comment.php

PHKatz · August 3, 2011, 3:28pm

Trying to finish a comment system. Know where I want the comments shown, at the bottom of comment form, but am stuck on the comment.php. Not sure what I’m doing wrong. Any help is appreciated.

Code for comment.php:

<? $name = htmlspecialchars($_POST['name'], "Enter your name"); $email = htmlspecialchars($_POST['email']) $comments = htmlspecialchars($_POST['comments'], "Write your comments"); @$fp = fopen("comments.php", 'a'); if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/", $email)) { $email = ''; } if (!$fp) { echo "There was an error! Please try again later!";} else { if(strlen($name) > 0 && strlen($message) > 0) { if(filesize('comments.php') > 0) { $pre = ',

'; } $outputstring =$pre "Welcome".$name.
.$comments. ; fwrite($fp, $outputstring, strlen($outputstring)); fclose($fp); Header("location:comment.html"); } ?>

Code for where I want comments shown:

<? @$fh = fopen('comments.php','r'); $comments = fread($fh,filesize('comments.php')); fclose($fh); $comments = explode(',',$comments); array_reverse($comments); if(filesize('comments.php') == 0) { echo "No comments"; } else { foreach($comments as $comment) { echo ($comment); } } ?>

kikesv · August 3, 2011, 4:42pm

I don’t know what you want but htmlspecialchars($_POST[‘name’], “Enter your name”); syntax is incorrect.
The correct Syntax:
string htmlspecialchars ( string $string [, int $flags = ENT_COMPAT [, string $charset [, bool $double_encode = true ]]] )

2nd parameter must be flags,

The optional second argument, flags, tells the function what to do with single and double quote characters and with invalid multi-byte sequences. The default mode, ENT_COMPAT, is the backwards compatible mode which only translates the double-quote character and leaves the single-quote untranslated. If ENT_QUOTES is set, both single and double quotes are translated and if ENT_NOQUOTES is set neither single nor double quotes are translated. In addition, since 5.3.0, these constants can be combined with ENT_IGNORE. In that case, strings that contain invalid code unit sequences have those invalid sequences discarded instead of having the function return an empty string. Avoid using it, as it may have introduce vulnerabilities.

I think that you want to remove “Enter your name” inside $_POST
you should compare string, i think that you only remove if exactly string, you can do this :
[php]
$name=’’;
if($_POST[‘name’]!=‘Enter your name’){
$name=$_POST[‘name’]
}[/php]

Do the same with email and comments

PHKatz · August 3, 2011, 8:46pm

Question. The syntax you pointed out, doesn’t that protect against malicious code?

PHKatz · August 3, 2011, 8:49pm

The syntax that was incorrect.

kikesv · August 4, 2011, 10:28am

doesn’t that protect against malicious code?
No, the function is used to escape ", " and other characters, that would close other string with this caracters.

PHKatz · August 4, 2011, 9:26pm

Something like this?

<? $name=''; if($_POST['name']!='Enter your name'){$name=$_POST['name']} $email =''; if($_POST['email']!='Enter your email'){$email=$_POST['email']} $comments =''; if($_POST['comments']!='Enter your comments'){$comments=$_POST['comments']} @$fp = fopen("comments.php", 'a'); if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/", $email)) { $email = ''; } if (!$fp) { echo "There was an error! Please try again later!";} else { if(strlen($name) > 0 && strlen($message) > 0) { if(filesize('comments.php') > 0) { $pre = ',

'; } $outputstring =$pre "Welcome".$name.
.$comments. ; fwrite($fp, $outputstring, strlen($outputstring)); fclose($fp); Header("location:comment.html"); } ?>

kikesv · August 5, 2011, 9:06am

this code must works, isn’t?

If it doesn’t works, does this code print an error?

Do you have privileges to append on “comments.php”?

And you have “email”, but you don’t use it.

PHKatz · August 5, 2011, 12:26pm

No, it doesn’t work. I know there is something I’m doing wrong. Comment.php is just what I saved the file as. I initially copied some of the code from a video on youtube(php commenting system). I copied the email code from another website. Yes, I would like the email to be a part of the comment box, also.

PHKatz · August 6, 2011, 8:33pm

PHKatz · August 24, 2016, 7:28pm

Code has an error saying “unexpected end of file” on last line. Not sure how to resolve it.

testcomment <?php function escape ($string) { $name = escape($name); $email = escape($email); $message = escape($message); $data = date('D, M. j, Y @ g:i a'); return htmlspecialchars($string, ENT_QUOTES, "UTF-8"); if (!$name || !$email || !$message) { echo "*Please fill out required fields"; } else { if(strlen($name) > 0 && strlen($message)> 0) { (filesize('testcomments.log') > 0); } } $outputstring = $pre. '

'.$name.'. '.$email.''.$data('D, M. j, Y @ g:i a').'

'.$message.'

'; fwrite($fp, $outputstring, strlen($outputstring)); fclose($fp); Header('Location:testcomments.log'); ?> *

*

Comments:
<?php include("testcomments.log");?>

astonecipher · August 24, 2016, 10:19pm

After 5 years? Time for you to start a new topic.

PHKatz · August 24, 2016, 11:01pm

Thought I did that. Sometimes people have more pressing responsibilities.