guestbook problem

aznjay


<?
session_start();


////////////////////////////////
// This checks to see if we need to add another guestbook entry.
////////////////////////////////
if (($REQUEST_METHOD=='POST')) {

////////////////////////////////
// This loop removed "dangerous" characters from the posted data
// and puts backslashes in front of characters that might cause
// problems in the database.
////////////////////////////////
for(reset($HTTP_POST_VARS);
                      $key=key($HTTP_POST_VARS);
                      next($HTTP_POST_VARS)) {
    $this = addslashes($HTTP_POST_VARS[$key]);
    $this = strtr($this, ">", " ");
    $this = strtr($this, "<", " ");
    $this = strtr($this, "|", " ");
    $$key = $this;
  }
 ////////////////////////////////
  // This will catch if someone is trying to submit a blank
  // or incomplete form.
  ////////////////////////////////
  if ($email && $message ) {
////////////////////////////////
    // This is the meat of the query that updates the guests table
    ////////////////////////////////
$userses = $_SESSION['edithtml'];

$query = "INSERT INTO guests ";
$query .= "(guest_id, guest_name,";
$query .= "guest_email, guest_time, guest_message, user_name) ";
$query .= " values(0000,'$name','$email',NULL,'$message','$userses')";
mysql_pconnect("localhost","chaotici_commu","dragon")
               or die("Unable to connect to SQL server");
mysql_select_db("chaotici_chaotic") or die("Unable to select database");
mysql_query($query) or die("Insert Failed!");
} else {

////////////////////////////////
// If they didn't include all the required fields set a variable
// and keep going.
////////////////////////////////
$notall = 1;

  }
}
?>

<HTML>
<HEAD>
<TITLE>Add a Message</TITLE>
</HEAD>

<BODY BGCOLOR="white">

<H1>Add A Message</H1>
<!-- Let them know that they have to fill in all the blanks -->
<? if ($notall == 1) { ?>
<P><FONT COLOR="red">Please answer all fields</FONT></P>
<? } ?>
<!-- The bits of PHP in the form allow the data that was already input
     to be placed back in the form if it is filled out incompletely -->
<?PHP
  echo "<FORM METHOD=\"post\" ACTION=\"/community/spoono/guest.php?user_name=$user_name\">
<PRE>
Your Name:       <INPUT
                     TYPE=\"text\"
                     NAME=\"name\"
                     SIZE=\"20\"
                     MAXLENGTH=\"50\"
                     VALUE=\"$name\">
Your Email:      <INPUT
                     TYPE=\"text\"
                     NAME=\"\"
                     SIZE=\"20\"
                     MAXLENGTH=\"50\"
                     VALUE=\"$email\">

Enter Message:
<TEXTAREA NAME=\"message\" COLS=\"40\" ROWS=\"8\" WRAP=\"Virtual\">
$message
</TEXTAREA>

<INPUT TYPE=\"submit\" VALUE=\"Add\">

</PRE>
</FORM>";

?>
<HR>

<?

////////////////////////////////
// This is where we connect to the database for reading.
////////////////////////////////
mysql_pconnect("localhost","chaotici_commu","secret")
               or die("Unable to connect to SQL server");
mysql_select_db("chaotici_chaotic") or die("Unable to select database");

////////////////////////////////
// This is where we count the number of entries.
////////////////////////////////
$query = "SELECT COUNT(*) FROM guests WHERE user_name='$user_name'"; 
$numguests = mysql_query($query) or die(mysql_error());
$numguest = mysql_fetch_array($numguests);

?>

<!--  This is where we report the total messages. -->
<P>
<A HREF="../guest.php?complete=1"><? echo $numguest[0]; ?> people</A> have
left me a message.
</P>


<?
if ($complete == 1) {
  $query = "SELECT * FROM guests WHERE user_name='$user_name' ORDER BY guest_time DESC";
} else {
  $query = "SELECT * FROM guests WHERE user_name='$user_name' ORDER BY guest_time DESC LIMIT 20";
}
$guests = mysql_query($query) or die(mysql_error());

while ($guest = mysql_fetch_array($guests)) 
  {
    $guest_name = $guest['guest_name'];
	$guest_email = $guest['guest_email'];
	$guest_time = $guest['guest_time'];
	$guest_message = $guest['guest_message'];


////////////////////////////////
// The database has a timestamp record type that we can use to show the
// date the guestbook was filled out.
////////////////////////////////
	$datefromdb = $guest_time;
$year = substr($datefromdb,0,4);
$mon  = substr($datefromdb,4,2);
$day  = substr($datefromdb,6,2);
$hour = substr($datefromdb,8,2);
$min  = substr($datefromdb,10,2);
$sec  = substr($datefromdb,12,2);
$orgdate = date("l F dS, Y h:i A",mktime($hour,$min,$sec,$mon,$day,$year));

echo "<TABLE BORDER=\"1\" WIDTH=\"500\">
<TR><TD>
Name: $guest_name
</TD><TD>
Email: <A HREF=\"mailto: $guest_email\">
       $guest_email</A>
</TD><TD>

Date: $orgdate;


</TD></TR>
<TR><TD COLSPAN=\"3\">
$guest_message
</TD></TR>
</TABLE>
<BR>";
 } 
?>
</BODY>
</HTML>

When someon is posting $userses = $SESSION['edithtml']; i want $userses in $query = "INSERT INTO guests ";
$query .= "(guest_id, guest_name,";
$query .= "guest_email, guest_time, guest_message, user_name) ";
$query .= " values(0000,'$name','$email',NULL,'$message','$userses')";
mysql_pconnect("localhost","chaotici_commu","dragon")
or die("Unable to connect to SQL server");
mysql_select_db("chaotici_chaotic") or die("Unable to select database");
mysql_query($query) or die("Insert Failed!");
but it doesn't work. I making $email = $session['email]; actually it's made i just need to put it but it doesn't werk. Help anyone??

weekender

you would normally pass variables between scripts using $_GET

eg if i call index.php?page=3

then in index.php i have the variable $_GET['page'] with value 3

and the reason nobody has replied to your post is because you have posted too much code. If you post code, post RELEVENT code - if you must post a lot (more than 10-12 lines), attach it as a file. Nobody is going to read all that

go have a go at changing your session vars to get vars, and post again - this time with less blurb