// connect the database
$link = mysql_connect('emhdesignnet.ipowermysql.com', 'emhdesign', 'EM12h3!?');
if (!$link) {
die('Could not connect: ' . mysql_error());
}
mysql_select_db('guest_book');
/********************************************************/
// form and add stuff area
if ( $_POST ['submit'] ) {
$first_name = strip_tags ( $_POST ['first_name'] );
$middle_name = strip_tags ( $_POST ['middle_name'] );
$last_name = strip_tags ( $_POST ['last_name'] );
$deceased_first_name = strip_tags ( $_POST ['deceased_first_name'] );
$deceased_middle_name = strip_tags ( $_POST ['deceased_middle_name'] );
$deceased_last_name = strip_tags ( $_POST ['deceased_last_name'] );
$phone_number = strip_tags ( $_POST ['phone_number'] );
$email = strip_tags ( $_POST ['email'] );
$entry_date = strip_tags ( $_POST ['entry_date'] );
$message = strip_tags ( $_POST ['message'] );
if ($first_name && $last_name && $phone_number && $email ){
$ip = $_SERVER [ 'REMOTE _ADDR' ];
$csrf = $_SESSION [ "csrf_token" ];
if($_SESSION["csrf_token"] == $_POST["csrf_token"] )
{
// submit data
}
//inside from
$_SESSION["csrf_token"] = md5(rand(0,10000000)).time();
// add to the db
mysql_query ( "INSERT INTO guestbook VALUES (' ', '$first_name', '$middle_name', '$last_name', '$deceased_first_name', '$deceased_middle_name', '$deceased_last_name', '$phone_number', '$email', '$entry_date' , '$message' , '$ip' )" ) ;
echo "
*Your post has been added.
";
}
else
echo "
*You did not fill out all required fields!
";
}
echo "";
/********************************************************/
// display stuff area
$query = mysql_query ("SELECT * FROM guestbook ORDER BY id DESC");
$numrows = mysql_num_rows($query);
if ($numrows > 0) {
while ( $row=mysql_fetch_assoc($query)) {
$id = $row['id'];
$first_name = $row['first_name'];
$middle_name = $row['middle_name'];
$last_name = $row['last_name'];
$deceased_first_name = $row['deceased_first_name'];
$deceased_middle_name = $row['deceased_middle_name'];
$deceased_last_name = $row['deceased_last_name'];
$phone_number = $row['phone_number'];
$email = $row['email'];
$entry_date = $row['entry_date'];
$message = $row['message'];
$ip = $row['ip'];
echo"
In Loving Memory of
$deceased_first_name
$deceased_middle_name
$deceased_last_name
Memorial Candle Lit By
$first_name
$middle_name
$last_name
$entry_date
$message
";
}
}
else
echo "
Please fill out all required areas. You can change the message or click submit.
";
mysql_close( );
?>