Creating a guest book - Page 2

Salathe · 01-24-2008, 12:58 PM

Quote:

Originally Posted by danielneri

Whoa wait: side note

mysql_result is deprecated?! what replaced it? and when?

wow where have I been...

mysql_result isn't depreciated but here's a note from the PHP manual:

When working on large result sets, you should consider using one of the functions that fetch an entire row (specified below). As these functions return the contents of multiple cells in one function call, they're MUCH quicker than mysql_result().

Orc · 01-24-2008, 11:13 PM

Quote:

Originally Posted by Salathe

mysql_result isn't depreciated but here's a note from the PHP manual:

When working on large result sets, you should consider using one of the functions that fetch an entire row (specified below). As these functions return the contents of multiple cells in one function call, they're MUCH quicker than mysql_result().

Well then a tutorial I read was wrong, and I hate them all.

ReSpawN · 01-25-2008, 05:59 PM

Quote:

Originally Posted by Alan @ CIT

mysql_result() isn't officially depreciated as far as I know.

Alan

As Salathe said, it indeed is not depreciated.

I use if for large queries. For example, when using queries like "LIKE" and "WHERE".

StevenF · 01-31-2008, 08:00 PM

I've just created another guest book with the same code for practice. I'll probably do it a few times until I can write it from memory. I do have one questions though. Some one told me when setting the variables from the form, to use this:

Code:

$yourname = addslashes($_POST['yourname']);
	$email = urlencode(addslashes($_POST['Email']));
	$website = urlencode(addslashes($_POST['website']));
	$comment = htmlentities(addslashes(strip_tags($_POST['comment'])));

The only thing with that is, when it's submitted it's displaying the email and website like bellow:

Quote:

Steven%40hotmail.com

http%3A%2F%2Fgoogle.com

Now, I could fix it by removing the urlencode, addslashes and htmlentities, but I was told to add that in. Do I really need it?

ReSpawN · 01-31-2008, 08:24 PM

You can use the function urldecode() to decode your encoded URL string. I've never used it on an email or such but that's me. addslashes() should suffice. And those can be decoded with stripslashes() as you might know. addslashes() only escapes quote tags and such. For extra security, I advice you to use mysql_real_escape_string for your queries and even sprintf() if you want to be on the safe side.

StevenF · 01-31-2008, 08:43 PM

Quote:

Originally Posted by ReSpawN

You can use the function urldecode() to decode your encoded URL string. I've never used it on an email or such but that's me. addslashes() should suffice. And those can be decoded with stripslashes() as you might know. addslashes() only escapes quote tags and such. For extra security, I advice you to use mysql_real_escape_string for your queries and even sprintf() if you want to be on the safe side.

Thanks for your reply.

At first read that made no sense to me what so ever. After a second time things started to click! I had been using addslashes to encode all of the fields, however, I didn't know how to (or that I had to) decode them. I've now used stripslashes and urldecode to decode the strings.

I've also used mysql_real_escape for my queries but haven't heard of sprintf() before.

PS: How easy is it to make a variable a hyperlink?

Alan @ CIT · 02-01-2008, 08:12 PM

Wildhoney has written a great article about securing queries with sprintf() - TalkPHP - Securing your MySQL Queries with Sprintf

As for making a variable into a hyperlink, I'm not sure what you mean, but:

PHP Code:


			
$myVariable = 'http://www.example.com/index.php';

$anotherVar = '<a href="http://www.talkphp.com">TalkPHP.com!</a>';

echo 'http://www.example.com/index.php?page=' . $pageVar;

Hopefully one of those is what you where after?

Alan

StevenF · 02-02-2008, 01:22 PM

Thanks Alan, I'll have a read over that article!

I'm not sure if the hyperlink thing is possible, but I'll try and explain what I'm looking for: I have a name field and a website field in the form. The data entered in those fields are stored as variables and entered into a database. I then display the information on another page.

When clicking the persons name, I would like that to link to the website they entered in form. This is an example, but totally wrong:

Code:

<a href="$website" alt="" ><?php echo $guestsname; ?></a>

Basically, linking the persons name to the value stored in the variable.

TlcAndres · 02-02-2008, 04:08 PM

<a href="<?=$website;?>" alt="" ><?php echo $guestsname; ?></a>

Would work..I believe

StevenF · 02-04-2008, 05:19 PM

Quote:

Originally Posted by TlcAndres

<a href="<?=$website;?>" alt="" ><?php echo $guestsname; ?></a>

Would work..I believe

Thank you. When I link that, it's trying to access the page through localhost, which means it's not finding it. Why's it doing that?