guestbook/submit-sql.php

112 lines
2.5 KiB
PHP

<?php
# Setup Data Object
class data {
public $name;
public $message;
public $date;
public $mlength;
public $nlength;
function set_date() {
$this->date = date("Y M d");
}
function set_mlength() {
$this->mlength = strlen($this->message);
}
function set_nlength() {
$this->nlength = strlen($this->name);
}
}
if (!isset($_SERVER["HTTP_HOST"])) {
parse_str($argv[1], $_POST);
}
# Make ndata Object
$ndata = new data();
# Setup Variables for name and Message
$name = $ndata->name = htmlspecialchars($_POST["fname"]);
$message = $ndata->message = htmlspecialchars($_POST["fmessage"]);
# Setup Misc Info like date and lengths
$ndata->set_date();
$ndata->set_mlength();
$ndata->set_nlength();
$mlength = $ndata->mlength;
$nlength = $ndata->nlength;
# Setup Redirect URL
$newURL = "https://" . $_SERVER['SERVER_NAME'] . "/guestbook/index.html";
# Check name and message
if ($name == "") {
header('Refresh:2; url=' . $newURL );
echo "There is no name, Try again with a name";
exit();
}
if ($message == "") {
header('Refresh:2; url=' . $newURL );
echo "There is no message, Try again with a message";
exit();
}
if($mlength > 200) {
header('Refresh:2; url=' . $newURL );
echo "This message is too long";
exit();
}
if($nlength > 25 ) {
header('Refresh:2; url=' . $newURL );
echo "The name is too long";
exit();
}
# The DBH Info
$dbh = new PDO('sqlite:/home/evan/Development/Website-Redesign/static/guestbook/database.sq3');
# THe Schema For the table
function setupdb($dbh) {
$dbh->exec('CREATE TABLE IF NOT EXISTS messages (
id INTEGER PRIMARY KEY,
name TEXT NOT NULL,
date TEXT NOT NULL,
message TEXT NOT NULL,
mlength INTEGER NOT NULL,
nlength INTEGER NOT NULL
)');
}
# Adding an Item
function additem($ndata, $dbh, $newURL) {
## Check for Duplicates
$dupmessagech = "SELECT count(*) FROM messages where message='$ndata->message'";
$dupmessage = $dbh->query($dupmessagech)->fetchColumn();
if($dupmessage > 0) {
echo "Another message with this text already exists";
header('Refresh:2; url=' . $newURL );
exit();
} else {
$sql = 'INSERT INTO messages
(id, name, date, message, mlength, nlength)
VALUES (?, ?, ?, ?, ?, ?)';
$sth = $dbh->prepare($sql);
$sth->execute(array(
null,
$ndata->name,
$ndata->date,
$ndata->message,
$ndata->mlength,
$ndata->nlength
));
header('Refresh:2; url=' . $newURL );
echo "Your submisson has been added";
exit();
}
}
# Setup the Database (If table does not already exist)
setupdb($dbh);
# Add the Item
additem($ndata, $dbh, $newURL);
?>