Form Validation

jcb33

jcb33

jcb33

Soldato
Joined
11 Apr 2003
Posts
4,210
Location
Notts
Hi all, I have a guestbook, and the form submits posts to my database, I was just wondering if there is a way to validate my form, so that the user cannot enter javascript, or html tags?

The page is not a .php page, it is a .shtml page, and calls the php code from a file.

Thanks!
 
Thanks, I have written the following code:

Code: 
<?php
	$sel = mysql_connect("localhost","cpanelu_dci125","***");
	if (!$sel)
  	{
  		die('Could not connect: ' . mysql_error());
  	}
	mysql_select_db("cpanelu_dci125", $sel);

	$comment = mysql_query("SELECT * FROM guestbook ORDER BY commentID DESC");

	while($line = mysql_fetch_array($comment))
  	{
		echo "<b>Post Number: </b>";
		echo $line['commentID'];
		echo "<br />";
  		echo "<b>Name: </b>";
		$val = $line['name'];
		$val = chunk_split($val,40," ");
		echo htmlspecialchars($val);
  		echo "<br />";
  		echo "<b>Email: </b>";
		$val = $line['email'];
		echo htmlspecialchars($val);
  		echo "<br />";
  		echo "<b>Comment: </b>";
		$val = $line['comment'];
		$val = chunk_split($val,40," ");
		echo htmlspecialchars($val);
		echo "<br />";
 		echo "<br />";
 		echo "<hr />";
	}
	mysql_close($sel);
?>


Which displays it how I want, however it still writes the html etc to the database, and I cannot work out how to make it so it formats it then writes it... Any ideas :)?
 
Last edited:
Ok had a few plays around with this, but everything I have been trying has returned errors, so I cant work out how to make so that when you look in the database you dont have active links etc, but the validated stuff
 
Well this code is called seperatly, this displays my guestbook on the page, and is in a file called display.php, my insert code is as follows:

Code: 
<?php
				$sel = mysql_connect("localhost","cpanelu_dci125","********");
				if (!$sel)
				{
 					die('Could not connect: ' . mysql_error());
 				}

				mysql_select_db("cpanelu_dci125", $sel);

				$dat="INSERT INTO guestbook (name, email, comment)		
								
				VALUES ('$_POST[name]','$_POST[email]','$_POST[comment]')";

				if ($_POST['name'] == NULL)
				{
					die('Please Do Not Leave Any Field Blank, You Will Now Return To The Guestbook!');
				}
				elseif ($_POST['email'] == NULL) {
					die('Please Do Not Leave Any Field Blank, You Will Now Return To The Guestbook!');
				}
				elseif ($_POST['comment'] == NULL) {
					die('Please Do Not Leave Any Field Blank, You Will Now Return To The Guestbook!');
				}
				if (!mysql_query($dat,$sel))
  				{
  					die('Error: ' . mysql_error());
  				}
				
				echo "Thank you for leaving a comment! You will return to the guestbook shortly";

				mysql_close($sel)
			?>
 
You must log in or register to reply here.
Back
Top Bottom