Sponsor
Now Playing
- Alix Perez – I'm Free 3 hours ago
- Alix Perez – Intersections 3 hours ago
- Alix Perez – Forsaken 3 hours ago
- Glen E Ston – Ouroboros (Original Mix) 4 hours ago
- Black Sun Empire – Everything 4 hours ago
Ultimate Guestbook Tutorial: How to build a Guestbook with a honeypot, error checking, IP banning, pagination, e-mail notification and smilies with PHP and mySQL
April 26, 2008,
47,482 views
Let’s assume that we accidently made an error. The form still submits its information obviously, but when refreshed, none of the values are there! This is easily solved. What we will do is check each field for an error, and if there is an error, echo out a value for that particular field. We will do this, to show what we typed in before, as well as to highlight the field that requires attention!
So open up form.php and:
Replace:
<input type="text" name="name" />
With:
<input type="text" name="name"
<?php
if(isset($_POST['name'])){
echo 'value="'.stripslashes($_POST['name']).'"';
if(isset($error['name'])){
echo 'class="errorbg"';
}
}
?> />
True! It is very ugly now. But it works and looks fine. First it checks if the user has clicked on the submit button, by checking if there is a value for the submit post item. If the form was submitted then it shows the value in the field. The stripslashes function above is in case we have magic quotes turned on, which automatically escapes our strings for us, but when we return it we see alot of slashes, so with stripslashes we only show the slashes that we intended to show. Then we check to see if this field had an error in it, if it did then we assign it a CSS class, to make the field go yellow. The CSS i used is:
.errorbg {
background: #ffe958;
}
Now enter in the same code for e-mail, website and message. It may occur to you that we never checked the website field for any errors so we can leave out the error displaying segment of the code in this part. I will show you the entire code, just so i haven’t lost anyone:
Form.php:
<form name="guestbook" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" class="guestbookform">
<table width="100%" cellpadding="0" cellspacing="0" border="0">
<tr>
<td valign="top">Name:*</td>
<td valign="top"><input type="text" name="name"
<?php
if(isset($_POST['name'])){
echo 'value="'.stripslashes($_POST['name']).'"';
if(isset($error['name'])){
echo 'class="errorbg"';
}
}
?> /></td>
</tr>
<tr>
<td valign="top">E-Mail:*</td>
<td valign="top"><input type="text" name="email"
<?php
if(isset($_POST['email'])){
echo 'value="'.stripslashes($_POST['email']).'"';
if(isset($error['email'])){
echo 'class="errorbg"';
}
}
?> /></td>
</tr>
<tr>
<td valign="top">Website:</td>
<td valign="top"><input type="text" name="website"
<?php
if(isset($_POST['website'])){
echo 'value="'.stripslashes($_POST['website']).'"';
}
?> /></td>
</tr>
<tr>
<td valign="top" colspan="2">Message:</td>
</tr>
<tr>
<td valign="top" colspan="2"><textarea name="message" rows="7" <?php
if(isset($_POST['message'])){
if(isset($error['message'])){
echo 'class="errorbg"';
}
}
?>><?php
if(isset($_POST['message'])){
echo stripslashes($_POST['message']);
}
?></textarea></td>
</tr>
<tr>
<td valign="top" colspan="2" align="center"><input type="text" name="message2" /><input type="submit" name="submit" value="Sign Guestbook" /></td>
</tr>
</table>
</form>
Look at the message field here. We had to break up the statement into two parts. First to show the error CSS class in the textarea tag; then to show the text in the text area tag. Pretty self explanatory. But look what happens! When we click on submit, and there are no errors, the form says success, but the values are still in the form. We have two options here. We can either throw up a thank you screen which automatically redirects the user back to the page, or we can simply erase the POST information on successful entries. We will do the later seeing as though we want our users to see the following page as quick as possible.
Open up index.php and look for:
Find:
$postentry = @mysql_query("INSERT INTO `entries` (name, email, website, message, date, ip) VALUES ('".addslashes($_POST['name'])."', '".addslashes($_POST['email'])."', '".addslashes($_POST['website'])."', '".addslashes($_POST['message'])."', now(), '".$_SERVER['REMOTE_ADDR']."')");
Underneath it add:
if($postentry == true){
unset($_POST);
}
Simple. This just clears the contents of our POST array. Next we want to set up a honey pot. Next page!
Posted by VoiDeT –
60 Comments
Hello VOIDET
I spent last night going through this tutorial and it was great and informative.
One question I have is that I see your guestbook example has had some spambot action. Is this because there are new techniques that your tutorial doesn’t cover? I’d like to keep this kind of crap off my guest book if possible.
Thanks for your great tutorial and your feedback.
Best,
CGar
Hey Cgar,
This is both true and unfortunate.
I only taught one spam catching technique.
However more can be applied if need be. Generating a captcha form, or having an ip-ban with 30 day cool off period. Running known ip blocking from black lists.
The honey pot technique is just one! Surprisingly, it rejects quite alot!
Let me know if i can help you out further!
VoiDeT
Hi there,
A great tut! Im trying to put it on my site.
But there is one little problem. The honeypot.. when is add this link:
a new text field appears on my guestbook, while you where saying that it was hidden?
How is that possible?
Dennis
Hi there. Thanks for the great tut. Sorry…forgot to read the last side, as I didn’t used all of the tut for my guestbook at the moment. So I implemented the guestbook in my website without asking you first. And…I’m not completly ready, still working on some things as the honeypot and the pagination.
Hello VOIDET,
This is the best tutorial on the internet so far!
I’m stuck at stage 7 – 10,
it looked fine until stage 7 then the succes-message never showed up.
The IP thing didin’t work for me :/ so I jumped that part and now I’m trying to get the entries to work out, but it show me this message:
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in C:\xampp\htdocs\guestbook\templates\entries.php on line 6
do you have a idea of what’s wrong?
I would be happy for any help, just contact my email!
Regards Zime
@Zime:
Thanks a lot for the kind words.
That’s a shame that you can’t get the guestbook working. It looks as though your data isn’t being insert correctly. What you can do however is check your database for any records. If they aren’t in there then check what’s going on with data you’re inserting, and the insert commands.
If you do see the data in there, then check what’s happening when you try and retrieve the records.
I’m thinking i might rewrite this tutorial to use OOP with PHP5.
Or maybe save that for a whole new tutorial.
Hi
First great thanks to the author of this tutorial/workshop
Its working great. But there is only a single problem with the website links in the db entrys they re not working.
The link includes the hole file path i.e.(http://htdocs/mywebsite/www.pcsh.it) whats wrong?
thx in advance and best regards
Oli
THX a lot
love this tut
hey, where can i find the turtorial?
greetings
Dude, many thanks for this nice and clean tutorial. Took me about an hour to read it all up and add own commands.