Guestbook

**Levian** · 03-19-2009, 01:18 PM

I'm trying to make a guestbook

and I get these error messages:

Strict Standards: date() [function.date]: It is not safe to rely on the system's timezone settings. Please use the date.timezone setting, the TZ environment variable or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'Europe/Berlin' for 'CET/1.0/no DST' instead in /uia/ravn/u2/cshunn05/project_html/guestbook2/addguestbook.php on line 12

Notice: Undefined variable: name in /uia/ravn/u2/cshunn05/project_html/guestbook2/addguestbook.php on line 15

Notice: Undefined variable: email in /uia/ravn/u2/cshunn05/project_html/guestbook2/addguestbook.php on line 15

Notice: Undefined variable: comment in /uia/ravn/u2/cshunn05/project_html/guestbook2/addguestbook.php on line 15

and this is the relevant part of the code I guess, first line is line 12 and last is 15:

$datetime=date("y-m-d h:i:s"); //date time

$sql="INSERT INTO $tbl_name(name, email, comment, datetime)VALUES('$name', '$email', '$comment', '$datetime')";
$result=mysql_query($sql);

If you need more information to solve this just tell me and I'll provide it. I just don't know what information is relevant and not relevant.

I'm using this page to help me and all code is from there:
Creating a simple PHP guestbook

and here's the link to my guestbook:
http://prosjekt.hia.no/users/cshunn0.../guestbook.php

**Flying Mullet** · 03-19-2009, 03:00 PM

How are you acquiring $name, $email and $comment? i.e. what code is your php file using to grab them from the form?

**Rantz** · 03-19-2009, 05:13 PM

It basically seems like it wants you to supply a timezone for the date function. The error reporting is most likely set a few notches stricter than you need it, but I'd try adding this line in the beginning of your code:

date_default_timezone_set('UTC');

Or if you want to use another default timezone: PHP: List of Supported Timezones - Manual

**Levian** · 03-20-2009, 04:28 PM

I don't know exactly how, but it's fixed now ^^

**Flying Mullet** · 03-20-2009, 05:23 PM

Perhaps your provider had something messed up on their end that they fixed?

**Levian** · 03-20-2009, 05:37 PM

Nah, I added this to the code and it seemed to do the trick:

$name = $_POST['name'];
$email = $_POST['email'];
$comment = $_POST['comment'];

**Flying Mullet** · 03-20-2009, 05:46 PM

Well then you know how it's fixed.

If you didn't have code to retrieve the name, email and comment from the form before then it didn't know how to access them. $_POST['x'] will retrieve values when the form's method is "post" and if the form's method is "get" you can use $_GET['x'].

**Samuraid** · 03-23-2009, 06:02 AM

As a side note:

Code:

$sql="INSERT INTO $tbl_name(name, email, comment, datetime)VALUES('$name', '$email', '$comment', '$datetime')";

The values you are inserting into this query are not properly escaped, so someone could inject SQL and mess up your queries. Any strings that will be used in a SQL query should be sent through mysql_real_escape_string first.

Example:

Code:

$sql="INSERT INTO $tbl_name(name, email, comment, datetime)VALUES('" . mysql_real_escape_string($name) . "', '" . mysql_real_escape_string($email) . "', '" . mysql_real_escape_string($comment) . "', '" . $datetime . "')";
$result=mysql_query($sql);

**Levian** · 03-23-2009, 10:54 AM

Oh, yeah I didn't know how to secure things, I was kinda hoping it wouldn't happen.

But I think I understood that, so thanks!

Also, if I want a navigation and a banner to appear on every page, that's got something to do with css right? Not really sure where to start on this one.

**Flying Mullet** · 03-23-2009, 12:53 PM

You use includes to handle common navigation, banners, etc... You write your source php file for the navigation, then you include it on every page, like this:

Left-hand navigation source:

Code:

&lt;div>
   &lt;a href="pagea.php">Page A&lt;/a>&lt;br/>
   &lt;a href="pageb.php">Page B&lt;/a>&lt;br/>
   &lt;a href="pagec.php">Page C&lt;/a>&lt;br/>
   &lt;a href="paged.php">Page D&lt;/a>&lt;br/>
&lt;/div>

And then in some page on your website:

Code:

&lt;html>
   &lt;body>
      Maybe some page code stuff here
      &lt;?php include "left-hand navigation file name (navigation.php or whatever)"; ?>
      Maybe other page stuff follows
   &lt;/body>
&lt;/html>

The idea is that you create one file and then you can insert the contents of that file wherever you specify to.

**Levian** · 03-23-2009, 01:40 PM

Oh cool, but does the included navigation have to be php, or can it be an html file?

**Flying Mullet** · 03-23-2009, 02:03 PM

It can be an html file, I believe. I've always used php files so I'm not 100% sure, though.

**Samuraid** · 03-24-2009, 03:24 AM

It can be HTML as well as PHP.

**b1o** · 04-18-2009, 02:42 AM

i helped him. case closed :D

Thread: Guestbook

Thread Tools

Display

Guestbook

Posting Permissions