Jump to content

Recommended Posts

i have created a guestbook for my website, but everytime i add a comment it just put the comment below the other. I want it so that the first page only shows maybe 35 comments, then a new page will be created and then 35 comments can be placed there etc.

 

echo "<h1>guestbook</h1>";

echo "<hr />";
$form = "
<form action='index.php' method='POST'>
<table>
<tr>
<td>name:</td>
<td><input type='text' name='name' /></td>
</tr>
<tr>
<td>message:</td>
<td><textarea rows='5' cols='30' name='message'></textarea></td>
</tr>
<tr>
<td></td>
<td><input type='submit' name='submit' /></td>
</tr>
</table>
</form>
";
include "connect.php";
$getdata = mysql_query("SELECT * FROM guestbook ORDER BY id DESC");
while($row = mysql_fetch_assoc($getdata))
{
$id = $row['id'];
$name = $row['name'];
$message = $row['message'];
$date = $row['date'];
$message = nl2br($message);
echo "
<table>
<tr>
<td><strong>lastet opp av $name. Dato: $date</strong></td>
</tr>
<tr>
<td>$message</td>
</tr><br />
</table>
";
}
echo "<hr />";
$submit = $_POST['submit'];
if($submit)
{
$name = $_POST['name'];
$message = $_POST['message'];
if($name && $message)
{
include "connect.php";
$query = mysql_query("SELECT * FROM guestbook WHERE name='$name' && message='$message'");
$numrows = mysql_num_rows($query);
if($numrows == 0)
{
mysql_query("INSERT INTO guestbook VALUES('','$name','$message',CURDATE())");
echo "du har sent en melding $form";
}
else
{
echo "du kan ikke sende den samme meldingen om igjen $form";
}
}
else
{
echo "du må fylle ut skjemaet $form";
}
}
else
{
echo $form;
}
?>
Link to post
Share on other sites

They call that pagination, there should be several examples online:

 

https://www.google.com/search?client=opera&q=php+pagination&sourceid=opera&ie=UTF-8&oe=UTF-8

 

Essentially, you'll need to define some variables like how many results to show per page and which page you're currently showing, and you can use that to figure out the records to get from the database and show only that page. Your links to the next and previous pages will just change the page number that you're currently showing.

 

Your code isn't secure, though. You're using the very old and deprecated mysql extension instead of something more modern and secure like mysqli or PDO, and your queries are vulnerable to SQL injection attacks. Without some validation, your site is also open to a variety of other attacks like cross-site scripting vulnerabilities because you're not sanitizing the data that people enter. They could be writing some Javascript code that they want to inject on your site so that all of your users run it.

 

https://www.google.com/search?client=opera&q=protect+against+sql+injection+attacks+in+php&sourceid=opera&ie=UTF-8&oe=UTF-8

https://www.google.com/search?client=opera&q=protect+against+cross+site+scripting+attacks+in+php

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...