Hey guys,
I wrote a basic script that allows anybody to write a comment and post it. The comments are displayed under the post form and the number of displayed comments can be modified by the user.
I'm going to post the code because i'm kind of proud of writing it considering i'm still a PHP beginner. I'd appreciate any pointers on how to improve the code if any more experienced coders decide to have a look through.
connect.inc.php
[syntax=php]<?php
//connect to phpmyadmin
mysql_connect('localhost','root','');
// select the database you want to work with.
mysql_select_db('wall');
//add comment
function add_comment($name, $comment) {
$date = date("D j M Y (G:i:s)");
$name = htmlentities(mysql_real_escape_string($name));
$comment = htmlentities(mysql_real_escape_string($comment));
mysql_query ("INSERT INTO `wall` (`user_name`, `user_comment`, `date`) VALUES ('{$name}', '{$comment}', '{$date}')");
}
?>[/syntax]
index.php
[syntax=php]<?php
include('connect.inc.php');
$display = 4;
if (isset($_POST['numofposts'])) {
$display = $_POST['numofposts'];
}
$errors = array();
if (isset($_POST['name'], $_POST['comment'])) {
if (!empty($_POST['name']) && !empty($_POST['comment'])) {
add_comment($_POST['name'], $_POST['comment']);
} else {
$errors[] = 'Please make sure you have entered your name and a comment.';
}
} else {
$errors[] = 'Please enter name and comment';
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://wwww.w3.org/TR/xhtml1/DTD/dhtml1-strict.dtd">
<html xlmns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title> Basic Wall System </title>
<style>
body{margin: 0px; padding:0px;}
#container {width: 1000px; margin: 0px auto; text-align: center;}
</style>
</head>
<body>
<div id="container">
<?php
foreach ($errors as $error) {
echo $error;
}
if (empty($errors)) {
echo 'Post Successful';
}
?>
<form action="" method="POST">
<p>Name:</p>
<p><input type="text" name="name" value="<?php echo $_POST['name']; ?>"/></p>
<p>Comment:</p>
<p><textarea name="comment" cols="50" rows="8" name="comment" value="<?php echo $_POST['comment']?>"></textarea></p>
<p>Number of Posts to Display: <input style="width: 14px;" type="text" name="numofposts" value="<?php echo $display; ?>" />
<p><input type="submit" value="Submit Comment" /> </p>
</form>
<hr />
<?php
$query = "SELECT `post_id`, `user_name`, `user_comment`, `date` FROM `wall` ORDER BY `date` DESC LIMIT 0, {$display}";
$result = mysql_query($query);
while ($row = mysql_fetch_array($result)) {
echo '<p><strong>Date: </strong>'.$row['date'].'</p>';
echo '<p><strong>Name: </strong>'.$row['user_name'].'</p>';
echo '<p><strong>Comment: </strong>'.$row['user_comment'].'</p>';
echo '<hr />';
}
?>
</div>
</body>
</html>[/syntax]
ps: I'd appreciate any other basic script ideas I can try and code for practice purposes.
A Basic 'Wall' Post comments.
Re: A Basic 'Wall' Post comments.
My comments:
- You should switch the mysql_real_escape_string and htmlentities around in your add_comment function
- You should use a function in place of that SQL in the main file.
- connect.inc.php should not exist, you should have a library file for the function definitions and the connection should be opened in init.inc.php.
- Overall, it's nice a neat
- You should switch the mysql_real_escape_string and htmlentities around in your add_comment function
- You should use a function in place of that SQL in the main file.
- connect.inc.php should not exist, you should have a library file for the function definitions and the connection should be opened in init.inc.php.
- Overall, it's nice a neat
-
salrathor1
- Posts: 26
- Joined: Tue Jun 21, 2011 2:23 am
Re: A Basic 'Wall' Post comments.
Hey,
Thanks for the feedback Jacek. It makes sense and definitely makes the code more organised.
I've made a few modifications to the earlier script so it's a little tidier now but it's still probably not the best, because..
1. I'm echoing data from user.inc.php. (is this a problem?)
2. I removed the text input that allowed users to modify how many posts are displayed because I couldn't think of any way to do it without using cookies. So for the sake of being lazy, I decided not to add it just yet.
index.php
[syntax=php]<?php
include('core/init.inc.php');
$errors = array();
if (isset($_POST['name'], $_POST['comment'])) {
if (!empty($_POST['name']) && !empty($_POST['comment'])) {
add_comment($_POST['name'], $_POST['comment']);
} else {
$errors[] = 'Please make sure you have entered your name and a comment.';
}
} else {
$errors[] = 'Please enter name and comment';
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://wwww.w3.org/TR/xhtml1/DTD/dhtml1-strict.dtd">
<html xlmns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title> Basic Wall System </title>
<style>
body{margin: 0px; padding:0px;}
#container {width: 1000px; margin: 0px auto; text-align: center;}
</style>
</head>
<body>
<div id="container">
<?php
foreach ($errors as $error) {
echo $error;
}
if (empty($errors)) {
echo 'Post Successful';
}
?>
<form action="" method="POST">
<p>Name:</p>
<p><input type="text" name="name" value="<?php echo $_POST['name']; ?>"/></p>
<p>Comment:</p>
<p><textarea name="comment" cols="50" rows="8" name="comment" value="<?php echo $_POST['comment']?>"></textarea></p>
<p><input type="submit" value="Submit Comment" /> </p>
</form>
<hr />
<?php
display_comments();
?>
</div>
</body>
</html>[/syntax]
/core/init.inc.php
[syntax=php]<?php
//connect to phpmyadmin
mysql_connect('localhost','root','');
// select the database you want to work with.
mysql_select_db('wall');
$path = dirname(__FILE__);
include("$path/inc/user.inc.php");
?>[/syntax]
core/inc/user.inc.php
[syntax=php]<?php
//add comment
function add_comment($name, $comment) {
$date = date("D j M Y (G:i:s)");
$name = mysql_real_escape_string(htmlentities($name));
$comment = mysql_real_escape_string(htmlentities($comment));
mysql_query ("INSERT INTO `wall` (`user_name`, `user_comment`, `date`) VALUES ('{$name}', '{$comment}', '{$date}')");
}
function display_comments() {
$query = "SELECT `post_id`, `user_name`, `user_comment`, `date` FROM `wall` ORDER BY `post_id` DESC LIMIT 0, 10";
$result = mysql_query($query);
while ($row = mysql_fetch_array($result)) {
echo '<p><strong>Date: </strong>'.$row['date'].'</p>';
echo '<p><strong>Name: </strong>'.$row['user_name'].'</p>';
echo '<p><strong>Comment: </strong>'.$row['user_comment'].'</p>';
echo '<hr />';
}
}
?>[/syntax]
Thanks for the feedback Jacek. It makes sense and definitely makes the code more organised.
I've made a few modifications to the earlier script so it's a little tidier now but it's still probably not the best, because..
1. I'm echoing data from user.inc.php. (is this a problem?)
2. I removed the text input that allowed users to modify how many posts are displayed because I couldn't think of any way to do it without using cookies. So for the sake of being lazy, I decided not to add it just yet.
index.php
[syntax=php]<?php
include('core/init.inc.php');
$errors = array();
if (isset($_POST['name'], $_POST['comment'])) {
if (!empty($_POST['name']) && !empty($_POST['comment'])) {
add_comment($_POST['name'], $_POST['comment']);
} else {
$errors[] = 'Please make sure you have entered your name and a comment.';
}
} else {
$errors[] = 'Please enter name and comment';
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://wwww.w3.org/TR/xhtml1/DTD/dhtml1-strict.dtd">
<html xlmns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title> Basic Wall System </title>
<style>
body{margin: 0px; padding:0px;}
#container {width: 1000px; margin: 0px auto; text-align: center;}
</style>
</head>
<body>
<div id="container">
<?php
foreach ($errors as $error) {
echo $error;
}
if (empty($errors)) {
echo 'Post Successful';
}
?>
<form action="" method="POST">
<p>Name:</p>
<p><input type="text" name="name" value="<?php echo $_POST['name']; ?>"/></p>
<p>Comment:</p>
<p><textarea name="comment" cols="50" rows="8" name="comment" value="<?php echo $_POST['comment']?>"></textarea></p>
<p><input type="submit" value="Submit Comment" /> </p>
</form>
<hr />
<?php
display_comments();
?>
</div>
</body>
</html>[/syntax]
/core/init.inc.php
[syntax=php]<?php
//connect to phpmyadmin
mysql_connect('localhost','root','');
// select the database you want to work with.
mysql_select_db('wall');
$path = dirname(__FILE__);
include("$path/inc/user.inc.php");
?>[/syntax]
core/inc/user.inc.php
[syntax=php]<?php
//add comment
function add_comment($name, $comment) {
$date = date("D j M Y (G:i:s)");
$name = mysql_real_escape_string(htmlentities($name));
$comment = mysql_real_escape_string(htmlentities($comment));
mysql_query ("INSERT INTO `wall` (`user_name`, `user_comment`, `date`) VALUES ('{$name}', '{$comment}', '{$date}')");
}
function display_comments() {
$query = "SELECT `post_id`, `user_name`, `user_comment`, `date` FROM `wall` ORDER BY `post_id` DESC LIMIT 0, 10";
$result = mysql_query($query);
while ($row = mysql_fetch_array($result)) {
echo '<p><strong>Date: </strong>'.$row['date'].'</p>';
echo '<p><strong>Name: </strong>'.$row['user_name'].'</p>';
echo '<p><strong>Comment: </strong>'.$row['user_comment'].'</p>';
echo '<hr />';
}
}
?>[/syntax]
Re: A Basic 'Wall' Post comments.
salrathor1 wrote:1. I'm echoing data from user.inc.php. (is this a problem?)
Not massively, the best way would be to have the function return an array of comments and then use that on the actual page though,
