Member inputting data to database through forms...

skttrbrain

I'm pretty new to PHP and am slightly familiar with mysql. I was wondering how I would go about creating a script that would allow a user to submit data (in this case, something like a story they've written) to the database.

Anything that can help would be greatly appreciated.

bastien

here is a script i wrote for a writing contest. It allows the user to both paste/write their article in the form and upload a file copy as well. I have included the table structure for the articles table, but not for the users table...

This script also does the login check as well

<?php

/*table
CREATE TABLE `contest` (
  `record_id` int(4) NOT NULL auto_increment,
  `user_id` varchar(50) NOT NULL default '',
  `article` text NOT NULL,
  `time_in` time NOT NULL default '00:00:00',
  `time_out` time NOT NULL default '00:00:00',
  `file_name` varchar(50) NOT NULL default '',
  PRIMARY KEY  (`record_id`)
) TYPE=MyISAM AUTO_INCREMENT=1 ;
*/

session_start();

// redefine the user error constants - PHP 4 only
define("FATAL", E_USER_ERROR);
define("ERROR", E_USER_WARNING);
define("WARNING", E_USER_NOTICE);

// set the error reporting level for this script
error_reporting(FATAL);


//Declarations
$myfile               = "";
$article              = "";
$username             = "";
$FileFlag             = 0;
$DBFlag               = 0;
$ConStartFlag         = 0;
$LoggedInFlag         = 0;

//--------------------------------------------------------------------------------------------
//logon the user on
if (($_SESSION['username']=="")&&(!$_POST['submit']=="Log In")){
  logon();                                                                     //show the logon form
  die();
}

//logon form submitted so check button and logon state
if (($LoggedInFlag==0)&&($ConStartFlag==0)&&($_POST['submit']=="Log In")){
  confirm_logon();
}

//--------------------------------------------------------------------------------------------
//main form code

//handle the data inputs
if (!$_POST['submit']=="Submit Entry"){
  show_form();
  die();
}else{
  $article = $_POST['article'];
}//end if

  //check for the presence of a file
  $tempfile = $_FILES['userfile']['tmp_name'];                                 //get the temporary file name from the upload dir
  if (is_uploaded_file($tempfile)){
    upload();
  }else{
    $FileFlag = 0;
  }//end if

  //check there is a value for article
  if ($article!=''){
    echo "Processing entry.<br>";
    load_db($article);
  }

  //article submission confirmed and records / files updated uploaded
  if ($DBFlag == 1){
    confirmation();
  }

function show_form()
{
?>
  <form enctype="multipart/form-data" action="<? echo $_SERVER['PHP_SELF'];?>" method="post">
   <table><tr><td valign="top">
   Composition:</td><td><textarea name="article" rows="25" cols="100"></textarea></td>
   <input type="hidden" name="MAX_FILE_SIZE" value="30000" />
   </tr><tr><td align="center" colspan="2">Send this file: <input name="userfile" type="file" /></td>
   </tr><tr><td align="center" colspan="2"><input type="submit" name="submit" id="submit" value="Submit Entry" /> </td></tr></table
  </form>

<?
}

function upload()
{
  // In PHP versions earlier than 4.1.0, $HTTP_POST_FILES should be used instead
  // of $_FILES.

  global $article, $FileFlag,$myfile;

  $uploaddir  = '../bastien/uploads/';                                            //change to match your dir
  $uploadfile = $uploaddir . $_FILES['userfile']['name'];
  $myfile     = $_FILES['userfile']['name'];
  //echo "Filename is:".$myfile."<br>";

  print "<pre>";
  //check the file extension (only doc allowed) and check the mime type of the file
  if ($_FILES['userfile']['type']!='application/msword'){
    echo "filetype=".strtolower(substr($_FILES['userfile']['name'],-3));

if (strtolower(substr($_FILES['userfile']['name'],-3))=="doc"){

    //check the file size
    if ($_FILES['userfile']['size']<30000){
      if (copy($_FILES['userfile']['tmp_name'], $uploadfile)){                   //windows
      //if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {  //unix
         $FileFlag = 1;

      } //end if copy file
	}//end if file size
}//end if file type
  }else{
    show_form($article);
    die("File is of the wrong format and has been rejected. Please try again.");
  }
  print "</pre>";
}//end function

function load_db($article)
{
  global $DBFlag, $myfile, $FileFlag;
 //get the data to load into the db
 $sql = "";
 $time_out = "";
 $time_out = date("Y-m-D H:i:s");

 //get the connection info
 require("dbconng.php");
  //create and run the query to load the data into the db
  $sql = "update contest set article = '$article', time_out = now() "; 

  if ($FileFlag == 1){
     $sql.=", file_name = '$myfile' ";
  }
  $sql.= "where user_id=".$_SESSION['user_id'];
  echo $sql;
  $result = mysql_query($sql,$conn)or die ("Can't insert data because ".mysql_error());

  if (!$result){
    echo "There was an error with the database. Hit the back button and try again.";
  }else{
    $DBFlag = 1;
  }//end if

}//end function

function confirmation()
{
  global $FileFlag, $DBFlag;
  //show the confirmation screen
  if (($FileFlag == 1) && ($DBFlag ==1)){
    $msg = "File and contest entry have been successfully uploaded.<br />Good luck in the contest";
  }else{
    $msg = "Contest entry have been successfully uploaded.<br />Good luck in the contest";
  }

  echo $msg;
  session_destroy();

} //end function

function logon()
{
  //show the logon form
  echo "<div style=\"position:absolute; top:250; left:300; width:300; height:250;\">
          <center><h2>Rich's Writing Club Contest</h2></center>
          <form name=\"logon\" action=\"".$_SERVER['PHP_SELF']."\" method=\"post\">
            <table>
               <tr><td width=\"100\">User Name:</td><td><input type=\"text\" name=\"username\" size=\"20\"></td></tr>
               <tr><td>Password :</td><td><input type=\"password\" name=\"pass\" size=\"20\"></td></tr>
               <tr><td colspan=\"2\" align=\"center\"><input type=\"submit\" name=\"submit\" value=\"Log In\"></td></tr>
            </table>
          </form>
        </div>";

}//end function

function confirm_logon()
{
  global $ConStartFlag;
  //get the connection info
  require("dbconng.php");

  //do the logon check
  $username          = "";
  $user_id					 = "";
  $pass              = "";
  $sql               = "";
  $sql2              = "";
  $time_in           = "";
  $time_in           = date("Y-m-D H:i:s");

  //assume only alpha and numeric chars allowed in username & passwords
  if((eregi("[[:alnum:]]",$_POST['username']))&&(eregi("[[:alnum:]]",$_POST['pass']))){
     $username = $_POST['username'];
     $pass     = $_POST['pass'];

  }else{

 logon();
 die("Invalid login attempt");
  }//end if

  $sql = "select user_id from users where user_name = '$username' and pass = '".md5($pass)."'";

  $result = mysql_query($sql,$conn)or die ("Can't insert data because ".mysql_error());

  if (mysql_num_rows($result)==1){
    $_SESSION['username'] = $username;
    //get the user id from the db
    while ($row = mysql_fetch_array($result)){
      $_SESSION['user_id'] = $row['user_id'];
      $user_id = $row['user_id'];

}//end while
  }else{
      logon();
      die("Invalid login attempt!");
  }//end if

  if ($user_id){
    //sql to register the user as logged on and the time they signed in
    $sql2 = "insert into contest (user_id,time_in) values ($user_id, now())";
    echo $sql2;
    $result2 = @mysql_query($sql2,$conn)or die ("Can't insert data because ".mysql_error());

if (!$result2){
  echo "There was an error. Try again.";
  if (mysql_errno($result)==1062){
     echo "Our records indicate that you have already tried to submit for the contest.";
     $sql_check  = "select * from contest where user_id = $user_id";
     $result3 = mysql_query($sql_check,$conn)or die ("Can't insert data because ".mysql_error());
     if ($result3){
        while ($rows= mysql_fetch_array($result3)){
           $article   = $rows['article'];
           $file_name = $rows['file_name'];
           $user      = $rows['user_id'];
        }//end while
     }
     }            
  logon();
  die();
}else{
  //start the contest and show the form
  $ConStartFlag = 1;
  show_form();
}//end if
  }//end if

}//end function


?>

skttrbrain

<?
    $usr = "*****";
    $pwd = "*****";
    $db = "******";
    $host = "*****";

# connect to database
$cid = mysql_connect($host,$usr,$pwd);
if (!$cid) { echo("ERROR: " . mysql_error() . "\n");    }

?>
<HTML>
<HEAD>
   <TITLE>Submit</TITLE>

</HEAD>
<BODY BGCOLOR="#FFFFFF">

<P><FONT SIZE=5><B> Submit </B> </FONT></P>

<?
    # this is processed when the form is submitted
    # back on to this page (POST METHOD)
    if ($REQUEST_METHOD=="POST") {

    # double-up apostrophes
    $title = str_replace("'","''",$title);
    $author = str_replace("'","''",$author);
$description = str_replace("'","''",$description);
    $content = str_replace("'","''",$content);

    # setup SQL statement
    $SQL = " INSERT INTO stories ";
    $SQL = $SQL . " (title, author, description, content) VALUES ";
    $SQL = $SQL . " ('$title', '$author','$description','$content') ";

    #execute SQL statement
    $result = mysql_db_query($db,"$SQL",$cid);

    # check for error
    if (!$result) { echo("ERROR: " . mysql_error() . "\n$SQL\n");    }

    echo ("<P><B>Story added.</B></P>\n");

}

?>

<FORM NAME="fa" ACTION="submit.php" METHOD="POST">
<TABLE>
<TR><TD><B>Title: </B> </TD><TD><INPUT TYPE="text" NAME="title" SIZE=40></TD></TR>
<TR><TD><B>Author:</B> </TD><TD><INPUT TYPE="text" NAME="author" SIZE=40></TD></TR>
<TR><TD><B>Description: </B> </TD><TD><INPUT TYPE="text" NAME="description" SIZE=40></TD></TR>
<TR><TD VALIGN=TOP><B>Content: </B> </TD><TD> <TEXTAREA NAME="content" ROWS=20 COLS=80></TEXTAREA></TD></TR>
<TR><TH COLSPAN=2><P><INPUT TYPE="submit" VALUE="Submit"></P></TH></TR>
</TABLE>
</FORM>


<?    mysql_close($cid); ?>
</BODY>
</HTML>

I'm using this as the submit coding, but if the user uses an apostrophe an error occurs. What do I have to do to fix that?

<?php

$server = "*****";
$user = "*******";
$password = "******";
$database = "*******";

// Connect to Server
mysql_connect($server, $user, $password) or die(mysql_error());

// Select Database
mysql_select_db($database) or die(mysql_error());

// Query the Database
$query = mysql_query("SELECT * FROM stories"); 

while($row = mysql_fetch_array($query)) { 
   echo "Name: " . $row["title"] . "<br>"; 
   echo "Author: " . $row["author"] . "<br>"; 
      echo "Description: " . $row["description"] . "<br>"; 
   echo "Content: " . $row["content"] . "<br><br>";

}

?>

And I'm using this as the retrieve coding, but if a user makes a break in their submissions (such as in the content box), it doesn't appear when the data is retrieved and displayed. How can I correct this?

bastien

use addslashes to escape the quotes issue
use nl2br to convert new lines to <br> tags

skttrbrain

Sorry, but I'm still pretty new to this. Could you possibly expand on those?

bastien

from your code samples

$content = addslashes($content);

while($row = mysql_fetch_array($query)) {  

   echo "Name: " . $row["title"] . "<br>";  

   echo "Author: " . $row["author"] . "<br>";  

      echo "Description: " . $row["description"] . "<br>";  

   echo "Content: " . nl2br($row["content"]) . "<br><br>"; 

}

skttrbrain

That solved the breaks issues. It will also let me submit things with an apostrophe and quotation marks, but I get slashes along with them.

Name: Testing quotes
Author: skttrbrain
Description: Just testing...
Content: Just testing how\'ve \"this\" were

eere

\"ggdfgfgd\"

bastien

user [man]stripslashes[/man] to remove the slashes

echo "Content: " . nl2br(stripslashes($row["content"])) . "<br><br>";

skttrbrain

Thanks for the help. I've got some more stuff I have to do for it, so if I have any more questions, I'll be sure to ask.