Sponsor
Now Playing
- Alix Perez – I'm Free 3 hours ago
- Alix Perez – Intersections 3 hours ago
- Alix Perez – Forsaken 3 hours ago
- Glen E Ston – Ouroboros (Original Mix) 3 hours ago
- Black Sun Empire – Everything 4 hours ago
Ultimate Guestbook Tutorial: How to build a Guestbook with a honeypot, error checking, IP banning, pagination, e-mail notification and smilies with PHP and mySQL
April 26, 2008,
47,482 views
So we have a nice looking form so far. But when you click on submit it does absolutely nothing but refresh the page. How useful! Lets start by checking the content. Making sure that the user submitted a name, a proper e-mail address and a message. We will then start putting some records into the database and then setup a honeypot.
1. Open up index.php and above the include(‘templates/skin.php’); line add:
if(isset($_POST['submit'])){
if(strlen($_POST['name']) == 0){
$error['name'] = 'Please enter your name';
}
if(strlen($_POST['email']) == 0){
$error['email'] = 'Please enter an e-mail address';
} else {
if(!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $_POST['email'])){
$error['email'] = 'Please enter a correct e-mail address';
}
}
if(strlen($_POST['message']) < 2){
$error['message'] = 'Please enter a message';
}
}
This is our error checking segment of the guestbook. I’ll explain what’s going on using the line numbers above.
1: This checks the POST array. This array (an array is a series of data, imagine an excel spreadsheet, this is a form of an array) is filled when someone sends form information or simply information from the browser to your webserver. In this case it sends information containing the data entered into the form. We created a submit button remember, this submit button contained a value that we specified, we now access this information with this line.
So after all of that. The first line checks to see if the POST variable of ‘submit’ has a value using the isset() function. This basically checks to see if the user has submitted the form, if they have, execute the following code, if not continue with the rest of the code outside of the brackets.
3: Line 3 does the same sort of thing. However it accesses the name variable and checks to see if the string length equals 0. If it does, then we can assume that no text was entered, and seeing as though this is a required field, we will flag it as an error. This happens in line 4, where we store some text into an array called $error using the variable called name.
Next we have:
if(!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $_POST['email'])){
$error['email'] = 'Please enter a correct e-mail address';
}
This uses regular expressions, which is basically a pattern matching tool in php, to determine if the supplied e-mail address is in fact an e-mail address.
15: This does the same as the name error checking, but instead of testing it for 0 we test it for under 2. We don’t want someone to just write us a single character, but we might just want to accept a simple ‘hi’. You can change this to a higher number if you want to restrict smaller messages.
If you don’t understand exactly what is happening above please read up on regular expressions or leave a comment below and i will get back to you. But anyhow lets keep going. Now that we have some error handling we want to be able to display these errors; if any happen to exist; we were smart enough to only show errors after someone submits the form, and not just when the page loads. The next page in the tutorial will cover showing these errors on the page, using our skin.php file.
Posted by VoiDeT –
60 Comments
Hello VOIDET
I spent last night going through this tutorial and it was great and informative.
One question I have is that I see your guestbook example has had some spambot action. Is this because there are new techniques that your tutorial doesn’t cover? I’d like to keep this kind of crap off my guest book if possible.
Thanks for your great tutorial and your feedback.
Best,
CGar
Hey Cgar,
This is both true and unfortunate.
I only taught one spam catching technique.
However more can be applied if need be. Generating a captcha form, or having an ip-ban with 30 day cool off period. Running known ip blocking from black lists.
The honey pot technique is just one! Surprisingly, it rejects quite alot!
Let me know if i can help you out further!
VoiDeT
Hi there,
A great tut! Im trying to put it on my site.
But there is one little problem. The honeypot.. when is add this link:
a new text field appears on my guestbook, while you where saying that it was hidden?
How is that possible?
Dennis
Hi there. Thanks for the great tut. Sorry…forgot to read the last side, as I didn’t used all of the tut for my guestbook at the moment. So I implemented the guestbook in my website without asking you first. And…I’m not completly ready, still working on some things as the honeypot and the pagination.
Hello VOIDET,
This is the best tutorial on the internet so far!
I’m stuck at stage 7 – 10,
it looked fine until stage 7 then the succes-message never showed up.
The IP thing didin’t work for me :/ so I jumped that part and now I’m trying to get the entries to work out, but it show me this message:
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in C:\xampp\htdocs\guestbook\templates\entries.php on line 6
do you have a idea of what’s wrong?
I would be happy for any help, just contact my email!
Regards Zime
@Zime:
Thanks a lot for the kind words.
That’s a shame that you can’t get the guestbook working. It looks as though your data isn’t being insert correctly. What you can do however is check your database for any records. If they aren’t in there then check what’s going on with data you’re inserting, and the insert commands.
If you do see the data in there, then check what’s happening when you try and retrieve the records.
I’m thinking i might rewrite this tutorial to use OOP with PHP5.
Or maybe save that for a whole new tutorial.
Hi
First great thanks to the author of this tutorial/workshop
Its working great. But there is only a single problem with the website links in the db entrys they re not working.
The link includes the hole file path i.e.(http://htdocs/mywebsite/www.pcsh.it) whats wrong?
thx in advance and best regards
Oli
THX a lot
love this tut
hey, where can i find the turtorial?
greetings
Dude, many thanks for this nice and clean tutorial. Took me about an hour to read it all up and add own commands.