Please can someone help me implement this script into another script?

**mburt** · 04-03-2012, 12:56 AM

There's another small problem with this as well, but it's a bit more complex. Once submits this form and creates an appointment, the same page is loaded again. Someone could just press refresh and enter the data in your database again.

There needs to be some condition so that after the form is sent, it can't be sent again (unless you don't care about that).

This will require more validation on the database end, eg. if a user is registered, limit a user to one appointment until that appointment has ended (logical).

But if this type of page is available to unregistered users, then there is no way of validating it.

It's kind of complicated but we'll need more information about the structure of your database if you wish to make it more secure.

**Autoservice** · 04-03-2012, 12:59 PM

Originally Posted by keyboard1333

IMPORTANT
One other quick note -
You should never post your database connection details online

Code:

$DBConnect = @mysql_connect("localhost", "*****");
if (!$DBConnect)
  {die("<p>The database server is not available</p>");
  }

do that instead

You'll have to change it back after someone's answered the question, but it will stop other people from accessing your database.

Thank for pointing this out, however i was going to call another php file with the db details in them.

@mburt

The column which the appointment date goes into is "fromdate" (without ""). The "$date" goes into a column called "date" but it isn't inputted by the user it is automatically inputted into the database when the user presses submit.

Thank youu again both of you! I really appreciate your kind help

**Autoservice** · 04-03-2012, 01:04 PM

Originally Posted by mburt

There's another small problem with this as well, but it's a bit more complex. Once submits this form and creates an appointment, the same page is loaded again. Someone could just press refresh and enter the data in your database again.

There needs to be some condition so that after the form is sent, it can't be sent again (unless you don't care about that).

This will require more validation on the database end, eg. if a user is registered, limit a user to one appointment until that appointment has ended (logical).

But if this type of page is available to unregistered users, then there is no way of validating it.

It's kind of complicated but we'll need more information about the structure of your database if you wish to make it more secure.

Nice point, i already have a built in login system and I can restrict pages to users who are not logged in. And this "booking page" is only available to logged in users, but I have no clue of restricting the user to another appointment until the last one has finished. ("This will require more validation on the database end, eg. if a user is registered, limit a user to one appointment until that appointment has ende") .

Thank You mate

**Autoservice** · 04-03-2012, 08:50 PM

Hi mburt & keyboard,

I managed to edit your code a llittle and the booking works fine now! I can't express how much i thank you and keyboard for your support

.

However I have another question

, how can I generate a unique user id? because on the form I want 1 submisssion per account. I wasn't sure if I should create another thread on this question so I posted it here

.

Thank you guys!

**keyboard** · 04-03-2012, 09:32 PM

You can use uniqueid -

Code:

<?php
uniqid(prefix,more_entropy) 
?>

Check out this website for an explanation

Then I'd suggest that when you generate a uniqueid you also check if its been already used.

Code:

$uniqeid = uniqid(prefix,true) 
$query = mysql_query("SELECT * FROM tablename WHERE fieldwithuniqueid='$uniqueid'") or die(mysql_error()); 
$num_rows = mysql_num_rows($query);
if($num_rows != 0) {
Here
}

I'm not sure where to go from Here. Any help anyone else?

**mburt** · 04-03-2012, 10:07 PM

Well, if it's only for registered users, make a new column (you can call it "appointment_made" or something) in your DB. When the user submits the form, insert any value in the new column (eg. "1"), and then make an if statement to control it in the PHP side of the form:

Code:

if (whatever column is empty...) {
  // execute code
}

Pretty simple if the appointment page is only usable by logged in members.

EDIT: This system is also good too, because once a users appointment is over, you can clear the "appointment_made" field to blank, then the user can use the form again. @Autoservice if you need this coded for you, just let me know.

**Autoservice** · 04-04-2012, 12:18 AM

Hi mburt & keyboard,

Thanks again for your great help but I got a little stuck on the code keyboard showed me, "<?php
uniqid(prefix,more_entropy)
?>" do I put this code in my register form?

and also do I put this code in the appointment page? "$uniqeid = uniqid(prefix,true)
$query = mysql_query("SELECT * FROM tablename WHERE fieldwithuniqueid='$uniqueid'") or die(mysql_error());
$num_rows = mysql_num_rows($query);
if($num_rows != 0) {
Here
}" Im sorry with my "noobish" questions

im kind of new to php but I am finding great people in this forum and I am also learning alo't

.

Again thank you for both your help!

____Autoservice.

Thread: Please can someone help me implement this script into another script?

Thread Tools

Search Thread

The Following User Says Thank You to mburt For This Useful Post:

The Following User Says Thank You to keyboard For This Useful Post:

The Following User Says Thank You to mburt For This Useful Post:

Bookmarks

Bookmarks

Posting Permissions