<?php
//----------- Give your MySQL Database connection parameters here ----------
$strServer="localhost"; // Server IP Address Or Name
$strDatabase="guestbook"; // Database Name
$strUser="sa"; // User ID
$strPwd=""; // Password
//----------- End of MySQL Database connection parameters ----------
if (isset($_GET['action']) OR isset($_POST['action'])) {
$strDate=date("Y-m-d");
if (isset($_POST['color'])) $strColor=$_POST['color'];
else $strColor='#FFFFFF';
$strName =addslashes($_POST['name']);
$strEmail =addslashes($_POST['email']);
$strMess =stripslashes($_POST['mess']);
$strMess =InsertMess($strMess,$strColor);
if ($strName<>"" and $strEmail<>"") {
$strConn = mysql_connect($strServer,$strUser,$strPwd);
mysql_select_db($strDatabase, $strConn);
$insertSQL = "INSERT INTO tblguestbook (fldName, fldEmail, fldMessage, fldDate) VALUES ('$strName','$strEmail','$strMess','$strDate')";
$Result1 = mysql_query($insertSQL, $strConn) or die(mysql_error());
mysql_close($strConn);
echo ("&success=1");
}
else {
echo ("&failed=1");
}
}
else {
if (isset($_GET['submit'])) $blnSubmit=$_GET['submit'];
else $blnSubmit="false";
$strDate=date("d M, Y");
$intNav=$_GET['NAV'];
$intSize=$_GET['size'];
if (isset($_GET['upper'])) $intUpper=$_GET['upper'];
else $intUpper=0;
if ($blnSubmit=="true") $intUpper=$intUpper+1;
$upper=$intSize;
$selectSQL="select fldName,fldEmail,fldMessage,date_format(fldDate,'%d %b, %Y') as fldDate from tblguestbook order by fldDate desc,fldGID desc limit $intUpper,$upper";
$strConn = mysql_connect($strServer,$strUser,$strPwd);
mysql_select_db($strDatabase, $strConn);
$rsGuestBook = mysql_query($selectSQL, $strConn) or die(mysql_error());
$rsCount = mysql_query("select count(*) from tblguestbook", $strConn) or die(mysql_error());
$query_data=mysql_fetch_array($rsCount);
$count=$query_data[0];
echo("&count=".$count."&today=".$strDate);
if ($count==0) echo("&f_name=No Guest Entries Yet");
elseif ($rsGuestBook){
$query_data=mysql_fetch_array($rsGuestBook);
if ($rsGuestBook){
echo ("&f_name=".$query_data["fldName"]."&f_email=".$query_data["fldEmail"]."&f_mess=".DisplayMess($query_data["fldMessage"])."&f_date=".$query_data["fldDate"]);
flush();
}
$x = $intUpper+1;
do {
$fldName=$query_data["fldName"];
$fldEmail=$query_data["fldEmail"];
$fldMess=$query_data["fldMessage"];
$fldDate=$query_data["fldDate"];
$strDate=$fldDate;
$strMess=DisplayMess($fldMess);
echo ("&name".$x."=".$fldName."&email".$x."=".$fldEmail."&mess".$x."=".$strMess."&date".$x."=".$strDate);
$x=$x + 1;
flush();
} while ($query_data=mysql_fetch_array($rsGuestBook));
}
mysql_free_result($rsGuestBook);
mysql_close($strConn);
if (file_exists("badwordfilter.txt")){
echo "&f_bad=";
$fp=fopen("badwordfilter.txt","r");
fpassthru($fp);
}
}
function DisplayMess($mess){
$mess=str_replace("''","'",$mess);
$mess=str_replace("'","'",$mess);
if (strchr($mess,"~")<>""){
$mess=substr_replace($mess,"",0,1);
$mess=str_replace("~","<P>",$mess);
$mess="<P>".str_replace("<P>","</P><P>",$mess)."</P>";
}
return $mess;
}
function InsertMess($mess,$strColor){
$str=str_replace("'","''",$mess);
$str=str_replace('<P ALIGN="LEFT"><FONT FACE="verdana" SIZE="11" COLOR="'.$strColor.'">',"<P>",$str);
$str=str_replace("</FONT>","",$str);
$str=str_replace("</P>","",$str);
$str=str_replace("<P>","~",$str);
$str=str_replace("<B></B>","",$str);
$str=str_replace("<I></I>","",$str);
$str=str_replace("<U></U>","",$str);
return $str;
}
?>