<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
<form action="<?php echo $_SERVER["PHP_SELF"]?>" method="post">
<table border="1">
<tr>
<td>お名前</td>
<td><input type="text" name="g_name" size="30"></td>
</tr>
<tr>
<td>メールアドレス</td>
<td><input type="text" name="g_mail" size="30"></td>
</tr>
<tr>
<td>メッセージ</td>
<td><textarea row="5" cols="30" name="g_mes"></textarea></td>
</tr>
<tr>
<td><input type="submit" value="送信"></td>
</tr>
</table>
</form>
<?php
$sv = "localhost";
$dbname ="guestbook";
$user = "root";
$pass = "mysql";
$conn = mysql_connect($sv, $user, $pass) or die("DB接続エラー");
mysql_select_db($dbname);
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$g_name = cnv_dbstr($_POST["g_name"]);
$g_mail = cnv_dbstr($_POST["g_mail"]);
$g_mes = cnv_dbstr($_POST["g_mes"]);
if (!empty($g_name) and !empty($g_mes)) {
$sql = "INSERT INTO guestdata(g_name, g_mail, g_mes, g_date)";
$sql .= "VALUES(";
$sql .= "'". $g_name ."',";
$sql .= "'". $g_mail ."',";
$sql .= "'". $g_mes ."',";
$sql .= "'". date("Y/m/d H:i:s") ."')";
$res = mysql_query($sql, $conn) or die("SQL実行エラー");
if ($res) {
echo "<p>書き込みありがとうございました。</p>";
}
}
} else {
echo "<p>お名前かメッセージ欄が空欄です</p>";;
}
function cnv_dbstr($string) {
$string = htmlspecialchars($string);
if (get_magic_quotes_gpc()) {
$string = stripslashes($string);
}
$string = mysql_real_escape_string($string);
return $string;
}
$sql = "select * from guestdata order by id desc";
$res = mysql_query($sql, $conn) or die("データ抽出時エラー");
while ($row = mysql_fetch_array($res, MYSQL_ASSOC)) {
echo "<hr>";
if (!is_null($row["g_mail"])) {
echo "<a href=\"mailto:" .$row["g_mail"]. "\">" . $row["g_name"] . "</a>";
}else {
echo $row[$g_name];
}
echo "(" . date("Y/m/d H:i" , strtotime($row["g_date"])) . ")";
echo "<p>" .nl2br($row["g_mes"]) . "</p>";
}
?>
</body>
</html>