blog_list.php
<?php include('connect.php'); ?> <!DOCTYPE HTML> <html lang="en" class="no-js"> <head> <meta charset="UTF-8"> <title>SITENAME</title> </head> <body> <div> <?php $posts = get_posts(); foreach ($posts as $post){ ?> <h2><a href="blog_read.php?pid=<?php echo $post['id']; ?>"><?php echo $post ['title']; ?></a></h2> <h4>By <?php echo $post['user']; ?> on <?php echo $post['date']; ?></h4> <h4>(<?php echo $post['total_comments']; ?> comments, last comment <?php echo $post['last_comment']; ?>)</h4> <hr /> <p><?php echo $post['preview']; ?></p> <?php } ?> </div> </body> </html>blog_post.php
<?php include('connect.php'); if (isset($_POST['user'], $_POST['category'], $_POST['title'], $_POST['body'])){ add_post($_POST['user'], $_POST['category'], $_POST['title'], $_POST['body']); header('Location: blog_list.php'); die(); } ?> <!DOCTYPE HTML> <html lang="en" class="no-js"> <head> <meta charset="UTF-8"> <title>SITENAME</title> </head> <body> <form action="" method="post"> <p> <label for="user">Name</label> <input type="text" name="user" id="user" /> </p> <p> <label for="title">Title</label> <input type="text" name="title" id="title" /> </p> <p> <label for="category">Category</label> <select name="category" id="category"> <option value="Option1">Option1</option> <option value="Option2">Option2</option> <option value="Option3">Option3</option> </select> </p> <p> <textarea name="body" rows="20" cols="60"></textarea> </p> <p> <input type="submit" value="Add Post" /> </p> </form> </body> </html>blog_read.php
<?php include('connect.php'); if (isset($_GET['pid'], $_POST['user'], $_POST['category'], $_POST['body'])){ if (add_comment($_GET['pid'], $_POST['user'], $_POST['category'], $_POST['body'])){ header("Location: blog_read.php?pid={$_GET['pid']}"); }else{ header('Location: blog_list.php'); } die(); } ?> <!DOCTYPE HTML> <html lang="en" class="no-js"> <head> <meta charset="UTF-8"> <title>SITENAME</title> </head> <body> <div> <?php if (isset($_GET['pid']) === false || valid_pid($_GET['pid']) === false){ echo 'Invalid post ID.'; }else{ $post = get_post($_GET['pid']); ?> <h2><?php echo $post['title']; ?></h2> <h4>By <?php echo $post['user']; ?> on <?php echo $post['date']; ?> (<?php echo count($post['comments']); ?> comments)</h4> <hr /> <p><?php echo $post ['body']; ?></p> <hr /> <?php foreach ($post['comments'] as $comment){ ?> <h4>By <?php echo $comment['user']; ?> on <?php echo $comment['date']; ?></h4> <p><?php echo $comment['body']; ?></p> <hr /> <?php } ?> <form action="" method="post"> <p> <label for="user">Name</label> <input type="text" name="user" id="user" /> </p> <p> <textarea name="body" rows="20" cols="60"></textarea> </p> <p> <input type="submit" value="Add Comment" /> </p> </form> <?php } ?> </div> </body> </html>posts.php
<?php // checks if the given post id is in the table. function valid_pid($pid){ $pid = (int)$pid; $total = mysql_query("SELECT COUNT(`post_id`) FROM `posts` WHERE `post_id` = {$pid}"); $total = mysql_result($total, 0); if ($total != 1){ return false; }else{ return true; } } //fetches a summery of all the blog posts. function get_posts(){ $sql = "SELECT `posts`.`post_id` AS `id`, `posts`.`post_title` AS `title`, LEFT(`posts`.`post_body`, 512) AS `preview`, `posts`.`post_user` AS `user`, `posts`.`post_category` AS `category`, DATE_FORMAT(`posts`.`post_date`, '%d/%m/%Y %H:%i:%s') AS `date`, `comments`.`total_comments`, DATE_FORMAT(`comments`.`last_comment`, '%d/%m/%Y %H:%i:%s') AS `last_comment` FROM `posts` LEFT JOIN ( SELECT `post_id`, COUNT(`comment_id`) AS `total_comments`, MAX(`comment_date`) AS `last_comment` FROM `comments` GROUP BY `post_id` ) AS `comments` ON `posts`.`post_id` = `comments`.`post_id` ORDER BY `posts`.`post_date` DESC"; $posts = mysql_query($sql); $rows = array(); while (($row = mysql_fetch_assoc($posts)) !== false){ $rows[] = array( 'id' => $row['id'], 'title' => $row['title'], 'preview' => $row['preview'], 'user' => $row['user'], 'category' => $row['category'], 'date' => $row['date'], 'total_comments' => ($row['total_comments'] === null) ? 0 : $row['total_comments'], 'last_comment' => ($row['last_comment'] === null) ? 'never' : $row['last_comment'] ); } return $rows; } // fetches a single post from the table. function get_post($pid){ $pid = (int)$pid; $sql = "SELECT `post_title` AS `title`, `post_body` AS `body`, `post_user` AS `user`, `post_category` AS `category`, `post_date` AS `date` FROM `posts` WHERE `post_id` = {$pid}"; $post = mysql_query($sql); $post = mysql_fetch_assoc($post); $post['comments'] = get_comments($pid); return $post; } //adds a new blog entry. function add_post($name, $title, $category, $body){ $name = mysql_real_escape_string(htmlentities($name)); $title = mysql_real_escape_string(htmlentities($title)); $category = mysql_real_escape_string(htmlentities($category)); $body = mysql_real_escape_string(nl2br(htmlentities($body))); mysql_query("INSERT INTO `posts` (`post_user`, `post_category` `post_title`, `post_body`, `post_date`) VALUES ('{$name}', '{$title}', '{$category}', '{$body}', NOW())"); } ?>comments.php
<?php //fetches all of the comments for a given blog post. function get_comments($pid){ $pid = (int)$pid; $sql = "SELECT `comment_body` AS `body`, `comment_user` AS `user`, DATE_FORMAT(`comment_date`, '%d/%m/%Y %H:%i:%s') AS `date` FROM `comments` WHERE `post_id` = {$pid}"; $comments = mysql_query($sql); $return = array(); while (($row = mysql_fetch_assoc($comments)) !==false){ $return[] = $row; } return $return; } //adds a comment. function add_comment($pid, $user, $body){ if (valid_pid($pid) === false){ return false; } $pid = (int)$pid; $user = mysql_real_escape_string(htmlentities($user)); $body = mysql_real_escape_string(nl2br(htmlentities($body))); mysql_query("INSERT INTO `comments` (`post_id`, `comment_user`, `comment_body`, `comment_date`) VALUES ({$pid}, '{$user}', '{$body}', NOW())"); return true; } ?>