The code above lists both the PHP and HTML parts of the script. So we are going to look at each of them in some detail. As always the PHP part starts off with including the dbcon and functions files. In case any of you were wondering why these files are always included, at the very top of the page, it is because the dbcon file contains the session_start() function. This function needs to be called before any headers or ANY communication between the server and the browser takes place, otherwise you get a "headers already sent" error message or warning:

<?php

include "dbcon.php";

include "functions.php";

Then we clean the project id that is passed to the script:

$cpid=mysql_escape_String($_GET['pid']);

There are two reasons why we are getting the project id. First, it makes the only link between the task and the project that you want to link it to. Second, we need to retrieve the name of the project, because it will be displayed in the HTML form below. So we use the project id to retrieve the title of the project concerned and store it in the $title variable:

$getname = "SELECT title FROM projects WHERE pid = '".$cpid."'";

$g_result = mysql_query($getname);

if(!$g_result){

echo mysql_error();

}else{

$rowname = mysql_fetch_assoc($g_result);

$title = $row['title'];

}

Then we check to see if the form has been submitted:

if(isset($_POST['submit'])){

We clean the form values before using them in the insert query:

//check vars

$descr=mysql_escape_string($_POST['descr']);

$p_pid=mysql_escape_string($_POST['p_pid']);

//due date

$duedt = $_POST['yy'] . "-";

if($_POST['mm'] < 10) {

$duedt .= "0";

}

$duedt .= $_POST['mm'] . "-";

if($_POST['mm'] == 4 || $_POST['mm'] == 6 || $_POST['mm'] == 9 || $_POST['mm'] == 11) {

if($_POST['dd'] > 30) {

$duedt .= "30";

} else {

$duedt .= $_POST['dd'];

}

} elseif($_POST['mm'] == 2) {

if($_POST['yy'] == 2008 || $_POST['yy'] == 2012) {

if($_POST['dd'] > 29) {

$duedt .= "29";

} else {

$duedt .= $_POST['dd'];

}

} else {

if($_POST['dd'] > 28) {

$duedt .= "28";

} else {

$duedt .= $_POST['dd'];

}

}

} else {

$duedt .= $_POST['dd'];

}

The data is then inserted into the tasks table like so:

//insert

$insert = "INSERT INTO tasks SET task_description = '".$descr."',";

$insert .= "complete_by = '".$duedt."',p_id= '".$p_pid."'";

if(!mysql_query($insert)){

echo mysql_error();

}

}

?>

Notice that I've echoed a mysql_error() in the event that the query fails. I am only doing this because the application is in development. When or if you decide to use this application in a production environment, I would suggest that you write the error to a text file or log and then take it from there. Those of you who have seen PHP errors will know that they usually reveal a lot more than they should, and can provide ammunition to an attacker.

The HTML portion of the script shows a form with two fields, one to take the task description and another to take the due date for the task. Most of the rest of the form should be familiar to you by now:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templates/PM_Main.dwt.php" codeOutsideHTMLIsLocked="false" -->

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<!-- InstanceBeginEditable name="doctitle" -->

<title>Untitled Document</title>

<!-- InstanceEndEditable -->

<!-- InstanceBeginEditable name="head" -->

<!-- InstanceEndEditable -->

<link href="Templates/main.css" rel="stylesheet" type="text/css" />

</head>

<body>

<table width="100%" border="0">

<tr>

<td width="33%">&nbsp;</td>

<td width="28%">&nbsp;</td>

<td width="39%">Logged in: <!-- InstanceBeginEditable name="login" --><? echo $_SESSION['name'];?> | <a href="logout.php">Logout</a><!-- InstanceEndEditable --></td>

</tr>

<tr>

<td colspan="3" bgcolor="#6699CC" class="headertxt">Project Management Software </td>

</tr>

<tr>

<td colspan="3"><!-- InstanceBeginEditable name="main" -->

<form action="add_task.php" method="post" name="f1">

<table width="100%" border="0">

<tr>

<td colspan="2" class="loginheader"><?php echo $title;?></td>

</tr>

<tr>

<td>&nbsp;</td>

<td>&nbsp;</td>

</tr>

<tr>

<td>Complete by</td>

<td>