1. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2. "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3. <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
4. <head>
5. <meta http-equiv="content-type" content="text/html; charset=utf-8" />
6. <title>Add a Blog Entry</title>
7. </head>
8. <body>
9. <?php // Script 12.6 - add_entry.php #2
10. /* This script adds a blog entry to the database. It now does so securely! */
11.
12. if (isset($_POST['submitted'])) { // Handle the form.
13.
14. // Connect and select:
15. $dbc = mysql_connect('h41mysql35.secureserver.net', 'yrosenthal', 'Password.1');
16. mysql_select_db('yrosenthal');
17.
18. // Validate and secure the form data:
19. $problem = FALSE;
20. if (!empty($_POST['title']) && !empty($_POST['entry'])) {
21. $title = mysql_real_escape_string(trim($_POST['title']));
22. $entry = mysql_real_escape_string(trim($_POST['entry']));
23. } else {
24. print '<p style="color: red;">Please submit both a title and an entry.</p>';
25. $problem = TRUE;
26. }
27.
28. if (!$problem) {
29.
30. // Define the query:
31. $query = "INSERT INTO entries (entry_id, title, entry, date_entered) VALUES (0, '$title', '$entry', NOW())";
32.
33. // Execute the query:
34. if (@mysql_query($query)) {
35. print '<p>The blog entry has been added!</p>';
36. } else {
37. print '<p style="color: red;">Could not add the entry because:<br />' . mysql_error() . '.</p><p>The query being run was: ' . $query . '</p>';
38. }
39.
40. } // No problem!
41.
42. mysql_close();
43.
44. } // End of form submission IF.
45.
46. // Display the form:
47. ?>
48. <form action="script_12_06.php" method="post">
49. <p>Entry Title: <input type="text" name="title" size="40" maxsize="100" /></p>
50. <p>Entry Text: <textarea name="entry" cols="40" rows="5"></textarea></p>
51. <input type="submit" name="submit" value="Post This Entry!" />
52. <input type="hidden" name="submitted" value="true" />
53. </form>
54. </body>
55. </html>