Development

The SQL for our guestbook is remarkably simple, as it only requires one table. Here is the code to use:

CREATE TABLE guestbook (ID INT NOT NULL AUTO_INCREMENT PRIMARY KEY, GuestName CHAR(255), GuestEmail CHAR(255), GuestMessage TEXT, DateSubmitted INT);

The first draft of our PHP code is also fairly simple, as we're going to trust users to be good. Here is the code for post.php:

<?php
    
if (isset($_POST['GuestName'])) {
        
mysql_connect("localhost", "phpuser", "alm65z");
        
mysql_select_db("phpdb");

        
$GuestName = addslashes($_POST['GuestName']);
        
$GuestEmail = addslashes($_POST['GuestEmail']);
        
$GuestMessage = addslashes($_POST['GuestMessage']);
        
$CurrentTime = time();
    
        
$result = mysql_query("INSERT INTO guestbook (GuestName, GuestEmail, GuestMessage, DateSubmitted) VALUES ('$GuestName', '$GuestEmail', '$GuestMessage', $CurrentTime);");
        if (
$result) {
            echo
"Thanks for posting - click <a href=\"read.php\">here</a> to view the guestbook with your message added!";
            exit;
        } else {
            echo
"There was an error adding your guestbook entry - please try again, filling in all fields.";
        }
    }
?>

<form method="post" action="post.php">
Name: <input type="text" name="GuestName" /><br />
Email: <input type="text" name="GuestEmail" /><br /><br />
Message:<br /><textarea rows="10" cols="40" name="GuestMessage" /></textarea><br /><br />
<input type="submit" value="Post" />
</form>

As usual, the majority of that code should be self-explanatory by this point - we print a form out, and, if it has been submitted, we send the data to our database and output either a thank you message or an error message. Note the three addslashes() lines - these are required if you do not have the magic_quotes_gpc setting enabled in your php.ini file. Generally speaking it is best that you have this setting turned off, as very often you will want to perform processing on the input before escaping slashes have been added. Here is the accompanying code for read.php:

<?php
    mysql_connect
("localhost", "phpuser", "alm65z");
    
mysql_select_db("phpdb");
    
    
$result = mysql_query("SELECT GuestName, GuestEmail, GuestMessage, DateSubmitted FROM guestbook ORDER BY DateSubmitted DESC;");
    if (
mysql_num_rows($result)) {
        while (
$row = mysql_fetch_assoc($result)) {
            
extract($row, EXTR_PREFIX_ALL, 'gb');
            
$gb_DateSubmitted = date("jS of F Y", $gb_DateSubmitted);
            echo
"<strong>Posted by <a href=\"mailto:$gb_GuestEmail\">$gb_GuestName</a> on $gb_DateSubmitted</strong><br />";
            echo
"$gb_GuestMessage<br /><br />";
        }
    } else {
        echo
"<em>This guestbook has no messages!</em><br /><br />";
    }
?>

<a href="post.php">Add a message to this guestbook</a>

There should be no surprises there - refer back to the Functions chapter if you are hazy on the parameters for date(). Give that guestbook a try - see what problems you spot.

 

Next chapter: Problems in paradise: Guestbook v2 >>

Previous chapter: Analysis

Jump to:

 

Home: Table of Contents

Follow us on Identi.ca or Twitter

Username:   Password:
Create Account | About TuxRadar