Untitled

<?php

$conn = mysql_connect('localhost', 'root' , '') or die('Cannot Connect To MySQL Server. <b' . 'r>' . mysql_error());
mysql_select_db('test', $conn) or die('Cannot Select MySQL Database.<b' . 'r>' . mysql_error());

$guessbook_name = '';
$guessbook_email = '';
$guessbook_message = '';
$errors = Array ();

if($_SERVER['REQUEST_METHOD'] === 'POST'){
    $time = time ();
    if (isset($_POST['guestbook_name'], $_POST['guestbook_email'], $_POST['guestbook_message'] )) {
        $guessbook_name = mysql_real_escape_string( htmlentities( $_POST['guestbook_name'] ));
        $guessbook_email = mysql_real_escape_string( htmlentities( $_POST['guessbook_email'] ));
        $guessbook_message = mysql_real_escape_string( htmlentities( $_POST['guessbook_message'] ));
        /** More Descriptive Errors Are Better  **/
        if( strlen($guessbook_name) > 25){ $errors[] = '<span style="font-weight: bold";>Name</span> is too long -or- Contains Invalid Characters (Max 25 Characters).'; }
        if( strlen($guessbook_email) > 255){ $errors[] = '<span style="font-weight: bold";>Email</span> is too long -or- Contains Invalid Characters (Max 255 Characters).'; }
        if( strlen($guessbook_message) > 255){ $errors[] = '<span style="font-weight: bold";>Message</span> is too long -or- Contains Invalid Characters (Max 255 Characters).'; }
    }else{
        $errors[] = 'All Fields Are Required.';
    }

    /** If No Errors, Proceed And Insert Data In To Database    **/
    if(count($errors) === 0){
        $insert = "INSERT INTO entries VALUES('', '{$time}', '{$guessbook_name}', '{$guessbook_email}', '{$guessbook_message}')";
        if(!mysql_query( $insert )){
            $errors[] = 'Server Error, please try again later.';
            // Really should log the error.
        }
    }
}


$form = <<<FORM
    <form method="post" action="{$_SERVER['PHP_SELF']}">
        <span style="font-weight: bold">Post Something...</span><br>
        Name:
        <br>
        <input type= "text" name="guestbook_name" maxlength="25" value="{$guessbook_name}">
        <br>
        Email
        <br>
        <input type= "text" name="guestbook_email" maxlength"255" value="{$guessbook_email}">
        <br>
        Message:
        <br>
        <textarea name= "guestbook_message" rows="6" cols="30" maxlength="255">{$guessbook_message}</textarea>
        <br>
        <input type="submit" value="Post">
    </form>
FORM;

$entries = '';
$results = mysql_query("SELECT timestamp,name,email,message FROM entries ORDER BY timestamp DESC") or die(mysql_error());
if(mysql_num_rows($results) === 0){
    $entries = '<p>No Entries Yet</p>';
}else{
    while($row = mysql_fetch_assoc($results)){
        $timestamp = date('D M Y @ h:i:s', $row['timestamp']);
        $entries .= <<<ENTRY
            <p>
                <span style="font-weight: bold;">
                    Posted By: {$row['name']}({$row['email']}) on {$timestamp}.
                </span>
                <br>
                {$row['message']}
            </p>
ENTRY;
    }
}


if(count($errors) > 0){
    echo '<p><span style="font-weight: bold;">Errors</span><br>';
    echo implode('<br>', $errors);
    echo '</p>';
}
echo $form;
echo $entries;