- This topic is empty.
-
Hello all,
I’m redesigning a friend’s website. She does a webcomic and I wanted to jazz up the user experience with some sliders.
I’ve got all my sliders working perfectly aside from the fact that I can’t for the life of me get the sliders to event with the relative links I’ve made. But that’s not the big issue right now.
The big issue is the fact that each slide (comic strip) is linked up with a comment section (shoutbox) below it in another slider (stripped of controls so the user can’t mess about). When I post in one shoutbox it posts to all the shoutboxes, sending duplicate data to all the tables in the database I have set up.
If I access the shoutbox’s individual php file and post that way it posts only to that shoutbox slide/database table. But that’s not a whole lot of use to a user.
**Here is how I’ve included them in the second slider (which I have linked to the webcomic slider):**
include(‘idLikeToThinkItsMeta.php’);
?>include(‘thatWasaNiceF-ingHouse.php’);
?>include(‘lookBeforeYouLeap.php’);
?>include(‘murderGifts.php’);
?>**And here is the code for one of the comment boxes:**
Don’t be a Creeper! Leave a comment.
$self = $_SERVER; //the $self variable equals this file
$ipaddress = (“$_SERVER[REMOTE_ADDR]”); //the $ipaddress var equals users IP
include (‘db.php’); // for db details// defines a $connect variable, which when used
// will attempt to connect to the databse using
// details provided in config.php
// if it fails, will display error – or die();
$connect = mysql_connect($host,$username,$password) or die(‘Unable to connect to the database server at this time.
‘);
// connect to database using details provided
// and uses the $connect variable above
// if it fails, will return error – or die();
mysql_select_db($database,$connect) or die(‘Unable to connect to the database at this time.
‘);
// checks the POST to see if something has been submitted
if(isset($_POST)) {
// are any of the fields empty? the || means ‘or’
if(empty($_POST) || empty($_POST) || empty($_POST)) {
echo(‘You did not fill in a required field.
‘);
}
else {// if there are no empty fields, insert into the database:
// escape special characters to stop xss and sql injecting
// take the ‘name’ and ‘post’ parts from the POST
// and run it through htmlspecialchars()
// this stops users sending HTML code, as it could be malicious
//
// also runs through mysql_real_escape_string()
// stops users sending SQL code, which could be used to access the db
$name = htmlspecialchars(mysql_real_escape_string($_POST));
$email = htmlspecialchars(mysql_real_escape_string($_POST));
$post = htmlspecialchars(mysql_real_escape_string($_POST));// this is our SQL string to insert shouts into db
$sql = “INSERT INTO lookBeforeYouLeap SET name=’$name’, email=’$email’, post=’$post’, ipaddress=’$ipaddress’;”;
header(“Location: success.php”);
// we run the SQL string now
// if it succeeds, display message
if (@mysql_query($sql)) {
echo(‘Thanks for shouting!
‘);
} else {
// if it errors, send message
echo(‘There was an unexpected error when posting your shout.
‘);
}
}
}// now we retrieve the shouts from the db
$query = “SELECT * FROM lookBeforeYouLeap ORDER BY `id` DESC;”;// run the query. if it fails, display error
$result = @mysql_query(“$query”) or die(‘There was an unexpected error grabbing shouts from the database.
‘);
?>
-
// while we still have rows from the db, display them
-
‘.$ename.’
‘.$epost.’
while ($row = mysql_fetch_array($result)) {$ename = stripslashes($row);
$eemail = stripslashes($row);
$epost = stripslashes($row);// Gravatars for all!!!
$grav_url = “http://www.gravatar.com/avatar.php?gravatar_id=”.md5(strtolower($eemail)).”&size=70″;echo(‘
‘);
}
?>
-
- The forum ‘Back End’ is closed to new topics and replies.
