goes into is "fromdate" (without ""). The "$date" goes into a column called "date" but it isn't inputted by the user it is automatically inputted into the database when the user presses submit.


    Thank youu again both of you! I really appreciate your kind help
    Last edited by Autoservice; 04-03-2012 at 08:51 PM.

  4. #13
    Join Date
    Apr 2012
    Posts
    12
    Thanks
    9
    Thanked 0 Times in 0 Posts

    Default

    Quote Originally Posted by mburt View Post
    There's another small problem with this as well, but it's a bit more complex. Once submits this form and creates an appointment, the same page is loaded again. Someone could just press refresh and enter the data in your database again.

    There needs to be some condition so that after the form is sent, it can't be sent again (unless you don't care about that).

    This will require more validation on the database end, eg. if a user is registered, limit a user to one appointment until that appointment has ended (logical).

    But if this type of page is available to unregistered users, then there is no way of validating it.

    It's kind of complicated but we'll need more information about the structure of your database if you wish to make it more secure.
    Nice point, i already have a built in login system and I can restrict pages to users who are not logged in. And this "booking page" is only available to logged in users, but I have no clue of restricting the user to another appointment until the last one has finished. ("This will require more validation on the database end, eg. if a user is registered, limit a user to one appointment until that appointment has ende") .


    Thank You mate

  5. #14
    Join Date
    Apr 2012
    Posts
    12
    Thanks
    9
    Thanked 0 Times in 0 Posts

    Default

    Hi mburt & keyboard,

    I managed to edit your code a llittle and the booking works fine now! I can't express how much i thank you and keyboard for your support .

    However I have another question , how can I generate a unique user id? because on the form I want 1 submisssion per account. I wasn't sure if I should create another thread on this question so I posted it here .

    Thank you guys!

  6. #15
    Join Date
    Mar 2011
    Posts
    2,002
    Thanks
    59
    Thanked 107 Times in 105 Posts
    Blog Entries
    4

    Default

    You can use uniqueid -

    Code:
    <?php
    uniqid(prefix,more_entropy) 
    ?>
    Check out this website for an explanation

    Then I'd suggest that when you generate a uniqueid you also check if its been already used.


    Code:
    $uniqeid = uniqid(prefix,true) 
    $query = mysql_query("SELECT * FROM tablename WHERE fieldwithuniqueid='$uniqueid'") or die(mysql_error()); 
    $num_rows = mysql_num_rows($query);
    if($num_rows != 0) {
    Here
    }
    I'm not sure where to go from Here. Any help anyone else?

  7. The Following User Says Thank You to keyboard For This Useful Post:

    Autoservice (04-04-2012)

  8. #16
    Join Date
    Jul 2006
    Location
    Canada
    Posts
    2,581
    Thanks
    13
    Thanked 28 Times in 28 Posts

    Default

    Well, if it's only for registered users, make a new column (you can call it "appointment_made" or something) in your DB. When the user submits the form, insert any value in the new column (eg. "1"), and then make an if statement to control it in the PHP side of the form:

    Code:
    if (whatever column is empty...) {
      // execute code
    }
    Pretty simple if the appointment page is only usable by logged in members.

    EDIT: This system is also good too, because once a users appointment is over, you can clear the "appointment_made" field to blank, then the user can use the form again. @Autoservice if you need this coded for you, just let me know.
    - Mike

  9. The Following User Says Thank You to mburt For This Useful Post:

    Autoservice (04-04-2012)

  10. #17
    Join Date
    Apr 2012
    Posts
    12
    Thanks
    9
    Thanked 0 Times in 0 Posts

    Question

    Hi mburt & keyboard,

    Thanks again for your great help but I got a little stuck on the code keyboard showed me, "<?php
    uniqid(prefix,more_entropy)
    ?>" do I put this code in my register form?

    and also do I put this code in the appointment page? "$uniqeid = uniqid(prefix,true)
    $query = mysql_query("SELECT * FROM tablename WHERE fieldwithuniqueid='$uniqueid'") or die(mysql_error());
    $num_rows = mysql_num_rows($query);
    if($num_rows != 0) {
    Here
    }" Im sorry with my "noobish" questions im kind of new to php but I am finding great people in this forum and I am also learning alo't .

    Again thank you for both your help!

    ____Autoservice.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •