Created
August 31, 2013 21:18
-
-
Save bigeyex/6400686 to your computer and use it in GitHub Desktop.
PHP Script Useful for making forms: according to POST contents, insert a record into db, create the table if not exist.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| //settings | |
| define('DB_NAME', ''); //db name | |
| define('DB_USER', 'root'); | |
| define('DB_PWD', ''); | |
| define('TABLE_NAME', ''); | |
| define('IP_FIELD', 'ip'); // the field for visitor's ip address | |
| function addSpecialChar(&$value) { | |
| $value = trim($value); | |
| if( false !== strpos($value,' ') || false !== strpos($value,',') || false !== strpos($value,'*') || false !== strpos($value,'(') || false !== strpos($value,'.') || false !== strpos($value,'`')) { | |
| // avoid trimming for "*" and sql methods | |
| }else{ | |
| $value = '`'.$value.'`'; | |
| } | |
| return $value; | |
| } | |
| function parseValue(&$value) { | |
| if(is_string($value)) { | |
| $value = '\''. mysql_escape_string($value).'\''; | |
| }elseif(isset($value[0]) && is_string($value[0]) && strtolower($value[0]) == 'exp'){ | |
| $value = mysql_escape_string($value[1]); | |
| }elseif(is_null($value)){ | |
| $value = 'null'; | |
| } | |
| return $value; | |
| } | |
| $conn=mysqli_connect("localhost",DB_USER,DB_PWD,DB_NAME); | |
| if(isset($_SERVER['HTTP_CLIENT_IP'])){ | |
| $onlineip=$_SERVER['HTTP_CLIENT_IP']; | |
| }elseif(isset($_SERVER['HTTP_X_FORWARDED_FOR'])){ | |
| $onlineip=$_SERVER['HTTP_X_FORWARDED_FOR']; | |
| }else{ | |
| $onlineip=$_SERVER['REMOTE_ADDR']; | |
| } | |
| $conn->query("set names utf8;"); | |
| //create the table if not exist | |
| $sql = "select count(*) from ".TABLE_NAME; | |
| $result = $conn->query($sql); | |
| if(!$result){ | |
| $sql = "create table `".TABLE_NAME."`(`ID` int(11) NOT NULL AUTO_INCREMENT,"; | |
| foreach($_POST as $key=>$value){ | |
| if(is_numeric($value)){ | |
| $type = "int(1)"; | |
| } | |
| else{ | |
| $type = "text"; | |
| } | |
| $sql .= "`$key` $type,"; | |
| } | |
| if(IP_FIELD != ''){ | |
| $sql .= "`".IP_FILED."` varchar(30),"; | |
| } | |
| $sql .= "`submittime` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,PRIMARY KEY (`ID`)) ENGINE=MyISAM DEFAULT CHARSET=utf8;"; | |
| $conn->query($sql); | |
| } | |
| $ins = "select column_name from information_schema.columns where table_name='".TABLE_NAME."'"; | |
| if(!isset($_SESSION["answered"])){ | |
| $columns = array(); | |
| $data = array(); | |
| $result=$conn->query($ins); | |
| while ($row = $result->fetch_row()) { | |
| $columns[$row[0]] = 1; | |
| } | |
| foreach($_POST as $post_key=>$post_value){ | |
| if(isset($columns[$post_key])) | |
| $data[$post_key] = $post_value; | |
| } | |
| if(IP_FIELD != '') | |
| $data[IP_FIELD] = $onlineip; | |
| foreach ($data as $key=>$val){ | |
| $value = parseValue($val); | |
| if(is_scalar($value)) { | |
| $values[] = $value; | |
| $fields[] = addSpecialChar($key); | |
| } | |
| } | |
| $ins = 'INSERT INTO '. TABLE_NAME .' ('.implode(',', $fields).') VALUES ('.implode(',', $values).')'; | |
| $conn->query($ins); | |
| $_SESSION["answered"]=1; | |
| $answered = 0; | |
| } | |
| else{ | |
| $answered = 1; | |
| } | |
| ?> | |
| <html> | |
| <head> | |
| <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> | |
| </head> | |
| <body> | |
| <?php if(!$answered){ ?> | |
| <h1>Thank you for filling the form</h1> | |
| <?php } else { ?> | |
| <h1>Sorry, you've submitted once. </h1> | |
| <?php } ?> | |
| </body> | |
| </html> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment