· 8 years ago · Nov 13, 2017, 04:00 PM
1<?php
2
3function clean_string($db_server = null, $string){
4 $string = trim($string);
5 $string = utf8_decode($string);
6 $string = str_replace("#", "#", $string);
7 $string = str_replace("%", "%", $string);
8 if (mysqli_real_escape_string($db_server, $string)) {
9 $string = mysqli_real_escape_string($db_server, $string);
10 }
11 if (get_magic_quotes_gpc()) {
12 $string = stripslashes($string);
13 }
14 return htmlentities($string);
15}
16
17$db_hostname = 'localhost';
18$db_database = 'll15l7b_Football'; //replace with your db name
19$db_username = 'll15l7b_LiamB123'; //replace with the db username that you created
20$db_password = 'CPanel123'; //replace with the db password that you created;
21$db_status = 'not initialised';
22$output = '';
23$str_options = '';
24$db_server = mysqli_connect($db_hostname, $db_username, $db_password);
25$db_status = "connected";
26
27if (!$db_server){
28 die("Unable to connect to MySQL: " . mysqli_connect_error());
29 $db_status = "not connected";
30}else{
31 $output = '';
32 mysqli_select_db($db_server, $db_database);
33
34 $query = "SELECT * FROM CostOfFootball";
35 $result = mysqli_query($db_server, $query);
36
37 //$result = $db_server->prepare("SELECT * FROM CostOfFootball"); //$connect is a variable from my pre-made connection page
38 //$result->execute();
39
40 //while ($row = $result->fetch()){
41 while($row = mysqli_fetch_array($result)){
42 $str_options .= "<option value='" . $row['ID'] . "'>";
43 $str_options .= $row['Club'];
44 $str_options .= "</option>";
45 }
46
47 mysqli_free_result($result);
48
49 // Print out existing comment
50 $query = "SELECT * FROM comments";
51 $result = mysqli_query($db_server, $query);
52 if (!$result) die("Database access failed: " . mysqli_error($db_server));
53 while($row = mysqli_fetch_array($result)){
54 $comments .= "<p>" . $row['comment'] . "</p>";
55 }
56 mysqli_free_result($result);
57
58 if(isset($_POST['submit'])){ // checks if submit button of form was clicked
59
60
61 if($_POST['submit'] == "submit"){
62
63 $captcha = $_POST['g-recaptcha-response'];
64 $url = 'https://www.google.com/recaptcha/api/siteverify';
65 $secretkey = "6Le4CAETAAAAAGQftFiDise1KTxFd6qTsowFR-TL";
66 $response = file_get_contents($url."?secret=".
67 $secretkey."&response=".$captcha);
68 $data = json_decode($response);
69 $message = "";
70 if (isset($data->success) AND $data->success==true) {
71
72 // e.g. Validate the data
73 $output = '';
74 $unsafe_firstname = $_POST['firstname'];
75 $unsafe_lastname = $_POST['lastname'];
76 $unsafe_club = $_POST['Club'];
77 $unsafe_name = $unsafe_firstname . " " . $unsafe_lastname;
78 $safe_name = clean_string($db_server, $unsafe_name);
79 $message .= "Thanks for your input $safe_name!";
80 $output = "You chose:" . clean_string($db_server,
81 $_POST["Club"]) . "</p>";
82
83 $Club = clean_string($db_server, $_POST['dropdown']);
84 // create the SQL query
85 $query = "SELECT Club, SeasonTicketCheapest FROM CostOfFootball
86 WHERE ID=$Club";
87 $result = mysqli_query ($db_server, $query);
88 if (!$result) die("Data lookup failed". mysqli_error($db_server));
89 // if there are any rows, print out the contents
90 if ($row = mysqli_fetch_array($result)) {
91 $output = " The cheapest season ticket for " . $row['Club'] . " is £" . $row['SeasonTicketCheapest'];
92 }else{
93 $output = 'The club requested was not found in the database';
94 }
95
96 //Get any submitted comments and insert
97 $comment = clean_string($db_server, $_POST['comment']);
98 if ($comment != '') {
99 $query = "INSERT INTO comments (comment) VALUES ('$comment')";
100 mysqli_select_db($db_server, $db_database);
101 mysqli_query($db_server, $query) or
102 die("Insert failed: " . mysqli_error($db_server));
103 $message = "Thanks for your comment!";
104 }
105
106 }
107 }else {
108
109 // What happens when the CAPTCHA was entered incorrectly
110 $message = "The reCAPTCHA failed. (<em>error message</em>: " .
111 $data->{'error-codes'}[0] . ")";
112 }
113 }
114 }
115mysqli_close($db_server);
116?>
117
118
119<html>
120 <head>
121 <title>Captcha Form</title>
122 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
123 <script src="https://www.google.com/recaptcha/api.js" async defer></script>
124 </head>
125 <body> <!-- the body tag is required or the CAPTCHA may not show on some browsers -->
126
127 <?php
128 echo $message;
129 echo $output;
130 ?>
131
132 <p>
133 <strong>
134 Please enter your details:
135 </strong>
136 </p>
137
138 <!-- your HTML content -->
139 <form method="post" action="captcha-form.php">
140 First Name:<input type="text" name="firstname" /> <br>
141 Last Name:<input type="text" name="lastname" /> <br>
142 Find out the cheapest tickets for
143 <select name="dropdown">
144 <?php echo $str_options; ?>
145 </select>
146 <p>Do you have a comment to add?</p>
147 Comment: <textarea rows="2" cols="30" name="comment"></textarea>
148 <div class="g-recaptcha"
149 data-sitekey="6Le4CAETAAAAAJ58ZxBrDGRawcYuHhjxIXJoZ45g"></div>
150 <input type="submit" name="submit" value="submit" />
151 <h4>Comments</h4>
152 <?php echo $comments; ?>
153 </form>
154
155 </body>
156</html>