22.2.2 DevelopmentThis is NOT the latest copy of this book; click here for the latest version.
The SQL for our guestbook is remarkably simple, as it only requires one table. Here is the code to use:
CREATE TABLE guestbook (ID INT NOT NULL AUTO_INCREMENT PRIMARY KEY, GuestName CHAR(255), GuestEmail CHAR(255), GuestMessage TEXT, DateSubmitted INT);
The first draft of our PHP code is also fairly simple, as we're going to trust users to be good. Here is the code for post.php:
<?php
if (isset($_POST['GuestName'])) {
mysql_connect("localhost", "phpuser", "alm65z");
mysql_select_db("phpdb");
$GuestName = addslashes($_POST['GuestName']);
$GuestEmail = addslashes($_POST['GuestEmail']);
$GuestMessage = addslashes($_POST['GuestMessage']);
$CurrentTime = time();
$result = mysql_query("INSERT INTO guestbook (GuestName, GuestEmail, GuestMessage, DateSubmitted) VALUES ('$GuestName', '$GuestEmail', '$GuestMessage', $CurrentTime);");
if ($result) {
echo "Thanks for posting - click <A HREF=\"read.php\">here</A> to view the guestbook with your message added!";
exit;
} else {
echo "There was an error adding your guestbook entry - please try again, filling in all fields.";
}
}
?>
<FORM METHOD="POST" ACTION="post.php">
Name: <INPUT TYPE="TEXT" NAME="GuestName" /><BR />
Email: <INPUT TYPE="TEXT" NAME="GuestEmail" /><BR /><BR />
Message:<BR /><TEXTAREA ROWS="10" COLS="40" NAME="GuestMessage" /></TEXTAREA><BR /><BR />
<INPUT TYPE="SUBMIT" VALUE="Post" />
</FORM>
As usual, the majority of that code should be self-explanatory by this point - we print a form out, and, if it has been submitted, we send the data to our database and output either a thank you message or an error message. Note the three addslashes() lines - these are required if you do not have the magic_quotes_gpc setting enabled in your php.ini file. Generally speaking it is best that you have this setting turned off, as very often you will want to perform processing on the input before escaping slashes have been added. Here is the accompanying code for read.php:
<?php
mysql_connect("localhost", "phpuser", "alm65z");
mysql_select_db("phpdb");
$result = mysql_query("SELECT GuestName, GuestEmail, GuestMessage, DateSubmitted FROM guestbook ORDER BY DateSubmitted DESC;");
if (mysql_num_rows($result)) {
while ($row = mysql_fetch_assoc($result)) {
extract($row, EXTR_PREFIX_ALL, 'gb');
$gb_DateSubmitted = date("jS of F Y", $gb_DateSubmitted);
echo "<B>Posted by <A HREF=\"mailto:$gb_GuestEmail\">$gb_GuestName</A> on $gb_DateSubmitted</B><BR />";
echo "$gb_GuestMessage<BR /><BR />";
}
} else {
echo "<EM>This guestbook has no messages!</EM><BR /><BR />";
}
?>
<A HREF="post.php">Add a message to this guestbook</A>
There should be no surprises there - refer back to the Functions chapter if you are hazy on the parameters for date(). Give that guestbook a try - see what problems you spot.
|
Want to see this stuff in print? PHP in a Nutshell takes the core topics covered here, adds in thousands of edits from the editorial team and myself, and combines them to make an unbeatable reference for PHP programmers at all levels.
My latest book has hundreds more tips on how to use PHP, Apache, and MySQL, plus Perl, Python, shell scripts, performance tuning, and more!
|
