Page 1 of 1

Blog (Including Commenting) With Extra Posts Column

Posted: Sun May 25, 2014 8:59 pm
by whomreally
Hi, I'm pretty much a newbie to php and have followed the Blog (Including Commenting) tutorial on Youtube. I got it working with the files in http://betterphp.co.uk/board/viewtopic. ... 054&p=8298, yet I don't understand what the user did to get rid of the "Invalid post ID." error when accessing the blog_read.php directly. However, my main problem is I would like to add a dropmenu selection where the user can select a category so that I can then have pages based on those categories. There are no errors when I append error_reporting(E_ALL); ini_set('display_errors', 1); to connect.php. When I attempt to submit with the category choice there is no added row in the database and it is not apparent in blog_list.php. Tell me what I am missing. Thanks.

blog_list.php
<?php

include('connect.php');

?>
<!DOCTYPE HTML>

<html lang="en" class="no-js">
	<head>
		<meta charset="UTF-8">
		
		<title>SITENAME</title>
	
	</head>
    <body>
        <div>
            <?php
            
			$posts = get_posts();
			
			foreach ($posts as $post){
				?>
                <h2><a href="blog_read.php?pid=<?php echo $post['id']; ?>"><?php echo $post ['title']; ?></a></h2>
                <h4>By <?php echo $post['user']; ?> on <?php echo $post['date']; ?></h4>
                <h4>(<?php echo $post['total_comments']; ?> comments, last comment <?php echo $post['last_comment']; ?>)</h4>
                
                <hr />
                
                <p><?php echo $post['preview']; ?></p>
                <?php
				
			}
            ?>

        </div>
    </body>
</html>
blog_post.php
<?php

include('connect.php');

if (isset($_POST['user'], $_POST['category'], $_POST['title'], $_POST['body'])){
	add_post($_POST['user'], $_POST['category'], $_POST['title'], $_POST['body']);
	header('Location: blog_list.php');
	die();
}
?>

<!DOCTYPE HTML>

<html lang="en" class="no-js">
	<head>
		<meta charset="UTF-8">
		
		<title>SITENAME</title>
	
	</head>
    <body> 
        <form action="" method="post">
            <p>
                <label for="user">Name</label>
                <input type="text" name="user" id="user" />
            </p>
            <p>
                <label for="title">Title</label>
                <input type="text" name="title" id="title" />
            </p>
			<p>
			<label for="category">Category</label>
			<select name="category" id="category">
			<option value="Option1">Option1</option>
			<option value="Option2">Option2</option>
			<option value="Option3">Option3</option>
			</select>
            </p>
            <p>
                <textarea name="body" rows="20" cols="60"></textarea>
            </p>
            <p>
                <input type="submit" value="Add Post" />
            </p>     	 
        </form>
    </body>
</html>
blog_read.php
<?php

include('connect.php');

if (isset($_GET['pid'], $_POST['user'], $_POST['category'], $_POST['body'])){
	if (add_comment($_GET['pid'], $_POST['user'], $_POST['category'], $_POST['body'])){
		header("Location: blog_read.php?pid={$_GET['pid']}");
	}else{
		header('Location: blog_list.php');
	}
	
	die();
}
?>
<!DOCTYPE HTML>

<html lang="en" class="no-js">
	<head>
		<meta charset="UTF-8">
		
		<title>SITENAME</title>
	
	</head>
    <body>
        <div>
            <?php
            
			if (isset($_GET['pid']) === false || valid_pid($_GET['pid']) === false){
				echo 'Invalid post ID.';
			}else{
				$post = get_post($_GET['pid']);
				
				?>
				<h2><?php echo $post['title']; ?></h2>
                <h4>By <?php echo $post['user']; ?> on <?php echo $post['date']; ?> (<?php echo count($post['comments']); ?> comments)</h4>
                
                <hr />
                
                <p><?php echo $post ['body']; ?></p>
                <hr />
                <?php
				
				foreach ($post['comments'] as $comment){
					?>
                    <h4>By <?php echo $comment['user']; ?> on <?php echo $comment['date']; ?></h4>
                    <p><?php echo $comment['body']; ?></p>
                    <hr />
					<?php
				}
				
				?>
            
				<form action="" method="post">
					<p>
						<label for="user">Name</label>
						<input type="text" name="user" id="user" />
					</p>
					<p>
						<textarea name="body" rows="20" cols="60"></textarea>
					</p>
					<p>
						<input type="submit" value="Add Comment" />
					</p>     	 
				</form>
                <?php
			}
			
			?>
        </div>
    </body>
</html>
posts.php
<?php

// checks if the given post id is in the table.
function valid_pid($pid){
	$pid = (int)$pid;
	
	$total = mysql_query("SELECT COUNT(`post_id`) FROM `posts` WHERE `post_id` = {$pid}");
	$total = mysql_result($total, 0);
	
	if ($total != 1){
		return false;
	}else{
		return true;
	}
}
		
//fetches a summery of all the blog posts.
function get_posts(){
	$sql = "SELECT
				`posts`.`post_id` AS `id`,
				`posts`.`post_title` AS `title`,
				LEFT(`posts`.`post_body`, 512) AS `preview`,
				`posts`.`post_user` AS `user`,
				`posts`.`post_category` AS `category`,
				DATE_FORMAT(`posts`.`post_date`, '%d/%m/%Y %H:%i:%s') AS `date`,
				`comments`.`total_comments`,
				DATE_FORMAT(`comments`.`last_comment`, '%d/%m/%Y %H:%i:%s') AS `last_comment`
			FROM `posts`
			LEFT JOIN (
				SELECT
					`post_id`,
					COUNT(`comment_id`) AS `total_comments`,
					MAX(`comment_date`) AS `last_comment`
				FROM `comments`
				GROUP BY `post_id`
			) AS `comments`
			ON `posts`.`post_id` = `comments`.`post_id`
			ORDER BY `posts`.`post_date` DESC";
	
	$posts = mysql_query($sql);
	
	$rows = array();
	while (($row = mysql_fetch_assoc($posts)) !== false){
		$rows[] = array(
			'id'				=> $row['id'],
			'title'				=> $row['title'],
			'preview'			=> $row['preview'],
			'user'				=> $row['user'],
			'category'			=> $row['category'],
			'date'				=> $row['date'],
			'total_comments'	=> ($row['total_comments'] === null) ? 0 : $row['total_comments'],
			'last_comment'		=> ($row['last_comment'] === null) ? 'never' : $row['last_comment']
		);
	}
	
	return $rows;
	
}

// fetches a single post from the table.
function get_post($pid){
	$pid = (int)$pid;
	
	$sql = "SELECT
				`post_title` AS `title`,
				`post_body` AS `body`,
				`post_user` AS `user`,
				`post_category` AS `category`,
				`post_date` AS `date`
			FROM `posts`
			WHERE `post_id` = {$pid}";
			
	$post = mysql_query($sql);
	$post = mysql_fetch_assoc($post);
	
	$post['comments'] = get_comments($pid);
	
	return $post;
}

//adds a new blog entry.
function add_post($name, $title, $category, $body){
	$name = mysql_real_escape_string(htmlentities($name));
	$title = mysql_real_escape_string(htmlentities($title));
	$category = mysql_real_escape_string(htmlentities($category));
	$body = mysql_real_escape_string(nl2br(htmlentities($body)));
	
	mysql_query("INSERT INTO `posts` (`post_user`, `post_category` `post_title`, `post_body`, `post_date`) VALUES ('{$name}', '{$title}', '{$category}', '{$body}', NOW())");
}
	
?>
comments.php
<?php

//fetches all of the comments for a given blog post.
function get_comments($pid){
	$pid = (int)$pid;
	
	$sql = "SELECT
				`comment_body` AS `body`,
				`comment_user` AS `user`,
				DATE_FORMAT(`comment_date`, '%d/%m/%Y %H:%i:%s') AS `date`
			FROM `comments`
			WHERE `post_id` = {$pid}";
			
	$comments = mysql_query($sql);
	
	$return = array();
	while (($row = mysql_fetch_assoc($comments)) !==false){
		$return[] = $row;
	}
	
	return $return;
}

//adds a comment.
function add_comment($pid, $user, $body){
	if (valid_pid($pid) === false){
		return false;
	}
	
	$pid 	= (int)$pid;
	$user	= mysql_real_escape_string(htmlentities($user));
	$body	= mysql_real_escape_string(nl2br(htmlentities($body)));
	
	mysql_query("INSERT INTO `comments` (`post_id`, `comment_user`, `comment_body`, `comment_date`) VALUES ({$pid}, '{$user}', '{$body}', NOW())");
	
	return true;
}

?>