[PHP] MySQL database with HTML form

[unleash]

I made this PHP script, which sends data to an mysql server. The form itself is embedded inside the PHP file and sends the data to the PHP file....

I have no idea if it is working, as I can't test it anywhere...so I was hoping one of you guys could like test it....or look through it too see any obvious mistakes....

anyway here is the complete script:

Code:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<?PHP 
$db_host = "localhost";
$db_user = "lefteh";
$db_pwd = "1234";
$db_name = "MyDB";

if (!file_exists("$db_host")){
	die("host niet gevonden")}

mysql_connect($db_host, $db_user, $db_pwd);

if (!file_exists("$db_name")){
	die("database niet gevonden")}

mysql_select_db($db_name);

?>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>

<body>
<?php if(!isset ($_POST ['Submit'])) {
?>
<table width="65%" cellspacing="0" cellpadding="0" border="0" align="center">
<tr>
<td width="1%" bgcolor="#330099" class="edge-tl" height="10"></td>
<td width="98%" align="center" valign="middle" bgcolor="#330099"></td>
<td width="1%" bgcolor="#330099" class="edge-tr" height="10">
</td>
</tr>

<tr>
<td width="1%" bgcolor="#330099"></td>
<td width="98%" bgcolor=""><table width="98%" border="0" cellspacing="10" cellpadding="0" align="center">
  <tr><td>
 <!-- Hieronder bij "form action" het pad invullen naar het mailform.asp document op de server. Ook bij "img src" pad invullen naaar logo. -->
  <form action="http://members.lycos.nl/erikknippels/mailform.asp" method="post" name="form">
    <img src="http://members.lycos.nl/logo RWE.png" width="114" height="55" align="right">
    <table width="83%" cellspacing="5" cellpadding="0" border="0">

<tr><td width="34%" valign="center" class="He1">

1.  Huidige Datum</td>
<td width="66%" valign="left" class="B2">
  <INPUT TYPE="text" NAME="huidige_datum" maxlength="15" size="15" value="<datum> " ></td>
</tr>


<tr><td width="34%" valign="center" class="He1">

2. Tijd</td>
<td width="66%" valign="left" class="B2">

<INPUT TYPE="text" NAME="tijd" maxlength="255"  size="15" value="<uu:mm>" ></td>
</tr>

<tr><td width="34%" valign="center" class="He1">

3.  Verwerkt Facilities</td>
<td width="66%" valign="center">

<INPUT TYPE="text" NAME="vf" maxlength="255" size="28" value="" ></td>
</tr>


<tr><td width="34%" valign="center" class="He1">

4.  Apparatuur</td>
<td width="66%" valign="center" class="B2">
<!--Hier nog eventjes de apparaten invullen zoals bij beamer is gedaan -->
<Select NAME="apparatuur" class="B2">
<Option Value="Beamer">Beamer
<Option Value="Laptop">Laptop
<Option Value="Flip-over">Flipover
</Select>
<!--Hier nog eventjes de apparaten invullen zoals bij beamer is gedaan --></td>
</tr>


<tr><td width="34%" valign="center" class="He1">

5.  Lunch</td>
<td width="66%" valign="center">

<Select NAME="lunch" class="B2">

<Option Value="standaard">standaard
<Option Value="luxe">luxe
<Option Value="aangepast">aangepast
</Select></td>
</tr>


<tr><td width="34%" valign="center" class="He1">

6.  Kamer</td><td width="66%" valign="center">

<Select NAME="kamer" class="B2">

<Option Value="eigen kamer">eigen kamer
<Option Value="filmzaal">filmzaal
<Option Value="auditorium">auditorium
<Option Value="dokterskamer">dokterskamer
<Option Value="2.17">2.17
</Select>

</td>
</tr>


<tr><td width="34%" valign="center" class="He1">

7.  Datum reservering</td>
<td width="66%" valign="center" class="B2">

<INPUT NAME="datum_reservering" TYPE="text" size="15" maxlength="15" value="<dd:mm:jj>" ></td>
</tr>

<tr><td width="34%" valign="center" class="He1">

8.  Naam</td>
<td width="66%" valign="center">

<INPUT NAME="naam" TYPE="text" size="25" maxlenght="255" value="" ></td>
</tr>


<tr><td width="34%" height="35" valign="center" class="He1">

9.  Opmerkingen</td>
<td width="66%" valign="center">

  <textarea name="opmerkingen" cols="50" rows="4" height="70" value=""></textarea></td>
</tr>

<tr><td width="34%" height="30" valign="center" class="He1">


</table>
    <center>
<INPUT TYPE="submit" NAME="Apply" VALUE="Submit">

</center>
</form>
</td></tr>
</table>

</td>
<td width="1%" bgcolor="#330099">
</td>
</tr>

<tr>
<td width="1%" bgcolor="#330099" class="edge-bl"  height="10"></td>
<td width="98%" bgcolor="#330099"></td>
<td width="1%" bgcolor="#330099"class="edge-br"  height="10">
</td>
</tr>
</table>
<?php } else {

if (isset($_POST['submit'])) {
    $exploits = "/(content-type|bcc:|cc:|document.cookie|onclick|onload|javascript|alert)/i";
    $profanity = 	"/(beastial|bestial|blowjob|clit|cock|cum|cunilingus|cunillingus|cunnilingus|****|ejaculate|***|felatio|fellatio|****|fuk|fuks|gangbang|ga	ngbanged|gangbangs|hotsex|jism|jiz|kock|kondum|kum|kunilingus	|orgasim|orgasims|orgasm|orgasms|phonesex|phuk|phuq|porn|pussies|pussy|spunk|xxx)/i";
    $spamwords = "/(viagra|phentermine|tramadol|adipex|advai|alprazolam|ambien|ambian|amoxicillin|antivert|blackjack|backgammon|texas|holdem|poker|carisoprodol|ciara|ciprofloxacin|debt|dating|porn)/i";
    $bots = "/(Indy|Blaiz|Java|libwww-perl|Python|OutfoxBot|User-Agent|PycURL|AlphaServer)/i";

    if (preg_match($bots, $_SERVER['HTTP_USER_AGENT'])) {
        exit("<p>Spambots zijn niet toegestaatn!</p>");
    }
    foreach ($_POST as $key => $value) {
        $value = trim($value);

        if (preg_match($exploits, $value)) {
            exit("<p>Scripts zijn niet toegestaan.</p>");
        } elseif (preg_match($profanity, $value) || preg_match($spamwords, $value)) {
            exit("<p>Dat taalgebruik is niet toegestaan in ons formulier.</p>");
        }

      }

mysql_query("INSERT INTO `Reservering` (huidige_datum, tijd, vf, apparatuur, lunch, kamer, datum_reservering, naam, opmerking) VALUES (‘$huidige_datum’, ‘$tijd’, ‘$vf’, ‘$apparatuur’, ‘$lunch’, ‘$kamer’, ‘$datum_reservering’, ‘$naam’, ‘$opmerkingen’)");

if (mysql_query("INSERT_INTO, `Reservering` ") { echo '<a href="http://members.lycos.nl/erikknippels/S3B.gif">Klik hier om door te gaan</a>  }
else{ echo "<p>Er is een fout opgetreden bij de versturing, probeer het later AUB. opnieuw.</p>"
?>

</center>

</body>
</html>

This is the PHP part (just without the HTML)

PHP Code:

<?PHP 
$db_host = "localhost";
$db_user = "lefteh";
$db_pwd = "1234";
$db_name = "MyDB";

if (!file_exists("$db_host")){
    die("host niet gevonden")}

mysql_connect($db_host, $db_user, $db_pwd);

if (!file_exists("$db_name")){
    die("database niet gevonden")}

mysql_select_db($db_name);

?>
<?php if(!isset ($_POST ['Submit'])) {
?>
<?php } else {

if (isset($_POST['submit'])) {
    $exploits = "/(content-type|bcc:|cc:|document.cookie|onclick|onload|javascript|alert)/i";
    $profanity =     "/(beastial|bestial|blowjob|clit|cock|cum|cunilingus|cunillingus|cunnilingus|****|ejaculate|***|felatio|fellatio|****|fuk|fuks|gangbang|ga    ngbanged|gangbangs|hotsex|jism|jiz|kock|kondum|kum|kunilingus    |orgasim|orgasims|orgasm|orgasms|phonesex|phuk|phuq|porn|pussies|pussy|spunk|xxx)/i";
    $spamwords = "/(viagra|phentermine|tramadol|adipex|advai|alprazolam|ambien|ambian|amoxicillin|antivert|blackjack|backgammon|texas|holdem|poker|carisoprodol|ciara|ciprofloxacin|debt|dating|porn)/i";
    $bots = "/(Indy|Blaiz|Java|libwww-perl|Python|OutfoxBot|User-Agent|PycURL|AlphaServer)/i";

    if (preg_match($bots, $_SERVER['HTTP_USER_AGENT'])) {
        exit("<p>Spambots zijn niet toegestaatn!</p>");
    }
    foreach ($_POST as $key => $value) {
        $value = trim($value);

        if (preg_match($exploits, $value)) {
            exit("<p>Scripts zijn niet toegestaan.</p>");
        } elseif (preg_match($profanity, $value) || preg_match($spamwords, $value)) {
            exit("<p>Dat taalgebruik is niet toegestaan in ons formulier.</p>");
        }

      }

mysql_query("INSERT INTO `Reservering` (huidige_datum, tijd, vf, apparatuur, lunch, kamer, datum_reservering, naam, opmerking) VALUES (‘$huidige_datum’, ‘$tijd’, ‘$vf’, ‘$apparatuur’, ‘$lunch’, ‘$kamer’, ‘$datum_reservering’, ‘$naam’, ‘$opmerkingen’)");

if (mysql_query("INSERT_INTO, `Reservering` ") { echo '<a href="http://members.lycos.nl/erikknippels/S3B.gif">Klik hier om door te gaan</a>  }
else{ echo "<p>Er is een fout opgetreden bij de versturing, probeer het later AUB. opnieuw.</p>"
?>

[thatpyrokid]

Just by looking at that, I can tell you missed quite a few things. "elseif" for example... It should be two words. I think you missed a lot of semi-colons, too.

And uhh, what's up with that $profanity, $spamwords, etc?

[tamlin]

Quote:

Originally Posted by thatpyrokid

"elseif" for example... It should be two words.

Actually, it doesn't matter in PHP. You can use either ELSEIF or ELSE IF with the same effect, although I'd suggest ELSEIF makes the code a little more readable.

[unleash]

well as it is a form, it can also be filled by spambots or alike....

so I therefore added that security to the form. Because if anyone types in one of those words(I copied the list of the net) than the form will not be sent, but instead an error message will be shown. This also goes for some code words....

that "$spamwords" is just a variable I use to check the form with...I could put any word I want in that list, and the form will be checked for it!....

[thatpyrokid]

Well, yeah. I'm dumb.

All right, I ran the script.
You're missing semi colons on lines 10 and 16 and there's an unexpected '{' on 190.

[unleash]

alright, what are you using? dreamweaver?

anyway, thank you...I will adjust that right away. And after I finished that Im going to make my PC act as a server.

*singing: Whee Im going to build myself a server, going to build myself a server...... *

[thatpyrokid]

Oh, um. Notepad++ is a good program to use. It has a bunch of different languages and color coding.

Three cheers for color coding.