CODE
<?php
if (isset($_POST['submit_comment'])) {
if (empty($_POST['name']) || empty($_POST['email']) || empty($_POST['comment'])) {
die("You have forgotten to fill in one of the required fields! Please make sure you submit a name, e-mail address and comment.");
}
$entry = htmlspecialchars(strip_tags($_POST['entry']));
$timestamp = htmlspecialchars(strip_tags($_POST['timestamp']));
$name = htmlspecialchars(strip_tags($_POST['name']));
$email = htmlspecialchars(strip_tags($_POST['email']));
$url = htmlspecialchars(strip_tags($_POST['url']));
$comment = htmlspecialchars(strip_tags($_POST['comment']));
$comment = nl2br($comment);
if (!get_magic_quotes_gpc()) {
$name = addslashes($name);
$url = addslashes($url);
$comment = addslashes($comment);
}
if (!eregi("^([_a-z0-9-]+)(\.[_a-z0-9-]+)*@([a-z0-9-]+)(\.[a-z0-9-]+)*(\.[a-z]{2,4})$", $email)) {
die("The e-mail address you submitted does not appear to be valid. Please go back and correct it.");
}
mysql_connect ('localhost', 'xxx', 'xxx');
mysql_select_db ('xxx');
$result = mysql_query("INSERT INTO xxx (entry, timestamp, name, email, url, comment) VALUES ('$entry','$date','$name','$email','$url','$comment')");
header("Location: single.php?id=" . $entry);
}
else {
die("Error: you cannot access this page directly.");
}
?>
and here is my journal page
CODE
<?php
mysql_connect ('localhost', 'xxx', 'xxx');
mysql_select_db ('xxx');
if (!isset($_GET['id']) || !is_numeric($_GET['id'])) {
die("Invalid ID specified.");
}
$id = (int)$_GET['id'];
//Previous and next links
$sql_prev = "SELECT * FROM xxx WHERE id < '$id' ORDER BY id DESC LIMIT 1";
$result_prev = mysql_query ($sql_prev) or print ("Can't select previous entry id table xxx.<br />" . $sql_prev . "<br />" . mysql_error());
while ($row = mysql_fetch_array($result_prev)) {
$prev = $row['id'];
}
if (isset($prev)) {
// print a previous link
printf("<div align=\"center\"><a href=\"single.php?id=%s\">« previous</a> -- ", $prev);
}
else {
// just print the word "previous"
print"<div align=\"center\">previous -- ";
}
print"<a href=\"<A href="'http://www.brownsugar283.com\"">http://www.brownsugar283.com\">main</a> -- ";
$sql_next = "SELECT * FROM xxx WHERE id > '$id' ORDER BY id LIMIT 1";
$result_next = mysql_query ($sql_next) or print ("Can't select next entry id table xxx.<br />" . $sql_next . "<br />" . mysql_error());
while ($row = mysql_fetch_array($result_next)) {
$next = $row['id'];
}
if (isset($next)) {
// print a next link
printf(" <a href=\"single.php?id=%s\">next »</a></div>", $next);
}
else {
// just print the word "next"
print"next</div>";
}
print"<br />";
$sql = "SELECT * FROM xxx WHERE id='$id' LIMIT 1";
$result = mysql_query($sql) or print ("Can't select entry from table xxx.<br />" . $sql . "<br />" . mysql_error());
while($row = mysql_fetch_array($result)) {
$date = date("F d, Y",$row["timestamp"]);
$title = $row["title"];
$category = $row["category"];
$entry = $row["entry"];
$time = date("g:i a",$row["timestamp"]);
$id = $row["id"];
print "<h4><a href=\"dailydose/single.php?id=$id\">$title</a></h4>";
print "<div class=\"ddcontent\">$entry</div>";
print "<br /><br />";
print "<h5>Posted on $date @ $time | ";
$result2 = mysql_query ("SELECT id FROM xxx WHERE entry=$id");
$num_rows = mysql_num_rows($result2);
if($num_rows)
{
echo "<a href=\"dailydose/single.php?id=$id\">($num_rows)</a> Comments";
}
else
{
echo"<a href=\"dailydose/single.php?id=$id\">Comment?</a>";
}
print " | Tagged: $category</h5>";
}
$commenttimestamp = strtotime("now");
$sql = "SELECT * FROM xxx WHERE entry='$id' ORDER BY timestamp";
$result = mysql_query ($sql) or print ("Can't select comments from table xxx.<br />" . $sql . "<br />" . mysql_error());
while($row = mysql_fetch_array($result)) {
$timestamp = date("F d, Y", $row['timestamp']);
$time = date("g:i a",$row["timestamp"]);
printf("<div class=\"commentsentry\">");
print("<p>" . stripslashes($row['comment']) . "</p>");
printf("<p>Posted by <a href=\"%s\">%s</a> %s</p>", stripslashes($row['url']), stripslashes($row['name']), "<br />$timestamp @ $time");
printf("</div><br />");
}
$timestamp=strtotime("now");
print"<form method=\"post\" action=\"process.php\">\n";
print"<input type=\"hidden\" name=\"entry\" value=\"$id\">\n";
print("<input type=\"hidden\" name=\"commenttimestamp\" value=\"<?php echo $commenttimestamp; ?>\">\n");
print"<div align=\"center\">";
print"<table class=\"t1\" width=\"400\" border=\"0\" cellpadding=\"0\" cellspacing=\"5\">
<tbody>
<tr>
<td width=\"180\" rowspan=\"5\" valign=\"top\">";
print"Name<br /><input type=\"text\" name=\"name\" size=\"25\" value=\"\"><br /><br />";
print"Email<br /><input type=\"text\" name=\"email\" size=\"25\" value=\"\"><br /><br />";
print"Url: <br />input type=\"text\" name=\"url\" size=\"25\" value=\"http://">";
print"<br /><br /></td>
<td width=\"1\" rowspan=\"5\" valign=\"top\" class=\"cline\"><img src=\"../images/spacer.gif\"
alt=\"spacer\" width=\"1\" height=\"1\" border=\"0\" /></td>
</tr>";
print"<tr>
<td height=\"16\" valign=\"top\">Comments<br />
<textarea cols=\"30\" rows=\"8\" name=\"comment\"></textarea></td>
</tr>";
print"<tr>
<td height=\"16\" valign=\"top\"><input type=\"submit\" name=\"submit_comment\"
value=\"comment\">\n
</td>
</tr>";
print"</tbody>
</table>
</div>";
print"</form>\n";
?>
</td>
</tr>
Am I overlooking some that is so plain to see?