Hallo Sönke,
Danke für Deinen Hinweis. Habe die Fehler in den Scripts gefunden. Bezüglich Username und Passwort kann ich Dir sagen das hier keine Sicherheitslücken bestehen da es sich hier nur um eine Testplattform handelt, welch nicht einmal im Intranet ans Netz gekoppelt ist. Hier sind übrigens die überarbeiteten Scripts.
lg
Andi
gbook_new.php
<?
include("config.php");
mysql_connect($db_host,$db_user,$db_pass) || die("Could not contact mySQL!");
mysql_select_db($db_db) || die("Connected mySQL, but database is unavailable!");
print("
<html>
<head>
<title>Film Eintragen</title>
<SCRIPT LANGUAGE=JavaScript>
function verify_page()
{
{
document.frmRegister.submit();
}
}
</SCRIPT>
</head>
<BODY bgcolor=#336699>
<BR>
<FORM name=frmRegister action=gbook_new_r.php method=post>
<TABLE align="center" cellspacing="1" cellpadding="3" border="0" bgcolor="#ffffff">
<tr>
<td bgcolor="#336699"><b>Eintrag hinzufügen</b></td>
<td bgcolor="#336699"><A HREF=index.php>Zurück zur Übersicht</A></td>
</TR>
<tr>
<TD bgcolor="#336699"> </TD>
<TD bgcolor="#336699"> </TD>
</TR>
<tr>
<TD bgcolor="#336699">Vorname:</TD>
<TD bgcolor="#336699"><INPUT name=vorname size="10" maxlength="15"></TD>
</TR>
<tr>
<TD bgcolor="#336699">Nachname:</TD>
<TD bgcolor="#336699"><INPUT name=nachname size="10" maxlength="15"></TD>
</TR>
<tr>
<TD bgcolor="#336699">Email:</TD>
<TD bgcolor="#336699"><INPUT name=email ize="20" maxlength="30"></TD>
</TR>
<tr>
<TD bgcolor="#336699">Nachricht:</TD>
<TD bgcolor="#336699"><textarea name=nachricht rows=4 cols=30></textarea></TD>
</TR>
<tr>
<td bgcolor="#336699"> </TD>
<td bgcolor="#336699"><INPUT type=button value="einfügen" ONCLICK=verify_page()> </TD>
</TR>
</TABLE>
</FORM>
</BODY>
</html>
");
?>
gbook_new_r.php
<?
include("config.php");
mysql_connect($db_host,$db_user,$db_pass) || die("Could not contact mySQL!");
mysql_select_db($db_db) || die("Connected mySQL, but database is unavailable!");
// Werte des Formulars
$vorname = $HTTP_POST_VARS["vorname"]; // [1]
$nachname = $HTTP_POST_VARS["nachname"]; // [2]
$nachricht = $HTTP_POST_VARS["nachricht"]; // [3]
$email = $HTTP_POST_VARS["email"]; // [4]
// in DATENBANK einfügen
$sqlInsert = "INSERT INTO andi_table (vorname, nachname, nachricht, email) VALUES ('$vorname', '$nachname', '$nachricht', '$email')";
$result = mysql_query($sqlInsert);
if (mysql_error())
{
echo mysql_error();
exit;
}
// Bestätigung über Eingabe
print("
<html>
<head>
<title>Update erfolgreich</title>
<style>
a:link {color:#ffcc00; text-decoration:none; font-family:arial,helvetica,sans-serif; font-size:9pt;}
a:active {color:#ffcc00; text-decoration:none; font-family:arial,helvetica,sans-serif; font-size:9pt;}
a:visited {color:#ffcc00; text-decoration:none; font-family:arial,helvetica,sans-serif; font-size:9pt;}
a:hover {color:#ffffff; text-decoration:none; font-family:arial,helvetica,sans-serif; font-size:9pt;}
td {font-family:arial,helvetica,sans-serif; color:#ffffff; font-size:9pt;}
</style>
</head>
<BODY bgcolor=#336699>
<TABLE align="center" cellspacing="1" cellpadding="3" border="0" bgcolor="#ffffff">
<tr>
<td bgcolor="#336699"><b>Insert erfolgreich!</b></td>
</tr>
<tr>
<td bgcolor="#336699"><A HREF=index.php>Zurück zur Übersicht</A></td>
</tr>
</table>
</BODY>
</html>
");
?>
index.php
<html>
<head>
<title></title>
<style>
a:link {color:#ffcc00; text-decoration:none; font-family:arial,helvetica,sans-serif; font-size:9pt;}
a:active {color:#ffcc00; text-decoration:none; font-family:arial,helvetica,sans-serif; font-size:9pt;}
a:visited {color:#ffcc00; text-decoration:none; font-family:arial,helvetica,sans-serif; font-size:9pt;}
a:hover {color:#ffffff; text-decoration:none; font-family:arial,helvetica,sans-serif; font-size:9pt;}
td {font-family:arial,helvetica,sans-serif; color:#ffffff; font-size:9pt;}
</style>
</head>
<body bgcolor="#336699">
<div align="center">
<table width="450" cellspacing="1" cellpadding="3" bgcolor="#ffffff">
<tr>
<td bgcolor="#336699" align="center"><h4>Gästebuch Mondscheinkino</h4></td>
</tr>
<tr>
<td bgcolor="#336699" align="center"><A HREF=gbook_new.php>Neuen Eintrag hinzufügen</A></td>
</tr>
</table>
</div>
<br><br>
<?
function datum($_dat)
{
// Wandelt timestamp String in Datum und Uhrzeit um.
$datum=intval(substr($_dat,6,2)).".".intval(substr($_dat,4,2)).".".substr($_dat,0,4)." um ".substr($_dat,8,2).":".substr($_dat,10,2).":".substr($_dat,12,2);
return $datum;
}
include("config.php");
mysql_connect($db_host,$db_user,$db_pass) || die("Could not contact mySQL!");
mysql_select_db($db_db) || die("Connected mySQL, but database is unavailable!");
$result=mysql_query("select * from andi_table");
while($row=mysql_fetch_array($result))
{
$id=$row["id"];
$vorname=$row["vorname"];
$nachname=$row["nachname"];
$nachricht=$row["nachricht"];
$email=$row["email"];
$datum=$row["datum"];
?>
<div align="center">
<table width="450" cellspacing="1" cellpadding="3" bgcolor="#ffffff">
<TR>
<TD bgcolor="#336699" width="240">
<b>Name:</b> <? echo $vorname ?> <? echo $nachname ?> <? echo $email ?><br>
<b>Nachricht:</b> <? echo $nachricht ?><br>
<b>Eingetragen am:</b> <? echo ($datum) ? datum($datum) : "" ?>
</TD>
</TR>
</table>
</div>
<br><br>
<? } ?>
</body>
</html>