User Comments";
// Please remember that mysql_fetch_array has been deprecated in earlier
// versions of PHP. As of PHP 7.0, it has been replaced with mysqli_fetch_array.
while($row = mysql_fetch_array($comments, MYSQL_ASSOC))
{
$name = $row['name'];
$email = $row['email'];
$website = $row['website'];
$comment = $row['comment'];
$timestamp = $row['timestamp'];
// Be sure to take security precautions! Even though we asked the user
// for their "name", they could have typed anything. A hacker could have
// entered the following (or some variation) as their name:
//
//
//
// If instead of printing their name, "John Smith", we would be printing
// javascript code that redirects users to a malicious website! To prevent
// this from happening, we can use the htmlspecialchars function to convert
// special characters to their HTML entities. In the above example, it would
// instead print:
//
// <script type="text/javascript">window.location = "https://SomeBadWebsite.com";</script>
//
// This certainly would look strange on the page, but it would not be harmful
// to visitors
$name = htmlspecialchars($row['name'],ENT_QUOTES);
$email = htmlspecialchars($row['email'],ENT_QUOTES);
$website = htmlspecialchars($row['website'],ENT_QUOTES);
$comment = htmlspecialchars($row['comment'],ENT_QUOTES);
echo "
Name: $name
Email: $email
Website: $website
Comment: $comment
Timestamp: $timestamp
";
}
mysql_close($con);
?>