Error messages stop page from loading

mr_director · May 28, 2007

Hey. I just posted an issue concerning this same script. It was resolved so quickly, I figured I'd post this new issue in hopes of finding some quick fix also. Any help would be greatly appreciated.

Any time someone doesn't finish filling in the form, the script is designed to give them an error code. For some reason, it also stops anything below the printed error code from loading, which includes some important footer information to complete the page design. AKA, it looks like crap. lol

Here's the code I'm working with:

<?

//connect to your database
require_once($_SERVER['DOCUMENT_ROOT'].'/source/scripts/comments/config.php');

//query comments for this page of this article
$inf = "SELECT * FROM `comments` WHERE `page` = '".STRIPSLASHES($_SERVER['REQUEST_URI'])."' ORDER BY `time` ASC";
 $info = mysql_query($inf);
     if(!$info) die(mysql_error());


   $info_rows = mysql_num_rows($info);
if($info_rows > 0) {
   echo '<a name="comments"></a><h3>Comments:</h3>';
   echo '<table width="100%">';

while($info2 = mysql_fetch_object($info)) {    

echo '<tr>';   

echo '<td class="bubbledescription"><b>"'.stripslashes($info2->subject).'" by: <a href="'.$info2->contact.'">'.stripslashes($info2->username).'</a></b>  <div align="left" class="smallertext">'.date('h:i:s a', $info2->time).' on '.$info2->date.'</div></td> ';
echo '</tr><tr>';
echo '<td class="bubbledescription"> '.stripslashes($info2->comment).'<br /><br /></td>';
echo '</tr>';
}//end while
echo '</table>';
echo '<hr width="95%" noshade>';
} else echo '<em>No one has commmented yet. Be the first. You know you want to. <br /><br /></em>';

if(isset($_POST['submit'])) {
  if(!addslashes($_POST['username'])) die('<u>ERROR:</u> Make sure you entered a username for your comment.');
  if(!addslashes($_POST['contact']))  die('<u>ERROR:</u> Make sure that you entered a contact address or web-site.');
  if(!addslashes($_POST['subject']))  die('<u>ERROR:</u> Make sure you put a subject on your comment.');
  if(!addslashes($_POST['comment']))  die('<u>ERROR:</u> You did not enter a comment.');


//this is for a valid contact
  if(substr($_POST['contact'],0,7) != 'mailto:' && !strstr($_POST['contact'],'//')) {
              if(strstr($_POST['contact'],'@'))
                $_POST['contact'] = "mailto:".$_POST['contact']."";
              else
                $_POST['contact'] = "http://".$_POST['contact']."";
   } //end valid contact

//try to prevent multiple posts and flooding...
$c = "SELECT * from `comments` WHERE ip = '".$_SERVER['REMOTE_ADDR']."'";
  $c2 = mysql_query($c);
     while($c3 = mysql_fetch_object($c2)) {
      $difference = time() - $c3->time;
     if($difference < 60) die('<u>ALERT:</u> '.$c3->username.', Please wait one minute between comments. Also, refresh the page if you cannot see the bottom portion of the page.<BR>');
      } //end while

//add comment
$q ="INSERT INTO `comments` (article_id, page, date, time, username, ip, contact, subject, comment) VALUES ('".$_GET['id']."', '".$_POST['page']."', '".$_POST['date']."', '".$_POST['time']."', '".addslashes(htmlspecialchars($_POST['username']))."', '".$_SERVER['REMOTE_ADDR']."', '".addslashes(htmlspecialchars($_POST['contact']))."', '".addslashes(htmlspecialchars($_POST['subject']))."', '".addslashes(nl2br(htmlspecialchars($_POST['comment'])))."')"; 

$q2 = mysql_query($q);
  if(!$q2) die(mysql_error());

//refresh page so they can see new comment
header('Location: http://' . $_SERVER['HTTP_HOST'] . $_POST['page'] . "#comments");

} else {  //display form
?>
<form name="comments" action="<? $_SERVER['PHP_SELF']; ?>" method="post"> 

<input type="hidden" name="page" value="<? echo($_SERVER['REQUEST_URI']); ?>">
<input type="hidden" name="date" value="<? echo(date("F j, Y.")); ?>">
<input type="hidden" name="time" value="<? echo(time()); ?>">

<table width="100%" border="0" cellspacing="0" cellpadding="0">
   <tr>
      <td class="commentformLeftColumn"><div align="right">Name:   </div></td>
       <td class="commentformRightColumn"><input name="username" type="text" size="30" value="" class="commentformTextField"></td>
   </tr>
    <tr>
      <td class="commentformLeftColumn"><div align="right">Contact:   </div></td>
      <td class="commentformRightColumn"><input type="text" name="contact" size="30" value="" class="commentformTextField"> 
      <i>(e-mail or web-site) </i></td>
    </tr>
    <td class="commentformLeftColumn"><div align="right">Subject:   </div></td>
    <td class="commentformRightColumn"><input type="text" name="subject" size="30" value="" class="commentformTextField"></td>
    </tr>
    <tr>
      <td class="commentformLeftColumn"><div align="right">Comment:   </div></td>
      <td class="commentformRightColumn"><textarea name="comment" cols="45" rows="5" wrap="VIRTUAL" class="commentformTextArea"></textarea></td>
    </tr>
    <tr>
      <td></td>
      <td colspan="2" class="commentformRightColumn"><input type="submit" name="submit" value="Add Comment" class="commentformSubmit"></td>
    </tr>
  </table>
</form>
<?
} // end else
?>

For an example of the problem, you can visit the page below. Just fill out the form partially and you'll see the problem:

http://www.collegeisamovie.com/movies/passed/

Thanks in advance for any help anyone can provide.

Weedpacket · May 28, 2007

[man]die[/man] terminates the program; nothing after that point is executed.
Solution: don't use die().

jmack159 · May 28, 2007

try storing all the errors in an array, than you can print each error when you need to. i use an associative array with the keys being the field name. so, when you do error checking, if you encounter an error, add it to the error array.

mr_director · May 29, 2007

I'm so new to PHP it's not even funny. Can I just remove the die()? That probably won't work. I don't know how to store things in arrays. What's the easiest solution of of the two and how to I execute it? Or another one?

jmack159 · May 29, 2007

try this on for size:

<?php

$errors = array();

if(isset($_POST['submit'])){

  if(!isset($_POST['username']) && !empty($_POST['username'])){
      $errors['username'] = '<u>ERROR:</u> Make sure you entered a username '
                                         .'foryour comment.';
  }
  if(!isset($_POST['contact']) && !empty($_POST['contact'])){
      $errors['contact'] = '<u>ERROR:</u> Make sure that you entered a contact '
                                    .'address or web-site.';
  }
  if(!isset($_POST['subject']) && !empty($_POST['subject'])){
      $errors['subject'] = '<u>ERROR:</u> Make sure you put a subject on your '
                                    .'comment.';
  }
  if(!isset($_POST['comment']) && !empty($_POST['comment'])){
      $errors['comment'] = '<u>ERROR:</u> You did not enter a comment.';
  }


   //this is for a valid contact
  if(substr($_POST['contact'],0,7) != 'mailto:' && !strstr($_POST['contact'],'//')){
              if(strstr($_POST['contact'],'@'))
                $_POST['contact'] = "mailto:".$_POST['contact']."";
              else
                $_POST['contact'] = "http://".$_POST['contact']."";
   } //end valid contact

   //try to prevent multiple posts and flooding...
   $c = "SELECT * from `comments` WHERE ip = '".$_SERVER['REMOTE_ADDR']."'";
   $c2 = mysql_query($c) or die(mysql_error());
   while($c3 = mysql_fetch_object($c2)){
       $difference = time() - $c3->time;
       if($difference < 60){
          $errors['flood'] = '<u>ALERT:</u> '.$c3->username.', Please wait one minute between '
	    					   .'comments. Also, refresh the page if you cannot see the bottom '
							   .'portion of the page.<BR>';
	   }
   } //end while
   if(count($errors) == 0){
       //add comment
       $q = "INSERT INTO `comments` "
	   	   ."(article_id, page, date, time, username, ip, contact, subject, comment) "
		   ."VALUES ('".$_GET['id']."', '".$_POST['page']."', '".$_POST['date']."', '"
		   .$_POST['time']."', '".addslashes(htmlspecialchars($_POST['username']))."', '"
		   .$_SERVER['REMOTE_ADDR']."', '".addslashes(htmlspecialchars($_POST['contact']))."', '"
		   .addslashes(htmlspecialchars($_POST['subject']))."', '"
		   .addslashes(nl2br(htmlspecialchars($_POST['comment'])))."')";

   $q2 = mysql_query($q) or die(mysql_error());
   if($q2){
   		//refresh page so they can see new comment
   		header('Location: http://' . $_SERVER['HTTP_HOST'] . $_POST['page'] . '#comments');
   }
   }
}
//}else{  //display form

if(array_key_exists('flood', $errors)){
    echo $errors['flood'];
}
?>
<form name="comments" action="<? $_SERVER['PHP_SELF']; ?>" method="post">

<input type="hidden" name="page" value="<? echo($_SERVER['REQUEST_URI']); ?>">
<input type="hidden" name="date" value="<? echo(date("F j, Y.")); ?>">
<input type="hidden" name="time" value="<? echo(time()); ?>">

<table width="100%" border="0" cellspacing="0" cellpadding="0">
   <tr>
      <td class="commentformLeftColumn"><div align="right">Name:   </div></td>
       <td class="commentformRightColumn"><input name="username" type="text" size="30" value="" class="commentformTextField">
<?php
if(array_key_exists('username', $errors)){
    echo $errors['username'];
}
?>
</td>
   </tr>
    <tr>
      <td class="commentformLeftColumn"><div align="right">Contact:   </div></td>
      <td class="commentformRightColumn"><input type="text" name="contact" size="30" value="" class="commentformTextField">
      <i>(e-mail or web-site) </i>
<?php
if(array_key_exists('contact', $errors)){
    echo $errors['contact'];
}
?>
</td>
    </tr>
    <td class="commentformLeftColumn"><div align="right">Subject:   </div></td>
    <td class="commentformRightColumn"><input type="text" name="subject" size="30" value="" class="commentformTextField">
<?php
if(array_key_exists('subject', $errors)){
    echo $errors['subject'];
}
?>
</td>
    </tr>
    <tr>
      <td class="commentformLeftColumn"><div align="right">Comment:   </div></td>
      <td class="commentformRightColumn"><textarea name="comment" cols="45" rows="5" wrap="VIRTUAL" class="commentformTextArea"></textarea>
<?php
if(array_key_exists('comment', $errors)){
    echo $errors['comment'];
}
?>
</td>
    </tr>
    <tr>
      <td></td>
      <td colspan="2" class="commentformRightColumn"><input type="submit" name="submit" value="Add Comment" class="commentformSubmit"></td>
    </tr>
  </table>
</form>

needs some work on preventing sql injection and some other security measures, but it gets the error thing done with an array.

hope this helps

mr_director · Jun 5, 2007

What exactly do I need to keep from my old script? Because this one doesn't connect to my database. I tried keeping the top portion where it does connect, but then the errors wouldn't work. It basically allowed anyone to comment without filling in any of the required sections.

Error messages stop page from loading

Mmr_director

Weedpacket

Jjmack159

Mmr_director

Jjmack159

Mmr_director