| MAIN ARTICLE
DESIGNING FRONTPAGE FORMS FOR MYSQL USING PHP
by Stan Rambin
Since many people who use FrontPage do not host on a Window's server, we receive many requests for creating forms on Linux servers running Apache. Most of these servers also have MySQL databases and PHP scripting languages since many distributions of Linux comes with these included in the package. The requirements to follow this example are:
- A Linux-Apache server
- MySQL Database and management program (like phpMyAdmin)
- PHP Scripting language
- FrontPage 2002 (2000 should work also)
First, open FrontPage and select-- File | New | Page or Webpage. This will open the side panel. From the side panel, next select Empty Web (name it dataweb), then-From New Template | Page Templates. Select--Form Page Wizard from the pages offered.
The form page wizard will began to run. Select Next and a box with Add over it will appear. Select add to add form information. The list of options now appears. Under the type of input to collect for this question, includes-- Contact Information. Select it, and click next. A check-box options list will appear, select the following:
- Under Name, select first and last
- Check Postal Address
- Home Phone
- E-Mail address
- URL
Click on Next. The next screen will offer you the option of editing the text above the form, but for now, leave it as the default. Now we need to decide what presentation options to select. Let us check - Normal paragraphs, No table of contents and use table to align form. Click-- Next-- to arrive at the output options. For our purpose, select use custom CGI script. What this does is to direct the form output to a file named custom.cgi. We can change this later to direct our results to a php page. Now, select 'Finish' to complete the form.
You may wonder why not just use a CGI file for the output. You can, however in order the run a CGI file, the file must reside in a cgi-bin directory. One of the great advantages of php is that an interpreter reads it and the results are returned as html. So, the script can be executed anywhere an html file can be viewed.
Now, we can select a theme. Select-- Format | Theme, select your theme. (Any theme is o.k.)
Select the HTML view of your new page, and look at the script we have created. Save the page as index.htm. Notice that right under <body>, the <H1> banner area. Delete the current text and enter <H1>Contact Information</H1>. You can also change the Title to Contact information also.
The top of the page should look like this:
<HTML>
<HEAD>
<meta HTTP-EQUIV="Content-Type"
CONTENT="text/html; charset=windows-1252">
<meta http-equiv="Content-Language"
content="en-us">
<TITLE>New Page 1</TITLE>
<meta name="Microsoft Theme" content="echo
011">
</HEAD>
<BODY>
<div style="border-style: groove">
<H1 align="center">Contact information</H1>
</div>
<HR>
<P>This is an explanation of the purpose of the form
...</P>
<FORM METHOD="POST"
ACTION="process.php">
<P>
Please provide the following contact
information:</P>
<BLOCKQUOTE>
<TABLE>
<TR>
<TD ALIGN="right">
<EM>First Name</EM></TD>
<TD>
And so forth…
Notice the form area. The first line says, FORM METHOD="POST" ACTION="…etc. This line defines how and where the form information goes on completion. The method means it is sent to another page for processing and the Action tells it the name of that page. Now since the web is unpublished, the file referenced will be on your hard drive. Look at the way each field of the form sets up, INPUT TYPE=TEXT NAME= the field name, and finally the size determines the input area length. The names used by FrontPage are fine, but one thing to remember, is that Linux and MySQL are case sensitive, so if you use the default field names, all references to these fields must exactly match the default names.
Therefore, we have eleven fields for our database. Next, we will create the data entry page. Click on the new page icon on the right side of the tool bar and create a new blank page. Click on the tab area of the new page, and change the name to process.php. Save the file using the same name.
To setup the database, check with your hosting company on database creation. Most will provide a database management program like phpMyAdmin, which simplifies the database creation process. In the manager, add a user named "user".
You can use the phpMyAdmin GUI to create the database or copy and paste into your SQL window the following:
Create database contact; /* Your database may add your root name to the database name. In my case, the lhost is added by MySQL, so below you will see the full name lhost_contact.*/
Select go or the enter button on the GUI. Then enter this:
Grant select, insert, index, alter, create on lhost_contact.* to user;
/*Once again, the root name is appended giving the user name of lhost_user.*/
Again, enter this command.
To setup the table, the following will work:
Create TABLE customer(
Contact_FirstName char( 25 ) not null ,
Contact_LastName char( 25 ) not null primary
key , Contact_StreetAddress char( 35 ) ,
Contact_Address2 char( 35 ) , Contact_City
char( 35 ) , Contact_State char( 35 ) ,
Contact_ZipCode char( 12 ) , Contact_Country
char( 25 ) , Contact_HomePhone char( 25 ) ,
Contact_Email char( 100 ) not null ,
Contact_URL char( 100 ) not null
)
)
Complete the entry.
This sets up a table named 'customer' in the database named 'contact'. In addition to the normal database users, the 'lhost_user' will be the default name for transactions on the database. This will restrict the form from being used as a gateway for crackers. The rights for 'lhost_user' are restricted to this database and do not include the ability to grant other privileges to itself or others.
Back in FrontPage, go to process.php. We are ready to receive the data from the index.htm page.
<html>
<head>
<meta http-equiv="Content-Language"
content="en-us">
<meta http-equiv="Content-Type"
content="text/html; charset=windows-1252">
<meta name="GENERATOR"
content="Microsoft FrontPage 5.0">
<meta name="ProgId"
content="FrontPage.Editor.Document">
<title>Database entry results</title>
</head>
<body>
<H1>Data Entry Results</H1>
<? /* This starts the php code section. If you need to place a code area on a FrontPage .htm page, use the <% to start the code and %> to end it. The || means or in PHP. So it reads- if not $Contact_FirstName or not …*/
if (!$Contact_FirstName || !$Contact_LastName
|| !$Contact_Email || !$Contact_URL )
{
echo "You have not filled out all required details. Please go back and try again."; exit; //This makes sure the require information is added.} /*
Here we assign php variables and make sure dangerous code is excluded by using the addslashes feature. This make sure that code entered in your form, can not be executed. If I were writing this code for a production server, I would use different names for the variables on the database side. The reason for this is to make it easier to debug and to make sure the incoming variables are not being entered into the database without the addslashes function.
*/
$Contact_FirstName =
addslashes($Contact_FirstName);
$Contact_LastName =
addslashes($Contact_LastName);
$Contact_StreetAddress =
addslashes($Contact_StreetAddress);
$Contact_Address2 =
addslashes($Contact_Address2);
$Contact_City =
addslashes($Contact_City);
$Contact_State =
addslashes($Contact_State);
$Contact_ZipCode =
addslashes($Contact_ZipCode);
$Contact_Country =
addslashes($Contact_Country);
$Contact_HomePhone =
addslashes($Contact_HomePhone);
$Contact_Email =
addslashes($Contact_Email);
$Contact_URL =
addslashes($Contact_URL);
// Now we open the database.
@ $db = mysql_pconnect("localhost",
"lhost_user", "password");
//Next we check to see if it opened.
If (!$db) // The ! or 'bang' means, not in php.
{
echo "Error opening database. Please try
again later.";
exit;
}
mysql_select_db("lhost_contact"); //Selects the
database.
// Then we write a string to hold the incoming
data.
$query = "insert into customer values
('".$Contact_FirstName."',
'".$Contact_LastName."',
'".$Contact_StreetAddress."',
'".$Contact_Address2."', '".$Contact_City."',
'".$Contact_State."', '".$Contact_ZipCode."',
'".$Contact_Country."',
'".$Contact_HomePhone."', '".$Contact_Email."',
'".$Contact_URL."')";
/* Each variable is surrounded by a single quote
' followed by a double quote " then a period -The
variable name-then the . period next " double
quote, ' single quote ' and separated by a
comma. */
// Now we query the SQL database.
$result = mysql_query($query);
//Check results.
If ($result)
Echo mysql_affected_rows()." Contact fields
inserted into the database."; //Prints results.
// Now we end the php.
?>
</body>
</html>
You can copy and paste the above onto the process.php page. If the code inserts correctly, it will print out "11 Contact fields inserted into the database." If you want a copy emailed to you, it's easy at this point because the customer information is still contained in $results as well as each variable. The string - mail(string to, string subject, string message); can be defined like this:
$to = "your_email_address";
$subject = "Contact alert";
$message = trim($Contact_FirstName."
".Contact_LastName. " ".$Contact_Email."
". $Contact_URL); // Using any or all fields.
Then to send the email: mail($to, $subject, $message);
And that's it. The form information has been entered into your database and an email of notification sent to the mailbox of your choice.
ABOUT THE AUTHOR
******************************
Stan Rambin runs Ladata Software Development L.L.C. and Ladatahost, a web
hosting company specializing in e-commerce site development for small
businesses. http://ladatahost.com
******************************
~~~~~~~~++++SPONSOR AD++++~~~~~~~
Quality Websites and Presentations for Beginners and Professionals - See our Themes and Templates for Spring and Easter!! **Packages **Images **Components **Support Where? From PIXELMILL Why PixelMill? It's our Day Job!! http://anyfrontpage.com/rd/pix.htm
~~~~~~~++++SPONSOR AD++++~~~~~~~~
↑
Top
|
.gif){kind=small}
