ACCES INTERZIS | blog de programare si securitate IT

 

Cum fac un formular de comentarii? (versiunea 2)

 

Scripturile PHP apelate prin functia include() le gasiti in articolul despre versiunea 2 a formularului de contact.
Interogarea SQL care creeaza tabelul in care se vor stoca comentariile o gasiti in articolul despre prima versiune a formularului de comentarii.

commentf.php

<?php
/*
Titlu: Cum fac un formular de comentarii? (versiunea 2)
Autor: Marian Barbu aka AccesInterzis
Website: http://www.accesinterzis.ro
2010 (c) Toate drepturile rezervate
*/

//-----specific EXACT cu ce campuri se va lucra
#1
$required_fields = array('name', 'email', 'website', 'comment', 'security_code', 'add');
$sent_fields = array_keys($_POST);

//-----creez o sesiune pe server pentru a salva in ea codul generat aleatoriu de sistemul CAPTCHA
#2
session_start();

//-----ma conectez la baza de date
#3
include('includes/connect_to_db.inc.php');

//-----incarc fisierele include
#3.1
include('includes/validators.inc.php');
include('includes/filter_it.inc.php');
include('includes/validate_form.inc.php');
include('includes/filtered_urls_and_cookies.inc.php');

//------scriptul PHP se executa doar daca cererea a fost facuta de pe aceeasi pagina pe care se afla formularul si doar daca toate campurile formularului au fos trimise
#4
if ($referer == 'http://'.$_SERVER['HTTP_HOST'].$php_self && $required_fields == $sent_fields) {
	//-----procesez datele din formular; rezultatul va fi o lista de erori, o lista cu datele nevalide, o lista cu datele valide
	#5
	include('includes/process_form.inc.php');

	//-----infasor datele in mysql_real_escape_string() deoarece urmeaza sa le bag in baza de date
	#6
	$processed_form['good_data'] = filter_it($processed_form['good_data'], array('mysql_real_escape_string'));

	//------daca nu exista niciun fel de erori bag datele in baza de date
    #7
	if(count($processed_form['issues']) == 0) {
		#7.1
		$q = "INSERT INTO ai_commentform(`name`, `email`, `website`, `comment`, `date`, `ip`)"
			."VALUES('".$processed_form['good_data']['name']."', '".$processed_form['good_data']['email']."', '".$processed_form['good_data']['website']."', '".$processed_form['good_data']['comment']."', NOW(), '".$_SERVER['REMOTE_ADDR']."')";

		#7.2
		if (mysql_query($q) == false) {
			$error_message = 'Something is wrong with the server. Your comment wasn\'t added.';
		}
	}

	//-----infasor datele in htmlentities() deoarece urmeaza sa le afisez in formular
	#8
	$get_my_fields = filter_it($get_my_fields, array('htmlentities'));
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>How do I make a comment form?</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="description" content="How do I make a comment form?" />
<meta name="keywords" content="comment,form,php,script,add,email" />
<meta name="abstract" content="How do I make a comment form?" />
<meta name="author" content="AccesInterzis" />
<meta name="copyright" content="AccesInterzis" />
<meta name="robots" content="index,follow" />
<meta name="revisit-after" content="7 days" />

<style type="text/css">
* {
	margin:0;
	padding:0;
	outline:none;
}

html {
	color:black;
	background-color:white;
	font: normal normal normal 12px  Verdana;
	/*font-style font-variant font-weight font-size font-family*/
}

/*INCEPUT - LINIILE CSS CARE CREEAZA SKINUL FORMULARULUI DE CONTACT*/

div#commentf {
	width:530px;
	margin:0px auto;
}

div#commentf h1 {
	color:black;
	font: normal normal normal 24px  Verdana;
	/*font-style font-variant font-weight font-size font-family*/
	padding-bottom:5px;
}

div#commentf div {
	margin:0 0 5px 0;
}

div#commentf label {
	width:115px;
	float:left;
}

div#commentf label span {
	color:#c00;
}

div#commentf input {
	width:200px;
}

div#commentf textarea {
	width:400px;
	height:150px;
}

div#commentf input, div#commentf textarea {
	border:1px #ccc solid;
}

div#commentf input:hover, div#commentf textarea:hover {
	border:1px #666 solid;
}

div#commentf input#add {
	width:auto;
	color:#FFF;
	background-color:#333;
	border:1px #000 solid !important;
	cursor:pointer;
}

div#commentf input#add:hover {
	color:#333;
	background-color:#fff;
	border:1px #333 solid;
}

/*Inceput - stilurile erorilor*/
div#commentf form#form-itself p {
	color:#c00;
	font-size:10px;
	padding:0 0 0 115px;
	text-align:left;
}

div#commentf div#name_field label,
div#commentf div#email_field label,
div#commentf div#website_field label,
div#commentf div#comment_field label,
div#commentf div#security_code_field label {
	color:#c00;
}

div#commentf div#name_field input,
div#commentf div#email_field input,
div#commentf div#website_field input,
div#commentf div#comment_field textarea,
div#commentf div#security_code_field input {
	border:1px #c00 solid;
	color:#c00;
}

div#commentf div#name_field input:hover,
div#commentf div#email_field input:hover,
div#commentf div#website_field input:hover,
div#commentf div#comment_field textarea:hover,
div#commentf div#security_code_field input:hover {
	border:1px #c00 solid;
}
/*Sfarsit - stilurile erorilor*/

div#comments h1 {
	color:#c00;
	font: normal normal normal 24px  Verdana;
	/*font-style font-variant font-weight font-size font-family*/
	padding-bottom:5px;
}

/*SFARSIT - LINIILE CSS CARE CREEAZA SKINUL FORMULARULUI DE CONTACT*/
</style>
</head>

<body>
<?php
$q = "SELECT name, website, date, comment FROM ai_commentform ORDER BY comment_id DESC";
$result = mysql_query($q) or die(mysql_error());

//-----cand citesc datele din baza de date le infasor in stripslashes(), htmlentities() si nl2br()
if (mysql_num_rows($result) != 0) {
	echo '<div id="comments">';
	echo '<h1>'.mysql_num_rows($result).' comment(s) so far</h1>';

	$i = 0;
	while ($row = mysql_fetch_array($result)) {
		echo '<p>';
		echo ($row['website'] == '') ? '<strong>'.$row['name'].'</strong>' : '<a href="'.$row['website'].'" title="'.$row['website'].'" target="_blank">'.$row['name'].'</a>';
		echo ' - '.$row['date'];
		echo '</p>';

		echo (is_int($i/2)) ? '<p style="margin-bottom:15px;">' : '<p style="margin-bottom:15px; background:#ccc;">';
		echo nl2br(htmlentities(stripslashes($row['comment']), ENT_QUOTES, 'utf-8'));
		echo '</p>';

		$i++;
	}
	echo '</div>';
}
?>
<div id="commentf">
	<h1>
		<label>&nbsp;</label>
		Leave a comment
	</h1>

	<form action="<?php echo 'http://'.$_SERVER['HTTP_HOST'].$php_self; ?>" method="post" id="form-itself">
		<?php echo (isset($processed_form['issues']['name'])) ? '<p>'.$processed_form['issues']['name'].'</p><div id="name_field">' : '<div>' ; ?>
			<label for="name">Name<span>*</span>:</label>
			<input name="name" type="text" id="name" value="<?php if (isset($get_my_fields['name'])) echo $get_my_fields['name']; ?>" />
		</div>

		<?php echo (isset($processed_form['issues']['email'])) ? '<p>'.$processed_form['issues']['email'].'</p><div id="email_field">' : '<div>' ; ?>
			<label for="email">Email<span>*</span>:</label>
			<input name="email" type="text" id="email" value="<?php if (isset($get_my_fields['email'])) echo $get_my_fields['email']; ?>" />
		</div>

		<?php echo (isset($processed_form['issues']['website'])) ? '<p>'.$processed_form['issues']['website'].'</p><div id="website_field">' : '<div>' ; ?>
			<label for="website">Website:</label>
			<input name="website" type="text" id="website" value="<?php if (isset($get_my_fields['website'])) echo $get_my_fields['website']; ?>" />
		</div>

		<?php echo (isset($processed_form['issues']['comment'])) ? '<p>'.$processed_form['issues']['comment'].'</p><div id="comment_field">' : '<div>' ; ?>
			<label for="comment">Your comment<span>*</span>:</label>
			<textarea name="comment" rows="1" cols="1" id="comment"><?php if (isset($get_my_fields['comment'])) echo $get_my_fields['comment']; ?></textarea>
		</div>

		<p>
			<img src="includes/captchaimage.inc.php?width=120&height=40&characters=5" />
		<p>

		<?php echo (isset($processed_form['issues']['security_code'])) ? '<p>'.$processed_form['issues']['security_code'].'</p><div id="security_code_field">' : '<div>' ; ?>
			<label for="security_code">Are you human?<span>*</span></label>
			<input id="security_code" name="security_code" type="text" />
		</div>

		<div>
			<label> &nbsp; </label>
			<input name="add" type="submit" id="add" value="add" />
		</div>
	</form>
</div>
</body>
</html>

Post to Twitter Publica acest articol pe Twitter

Articole asemanatoare:

Publicat de: admin
Ultima modificare: 17, 2010, 13:46

Etichete
Etichete: , ,
Categorii: programare
Precedentul Urmatorul


 

Comentarii lasate » (0)

 
Lasa un comentariu

XHTML: Poti folosi urmatoarele taguri HTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>