I made this PHP script, which sends data to an mysql server. The form itself is embedded inside the PHP file and sends the data to the PHP file....
I have no idea if it is working, as I can't test it anywhere...so I was hoping one of you guys could like test it....or look through it too see any obvious mistakes....
anyway here is the complete script:
Code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<?PHP
$db_host = "localhost";
$db_user = "lefteh";
$db_pwd = "1234";
$db_name = "MyDB";
if (!file_exists("$db_host")){
die("host niet gevonden")}
mysql_connect($db_host, $db_user, $db_pwd);
if (!file_exists("$db_name")){
die("database niet gevonden")}
mysql_select_db($db_name);
?>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>
<body>
<?php if(!isset ($_POST ['Submit'])) {
?>
<table width="65%" cellspacing="0" cellpadding="0" border="0" align="center">
<tr>
<td width="1%" bgcolor="#330099" class="edge-tl" height="10"></td>
<td width="98%" align="center" valign="middle" bgcolor="#330099"></td>
<td width="1%" bgcolor="#330099" class="edge-tr" height="10">
</td>
</tr>
<tr>
<td width="1%" bgcolor="#330099"></td>
<td width="98%" bgcolor=""><table width="98%" border="0" cellspacing="10" cellpadding="0" align="center">
<tr><td>
<!-- Hieronder bij "form action" het pad invullen naar het mailform.asp document op de server. Ook bij "img src" pad invullen naaar logo. -->
<form action="http://members.lycos.nl/erikknippels/mailform.asp" method="post" name="form">
<img src="http://members.lycos.nl/logo RWE.png" width="114" height="55" align="right">
<table width="83%" cellspacing="5" cellpadding="0" border="0">
<tr><td width="34%" valign="center" class="He1">
1. Huidige Datum</td>
<td width="66%" valign="left" class="B2">
<INPUT TYPE="text" NAME="huidige_datum" maxlength="15" size="15" value="<datum> " ></td>
</tr>
<tr><td width="34%" valign="center" class="He1">
2. Tijd</td>
<td width="66%" valign="left" class="B2">
<INPUT TYPE="text" NAME="tijd" maxlength="255" size="15" value="<uu:mm>" ></td>
</tr>
<tr><td width="34%" valign="center" class="He1">
3. Verwerkt Facilities</td>
<td width="66%" valign="center">
<INPUT TYPE="text" NAME="vf" maxlength="255" size="28" value="" ></td>
</tr>
<tr><td width="34%" valign="center" class="He1">
4. Apparatuur</td>
<td width="66%" valign="center" class="B2">
<!--Hier nog eventjes de apparaten invullen zoals bij beamer is gedaan -->
<Select NAME="apparatuur" class="B2">
<Option Value="Beamer">Beamer
<Option Value="Laptop">Laptop
<Option Value="Flip-over">Flipover
</Select>
<!--Hier nog eventjes de apparaten invullen zoals bij beamer is gedaan --></td>
</tr>
<tr><td width="34%" valign="center" class="He1">
5. Lunch</td>
<td width="66%" valign="center">
<Select NAME="lunch" class="B2">
<Option Value="standaard">standaard
<Option Value="luxe">luxe
<Option Value="aangepast">aangepast
</Select></td>
</tr>
<tr><td width="34%" valign="center" class="He1">
6. Kamer</td><td width="66%" valign="center">
<Select NAME="kamer" class="B2">
<Option Value="eigen kamer">eigen kamer
<Option Value="filmzaal">filmzaal
<Option Value="auditorium">auditorium
<Option Value="dokterskamer">dokterskamer
<Option Value="2.17">2.17
</Select>
</td>
</tr>
<tr><td width="34%" valign="center" class="He1">
7. Datum reservering</td>
<td width="66%" valign="center" class="B2">
<INPUT NAME="datum_reservering" TYPE="text" size="15" maxlength="15" value="<dd:mm:jj>" ></td>
</tr>
<tr><td width="34%" valign="center" class="He1">
8. Naam</td>
<td width="66%" valign="center">
<INPUT NAME="naam" TYPE="text" size="25" maxlenght="255" value="" ></td>
</tr>
<tr><td width="34%" height="35" valign="center" class="He1">
9. Opmerkingen</td>
<td width="66%" valign="center">
<textarea name="opmerkingen" cols="50" rows="4" height="70" value=""></textarea></td>
</tr>
<tr><td width="34%" height="30" valign="center" class="He1">
</table>
<center>
<INPUT TYPE="submit" NAME="Apply" VALUE="Submit">
</center>
</form>
</td></tr>
</table>
</td>
<td width="1%" bgcolor="#330099">
</td>
</tr>
<tr>
<td width="1%" bgcolor="#330099" class="edge-bl" height="10"></td>
<td width="98%" bgcolor="#330099"></td>
<td width="1%" bgcolor="#330099"class="edge-br" height="10">
</td>
</tr>
</table>
<?php } else {
if (isset($_POST['submit'])) {
$exploits = "/(content-type|bcc:|cc:|document.cookie|onclick|onload|javascript|alert)/i";
$profanity = "/(beastial|bestial|blowjob|clit|cock|cum|cunilingus|cunillingus|cunnilingus|****|ejaculate|***|felatio|fellatio|****|fuk|fuks|gangbang|ga ngbanged|gangbangs|hotsex|jism|jiz|kock|kondum|kum|kunilingus |orgasim|orgasims|orgasm|orgasms|phonesex|phuk|phuq|porn|pussies|pussy|spunk|xxx)/i";
$spamwords = "/(viagra|phentermine|tramadol|adipex|advai|alprazolam|ambien|ambian|amoxicillin|antivert|blackjack|backgammon|texas|holdem|poker|carisoprodol|ciara|ciprofloxacin|debt|dating|porn)/i";
$bots = "/(Indy|Blaiz|Java|libwww-perl|Python|OutfoxBot|User-Agent|PycURL|AlphaServer)/i";
if (preg_match($bots, $_SERVER['HTTP_USER_AGENT'])) {
exit("<p>Spambots zijn niet toegestaatn!</p>");
}
foreach ($_POST as $key => $value) {
$value = trim($value);
if (preg_match($exploits, $value)) {
exit("<p>Scripts zijn niet toegestaan.</p>");
} elseif (preg_match($profanity, $value) || preg_match($spamwords, $value)) {
exit("<p>Dat taalgebruik is niet toegestaan in ons formulier.</p>");
}
}
mysql_query("INSERT INTO `Reservering` (huidige_datum, tijd, vf, apparatuur, lunch, kamer, datum_reservering, naam, opmerking) VALUES (‘$huidige_datum’, ‘$tijd’, ‘$vf’, ‘$apparatuur’, ‘$lunch’, ‘$kamer’, ‘$datum_reservering’, ‘$naam’, ‘$opmerkingen’)");
if (mysql_query("INSERT_INTO, `Reservering` ") { echo '<a href="http://members.lycos.nl/erikknippels/S3B.gif">Klik hier om door te gaan</a> }
else{ echo "<p>Er is een fout opgetreden bij de versturing, probeer het later AUB. opnieuw.</p>"
?>
</center>
</body>
</html>
This is the PHP part (just without the HTML)
PHP Code:
<?PHP
$db_host = "localhost";
$db_user = "lefteh";
$db_pwd = "1234";
$db_name = "MyDB";
if (!file_exists("$db_host")){
die("host niet gevonden")}
mysql_connect($db_host, $db_user, $db_pwd);
if (!file_exists("$db_name")){
die("database niet gevonden")}
mysql_select_db($db_name);
?>
<?php if(!isset ($_POST ['Submit'])) {
?>
<?php } else {
if (isset($_POST['submit'])) {
$exploits = "/(content-type|bcc:|cc:|document.cookie|onclick|onload|javascript|alert)/i";
$profanity = "/(beastial|bestial|blowjob|clit|cock|cum|cunilingus|cunillingus|cunnilingus|****|ejaculate|***|felatio|fellatio|****|fuk|fuks|gangbang|ga ngbanged|gangbangs|hotsex|jism|jiz|kock|kondum|kum|kunilingus |orgasim|orgasims|orgasm|orgasms|phonesex|phuk|phuq|porn|pussies|pussy|spunk|xxx)/i";
$spamwords = "/(viagra|phentermine|tramadol|adipex|advai|alprazolam|ambien|ambian|amoxicillin|antivert|blackjack|backgammon|texas|holdem|poker|carisoprodol|ciara|ciprofloxacin|debt|dating|porn)/i";
$bots = "/(Indy|Blaiz|Java|libwww-perl|Python|OutfoxBot|User-Agent|PycURL|AlphaServer)/i";
if (preg_match($bots, $_SERVER['HTTP_USER_AGENT'])) {
exit("<p>Spambots zijn niet toegestaatn!</p>");
}
foreach ($_POST as $key => $value) {
$value = trim($value);
if (preg_match($exploits, $value)) {
exit("<p>Scripts zijn niet toegestaan.</p>");
} elseif (preg_match($profanity, $value) || preg_match($spamwords, $value)) {
exit("<p>Dat taalgebruik is niet toegestaan in ons formulier.</p>");
}
}
mysql_query("INSERT INTO `Reservering` (huidige_datum, tijd, vf, apparatuur, lunch, kamer, datum_reservering, naam, opmerking) VALUES (‘$huidige_datum’, ‘$tijd’, ‘$vf’, ‘$apparatuur’, ‘$lunch’, ‘$kamer’, ‘$datum_reservering’, ‘$naam’, ‘$opmerkingen’)");
if (mysql_query("INSERT_INTO, `Reservering` ") { echo '<a href="http://members.lycos.nl/erikknippels/S3B.gif">Klik hier om door te gaan</a> }
else{ echo "<p>Er is een fout opgetreden bij de versturing, probeer het later AUB. opnieuw.</p>"
?>