Gastenboek met admin (admin niet beveiligd)

<html>
<head>
<title>guestbook</title>
</head>

<body leftmargin="20" topmargin="20" marginwidth="20" marginheight="20">

<?php
include('cnnct.php');

// Now select all (*) the fields from the table guestbook.
$queryResult = mysql_query("SELECT * FROM guestbook ORDER BY id DESC LIMIT 0,5");

// Start table
echo "<table border=\"1\" bordercolor='black'>";

// Print a nice header
echo "<tr>"; 
echo "<th><p>auteur</p></th>";
echo "<th><p>message</p></th>";    
echo "<th><p>date</p></th>";
echo "</tr>"; 



// Print the contents of the table guestbook. The while loop will break 
// there are no more rows. The rowData is an array with int as key.
while ($rowData = mysql_fetch_row($queryResult)) {
	
	// Start row
	echo "<tr>"; 
	
	// Print the data
    echo "<td><p>" . $rowData[1] . "</p></td>";
    echo "<td><p>" . $rowData[3] . "</p></td>";    
    echo "<td><p>" . $rowData[4] . "</p></td>";

	// End row
	echo "</tr>";     
}

// End table
echo "</table><br>";

echo "<hr>";



?>
<a href="add.php"><p>Add message</p></a>

</body>
</html> 

<html>
<head>
<title>guestbook</title>
</head>
 
<body leftmargin="20" topmargin="20" marginwidth="20" marginheight="20">
 
<?php
include('cnnct.php');
 
// Now select all (*) the fields from the table guestbook.
$queryResult = mysql_query("SELECT * FROM guestbook ORDER BY id DESC LIMIT 0,5");
 
// Start table
echo "<table border=\"1\" bordercolor='black'>";
 
// Print a nice header
echo "<tr>"; 
echo "<th><p>auteur</p></th>";
echo "<th><p>message</p></th>";    
echo "<th><p>date</p></th>";
echo "</tr>"; 
 
 
 
// Print the contents of the table guestbook. The while loop will break 
// there are no more rows. The rowData is an array with int as key.
while ($rowData = mysql_fetch_row($queryResult)) {
 
	// Start row
	echo "<tr>"; 
 
	// Print the data
    echo "<td><p>" . $rowData[1] . "</p></td>";
    echo "<td><p>" . $rowData[3] . "</p></td>";    
    echo "<td><p>" . $rowData[4] . "</p></td>";
 
	// End row
	echo "</tr>";     
}
 
// End table
echo "</table><br>";
 
echo "<hr>";
 
 
 
?>
<a href="add.php"><p>Add message</p></a>
 
</body>
</html>

<form action="addprocess.php" method="post">
Name:<br>
<input type="text" name="auteur" size="20"><br>
Email:<br>
<input type="text" name="email" size="30"> 
(will not be displayed)<br>
Message:<br>
<textarea name="message" rows="1" cols="40"></textarea><br>
<input name="submit" type="submit" value="Submit">
</form>

<form action="addprocess.php" method="post">
Name:<br>
<input type="text" name="auteur" size="20"><br>
Email:<br>
<input type="text" name="email" size="30"> 
(will not be displayed)<br>
Message:<br>
<textarea name="message" rows="1" cols="40"></textarea><br>
<input name="submit" type="submit" value="Submit">
</form>

<html>
<head>
<title>Add records</title>
</head>

<body leftmargin="20" topmargin="20" marginwidth="20" marginheight="20">

<?php
include('cnnct.php');
// Transfer to normal vars
$auteur = $_POST['auteur'];
$email = $_POST['email'];
$message = $_POST['message'];

if ($auteur == "" || $email == "" || $message == ""){ echo 'You have to fill in all the fields!'; include('add.php');}
else {

// Date
$today = date("Y-m-d");

// Place data in database
$query = "INSERT INTO guestbook (auteur, email, message, datum) VALUES ('$auteur','$email','$message', '$today')";
$queryResult = mysql_query($query) 
               or die("<b>Adding the record failed</b><br>" . mysql_errno () . ": " . mysql_error());

// If no errors occur adding the new record, display a 'thank you' message.
echo "Thank you " . $auteur . "!<br><br>";
include('index.php');
}
?>

</body>
</html> 

<html>
<head>
<title>Add records</title>
</head>
 
<body leftmargin="20" topmargin="20" marginwidth="20" marginheight="20">
 
<?php
include('cnnct.php');
// Transfer to normal vars
$auteur = $_POST['auteur'];
$email = $_POST['email'];
$message = $_POST['message'];
 
if ($auteur == "" || $email == "" || $message == ""){ echo 'You have to fill in all the fields!'; include('add.php');}
else {
 
// Date
$today = date("Y-m-d");
 
// Place data in database
$query = "INSERT INTO guestbook (auteur, email, message, datum) VALUES ('$auteur','$email','$message', '$today')";
$queryResult = mysql_query($query) 
               or die("<b>Adding the record failed</b><br>" . mysql_errno () . ": " . mysql_error());
 
// If no errors occur adding the new record, display a 'thank you' message.
echo "Thank you " . $auteur . "!<br><br>";
include('index.php');
}
?>
 
</body>
</html>

<form action="addprocessadmin.php" method="post">
Name:<br>
<input type="text" name="auteur" size="20"><br>
Email:<br>
<input type="text" name="email" size="30"><br>
Message:<br>
<textarea name="message" rows="1" cols="40"></textarea><br>
<input name="submit" type="submit" value="Submit">
</form>

<form action="addprocessadmin.php" method="post">
Name:<br>
<input type="text" name="auteur" size="20"><br>
Email:<br>
<input type="text" name="email" size="30"><br>
Message:<br>
<textarea name="message" rows="1" cols="40"></textarea><br>
<input name="submit" type="submit" value="Submit">
</form>

<html>
<head>
<title>Add records</title>
</head>

<body leftmargin="20" topmargin="20" marginwidth="20" marginheight="20">

<?php
include('cnnct.php');
// Transfer to normal vars
$auteur = $_POST['auteur'];
$email = $_POST['email'];
$message = $_POST['message'];

if ($auteur == "" || $email == "" || $message == ""){ echo 'You have to fill in all the fields!'; include('add.php');}
else {

// Date
$today = date("Y-m-d");

// Place data in database
$query = "INSERT INTO guestbook (auteur, email, message, datum) VALUES ('$auteur','$email','$message', '$today')";
$queryResult = mysql_query($query) 
               or die("<b>Adding the record failed</b><br>" . mysql_errno () . ": " . mysql_error());

// If no errors occur adding the new record, display a 'thank you' message.
echo "Thank you " . $auteur . "!<br><br>";
include('indexadmin.php');
}
?>

</body>
</html> 

<html>
<head>
<title>Add records</title>
</head>
 
<body leftmargin="20" topmargin="20" marginwidth="20" marginheight="20">
 
<?php
include('cnnct.php');
// Transfer to normal vars
$auteur = $_POST['auteur'];
$email = $_POST['email'];
$message = $_POST['message'];
 
if ($auteur == "" || $email == "" || $message == ""){ echo 'You have to fill in all the fields!'; include('add.php');}
else {
 
// Date
$today = date("Y-m-d");
 
// Place data in database
$query = "INSERT INTO guestbook (auteur, email, message, datum) VALUES ('$auteur','$email','$message', '$today')";
$queryResult = mysql_query($query) 
               or die("<b>Adding the record failed</b><br>" . mysql_errno () . ": " . mysql_error());
 
// If no errors occur adding the new record, display a 'thank you' message.
echo "Thank you " . $auteur . "!<br><br>";
include('indexadmin.php');
}
?>
 
</body>
</html>

<html>
<head>
<title>delete message</title>
</head>

<body leftmargin="20" topmargin="20" marginwidth="20" marginheight="20">

<?php

include('cnnct.php');

// Now select all (*) the fields from the table guestbook, only
// select the row with the specified id.
$queryResult = mysql_query("SELECT * FROM guestbook WHERE id=$id", $db) 
                            or die(mysql_errno () . ": " . mysql_error());

// Fetch the data of the row.
$rowData = mysql_fetch_row($queryResult);

?>

<h1>Delete record (<?php echo $id; ?>):</h1>

Are you sure you want to delete this record:<br>
Name: <?php echo $rowData[1]; ?><br>
Email: <?php echo $rowData[2]; ?><br>
Message: <?php echo $rowData[3]; ?><br>

<form action="deleteprocess.php" method="post">
    <!-- Used a hidden field for the id, so the user cannot modify this field -->
    <input type="hidden" name="id" value="<?php echo $rowData[0]; ?>"><br>
    <input name="submit" type="submit" value="Cancel"> 
    <input name="submit" type="submit" value="Delete">
</form>

</body>
</html> 

<html>
<head>
<title>delete message</title>
</head>
 
<body leftmargin="20" topmargin="20" marginwidth="20" marginheight="20">
 
<?php
 
include('cnnct.php');
 
// Now select all (*) the fields from the table guestbook, only
// select the row with the specified id.
$queryResult = mysql_query("SELECT * FROM guestbook WHERE id=$id", $db) 
                            or die(mysql_errno () . ": " . mysql_error());
 
// Fetch the data of the row.
$rowData = mysql_fetch_row($queryResult);
 
?>
 
<h1>Delete record (<?php echo $id; ?>):</h1>
 
Are you sure you want to delete this record:<br>
Name: <?php echo $rowData[1]; ?><br>
Email: <?php echo $rowData[2]; ?><br>
Message: <?php echo $rowData[3]; ?><br>
 
<form action="deleteprocess.php" method="post">
    <!-- Used a hidden field for the id, so the user cannot modify this field -->
    <input type="hidden" name="id" value="<?php echo $rowData[0]; ?>"><br>
    <input name="submit" type="submit" value="Cancel"> 
    <input name="submit" type="submit" value="Delete">
</form>
 
</body>
</html>

<?php ob_start(); session_start(); ?>
<html>
<head>
<title>delete message</title>
</head>

<body leftmargin="20" topmargin="20" marginwidth="20" marginheight="20">

<?php

If ($_POST['submit'] == 'Cancel') {
    // If the user clicked cancel, rewrite the HTTP header and
    // redirect the user to the list.
    Header("Location: indexadmin.php");
}
else {

include('cnnct.php');
    // First set some vars to make the SQL statement easier to read.
    $id = $_POST['id'];
    
    // Submit a sql command to the server: update record in the table guestbook
    $queryResult = mysql_query("DELETE FROM guestbook WHERE id=$id") 
                               or die("<b>Updating the record failed</b><br>" . mysql_errno () . ": " . mysql_error());
    
    // If no errors occur updating the record, display a 'thank you' message.
    echo "The record is deleted!<br><br>";
}

?>

<a href="indexadmin.php">Back to the list</a>

</body>
</html>

<?php ob_start(); session_start(); ?>
<html>
<head>
<title>delete message</title>
</head>
 
<body leftmargin="20" topmargin="20" marginwidth="20" marginheight="20">
 
<?php
 
If ($_POST['submit'] == 'Cancel') {
    // If the user clicked cancel, rewrite the HTTP header and
    // redirect the user to the list.
    Header("Location: indexadmin.php");
}
else {
 
include('cnnct.php');
    // First set some vars to make the SQL statement easier to read.
    $id = $_POST['id'];
 
    // Submit a sql command to the server: update record in the table guestbook
    $queryResult = mysql_query("DELETE FROM guestbook WHERE id=$id") 
                               or die("<b>Updating the record failed</b><br>" . mysql_errno () . ": " . mysql_error());
 
    // If no errors occur updating the record, display a 'thank you' message.
    echo "The record is deleted!<br><br>";
}
 
?>
 
<a href="indexadmin.php">Back to the list</a>
 
</body>
</html>

<html>
<head>
<title>edit message</title>
</head>

<body leftmargin="20" topmargin="20" marginwidth="20" marginheight="20">

<?php

$id = $_GET['id'];

include('cnnct.php');


// Now select all (*) the fields from the table guestbook, only
// select the row with the specified id.
$queryResult = mysql_query("SELECT * FROM guestbook WHERE id=$id") 
                           or die(mysql_errno () . ": " . mysql_error());

// Fetch the data of the row.
$rowData = mysql_fetch_row($queryResult);

?>

<h1>Edit record (<?php echo $id; ?>):</h1>

<form action="editprocess.php" method="post">
	<!-- Use a hidden field for the id, so the user cannot modify this field -->
	<input type="hidden" name="id" value="<?php echo $rowData[0]; ?>"><br>
	Name:<br>
	<input type="text" name="auteur" size="40" value="<?php echo $rowData[1]; ?>"><br>
	<br>
	Email:<br>
	<input type="text" name="email" size="40" value="<?php echo $rowData[2]; ?>"><br>
	<br>
	Message:<br>
	<textarea name="message" rows="5" cols="40"><?php echo $rowData[3]; ?></textarea>
	<br>
	<input name="submit" type="submit" value="Cancel">
 <input name="submit" type="submit" value="Update">
</form>

</body>
</html> 

<html>
<head>
<title>edit message</title>
</head>
 
<body leftmargin="20" topmargin="20" marginwidth="20" marginheight="20">
 
<?php
 
$id = $_GET['id'];
 
include('cnnct.php');
 
 
// Now select all (*) the fields from the table guestbook, only
// select the row with the specified id.
$queryResult = mysql_query("SELECT * FROM guestbook WHERE id=$id") 
                           or die(mysql_errno () . ": " . mysql_error());
 
// Fetch the data of the row.
$rowData = mysql_fetch_row($queryResult);
 
?>
 
<h1>Edit record (<?php echo $id; ?>):</h1>
 
<form action="editprocess.php" method="post">
	<!-- Use a hidden field for the id, so the user cannot modify this field -->
	<input type="hidden" name="id" value="<?php echo $rowData[0]; ?>"><br>
	Name:<br>
	<input type="text" name="auteur" size="40" value="<?php echo $rowData[1]; ?>"><br>
	<br>
	Email:<br>
	<input type="text" name="email" size="40" value="<?php echo $rowData[2]; ?>"><br>
	<br>
	Message:<br>
	<textarea name="message" rows="5" cols="40"><?php echo $rowData[3]; ?></textarea>
	<br>
	<input name="submit" type="submit" value="Cancel">
 <input name="submit" type="submit" value="Update">
</form>
 
</body>
</html>

<?php ob_start(); ?>
<html>
<head>
<title>edit message</title>
</head>

<body leftmargin="20" topmargin="20" marginwidth="20" marginheight="20">

<?php

If ($_POST['submit'] == 'Cancel') {
    // If the user clicked cancel, rewrite the HTTP header and
    // redirect the user to the list.
    Header('Location: indexadmin.php');
}
else {

	$id = $_POST['id'];
	
include('cnnct.php');
	
    // First set some vars to make the SQL statement easier to read.
    $id = $_POST['id'];
    $auteur = $_POST['auteur'];
    $email = $_POST['email'];
    $message = $_POST['message'];
    
    // Submit a sql command to the server: update record in the table guestbook
    $query = "UPDATE guestbook SET auteur='$auteur',email='$email',message='$message' WHERE id=$id";
    $queryResult = mysql_query($query) 
                              or die("<b>Updating the record failed</b><br>" . mysql_errno () . ": " . mysql_error());
    
    // If no errors occur updating the record, display a 'thank you' message.
    echo "Thank you, the data is updated!<br><br>";
}

?>

<a href="inexadmin.php">Back to the list</a>

</body>
</html>

<?php ob_start(); ?>
<html>
<head>
<title>edit message</title>
</head>
 
<body leftmargin="20" topmargin="20" marginwidth="20" marginheight="20">
 
<?php
 
If ($_POST['submit'] == 'Cancel') {
    // If the user clicked cancel, rewrite the HTTP header and
    // redirect the user to the list.
    Header('Location: indexadmin.php');
}
else {
 
	$id = $_POST['id'];
 
include('cnnct.php');
 
    // First set some vars to make the SQL statement easier to read.
    $id = $_POST['id'];
    $auteur = $_POST['auteur'];
    $email = $_POST['email'];
    $message = $_POST['message'];
 
    // Submit a sql command to the server: update record in the table guestbook
    $query = "UPDATE guestbook SET auteur='$auteur',email='$email',message='$message' WHERE id=$id";
    $queryResult = mysql_query($query) 
                              or die("<b>Updating the record failed</b><br>" . mysql_errno () . ": " . mysql_error());
 
    // If no errors occur updating the record, display a 'thank you' message.
    echo "Thank you, the data is updated!<br><br>";
}
 
?>
 
<a href="inexadmin.php">Back to the list</a>
 
</body>
</html>

<html>
<head>
<title>Example</title>
</head>

<body leftmargin="20" topmargin="20" marginwidth="20" marginheight="20">

<h1>Show content:</h1>

<?php
include('cnnct.php');

// Now select all (*) the fields from the table guestbook.
$queryResult = mysql_query("SELECT * FROM guestbook ORDER BY id DESC");

// Start table
echo "<table border=\"1\">";

// Print a nice header
echo "<tr>"; 
echo "<th>id</th>";
echo "<th>auteur</th>";
echo "<th>email</th>";
echo "<th>message</th>";    
echo "<th>date</th>";
echo "<th colspan=\"2\"></th>";
echo "</tr>"; 



// Print the contents of the table guestbook. The while loop will break 
// there are no more rows. The rowData is an array with int as key.
while ($rowData = mysql_fetch_row($queryResult)) {
	
	// Start row
	echo "<tr>"; 
	
	// Print the data
    echo "<td>" . $rowData[0] . "</td>";
    echo "<td>" . $rowData[1] . "</td>";
    echo '<td><a href="mailto:"' . $rowData[2] . "</a>email</td>";
    echo "<td>" . $rowData[3] . "</td>";    
    echo "<td>" . $rowData[4] . "</td>";
    echo "<td><a href=\"adminedit.php?id=".$rowData[0]."\">edit</a></td>";
    echo "<td><a href=\"admindelete.php?id=".$rowData[0]."\">delete</a></td>";

	// End row
	echo "</tr>";     
}

// End table
echo '</table><br>';

echo	'<a href="?pagina=add">Add message</a><br>';

if (isset($_GET['pagina'])) 
                    { 
                        if($_GET['pagina']=='add') 
                        { 
                            include('addadmin.php'); }}
echo '<hr>';

// Print the totalrecords of the table guestbook.
$totalRecords = mysql_num_rows ($queryResult);
echo '<br><i>Total records: ' . $totalRecords . '</b><br><br>';

?>

</body>
</html> 

<html>
<head>
<title>Example</title>
</head>
 
<body leftmargin="20" topmargin="20" marginwidth="20" marginheight="20">
 
<h1>Show content:</h1>
 
<?php
include('cnnct.php');
 
// Now select all (*) the fields from the table guestbook.
$queryResult = mysql_query("SELECT * FROM guestbook ORDER BY id DESC");
 
// Start table
echo "<table border=\"1\">";
 
// Print a nice header
echo "<tr>"; 
echo "<th>id</th>";
echo "<th>auteur</th>";
echo "<th>email</th>";
echo "<th>message</th>";    
echo "<th>date</th>";
echo "<th colspan=\"2\"></th>";
echo "</tr>"; 
 
 
 
// Print the contents of the table guestbook. The while loop will break 
// there are no more rows. The rowData is an array with int as key.
while ($rowData = mysql_fetch_row($queryResult)) {
 
	// Start row
	echo "<tr>"; 
 
	// Print the data
    echo "<td>" . $rowData[0] . "</td>";
    echo "<td>" . $rowData[1] . "</td>";
    echo '<td><a href="mailto:"' . $rowData[2] . "</a>email</td>";
    echo "<td>" . $rowData[3] . "</td>";    
    echo "<td>" . $rowData[4] . "</td>";
    echo "<td><a href=\"adminedit.php?id=".$rowData[0]."\">edit</a></td>";
    echo "<td><a href=\"admindelete.php?id=".$rowData[0]."\">delete</a></td>";
 
	// End row
	echo "</tr>";     
}
 
// End table
echo '</table><br>';
 
echo	'<a href="?pagina=add">Add message</a><br>';
 
if (isset($_GET['pagina'])) 
                    { 
                        if($_GET['pagina']=='add') 
                        { 
                            include('addadmin.php'); }}
echo '<hr>';
 
// Print the totalrecords of the table guestbook.
$totalRecords = mysql_num_rows ($queryResult);
echo '<br><i>Total records: ' . $totalRecords . '</b><br><br>';
 
?>
 
</body>
</html>

<?php 
$username = "xxxxx"; //username invoeren
$password = "xxxxx"; //password invoeren
$host = "xxxxx"; //eigen host voor je sql (waarschijnlijk iets van sql.xxx.com
$dbnaam = "xxxxx"; //naam van je database (let op! niet van de tabel!)
$db = mysql_connect($host, $username, $password) or die (mysql_error()); 
mysql_select_db($dbnaam, $db) or die (mysql_error()); 
?> 

<?php 
$username = "xxxxx"; //username invoeren
$password = "xxxxx"; //password invoeren
$host = "xxxxx"; //eigen host voor je sql (waarschijnlijk iets van sql.xxx.com
$dbnaam = "xxxxx"; //naam van je database (let op! niet van de tabel!)
$db = mysql_connect($host, $username, $password) or die (mysql_error()); 
mysql_select_db($dbnaam, $db) or die (mysql_error()); 
?>