The CMS (#7) PHP

Base · #1 (**permalink**) 04-04-2007, 03:04 AM

Ok!

I apologise to my readers for not posting a tutorial in a few days, been crazy busy with work and stuff.

However!

Today we are going to do the guestbook!

One thing first tho;

I am going to tell you now, the order in which i will add parts to this tutorial, just so you know.

Guestbook
Shoutbox
Templates
User system (This is a possiblity it depends how much people like this tutorial)
PHPBB Integration (Again a possibility, depeing on popularity)

TO THE GUESTBOOK!

As allways in these tutorials first we need to create a table to store the guestbook comments.

And as allways i will include 2 ways of doing this.

Either use this code in whichever method of installing that your using that insent our PHP installer.

Code:

CREATE TABLE guestbook(
`id` int(11) NOT NULL auto_increment,  
`name` varchar(100) default NULL,      
`text` text,                           
`insertdate` datetime default NULL,    
PRIMARY KEY  (`id`)                    
           )

Or use this method if your using our PHP installer

(Insert this code perferably at the bottom of your installer)

PHP Code:


			
mysql_query("CREATE TABLE guestbook(

`id` int(11) NOT NULL auto_increment,  

`name` varchar(100) default NULL,      

`text` text,                           

`insertdate` datetime default NULL,    

PRIMARY KEY  (`id`)                    

           )")

 or die(mysql_error());  



    echo "Guestbook users table created!";

    echo "<br><br>";

Oh god, here comes the code!

PHP Code:


			
<?php



// Include connection file.

include("../../includes/connect.php");

// So lets show the users the latest guestbook comments.





$query = "SELECT * FROM guestbook ORDER BY id DESC";

$result = mysql_query($query);



// Now we need a table to build it around.

    

echo '<table width="550" border="1" cellspacing="0" cellpadding="0">';



// That should to nicely. Now lets build an array with our result in

    while ($row = mysql_fetch_array($result)) {

// Great now lets echo our table with our rows in!

echo 

     "<tr>

        <td> ".nl2br($row['name'])."</td>

      </tr>

     ";

echo "

      <tr>

        <td>".nl2br($row['comment'])."</td>

      </tr>

     ";



     

                                               }

// Now lets echo the end of the table

echo "</table>";



// Put a few line breaks in





// Check if they have posted

if($_POST['submit']) {

// If they have then do this code:



// Gather the variables, so we can dump it into the database

$name = $_POST['name'];

$comment = $_POST['comment'];



// Run it through special charicters to take out <'s and things.

$name = htmlspecialchars($name);

$comment = htmlspecialchars($comment);



// Now that we have "secured" it, then we need to drop it.



$query = "INSERT INTO guestbook (ID, name, text, insertdate) VALUES ('', '$name', '$comment', '')";



// Now we have put our query into a variable, process it.



mysql_query($query) or die(mysql_error());

echo "<center><strong><h1>Guestbook comment added!</h1></strong></center>";

} else {

?>



  <h1>Add comment</h1>

  <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="gbook">

    <table>

      <tr><th>Name:</th><td><input name="name" /></td></tr>

      <tr><th>Comment:</th>

          <td><textarea name="comment" cols=30 rows=5></textarea></td>

      </tr>

      <tr><td colspan="2" align="center">

          <input name="submit" type="submit" id="submit" value="Add comment"/></td>

      </tr>

    </table>  

  </form>   

<?php } ?>

Whooosssaaaa thats allot :P

71 lines of pure sexyness.

So as allways line by line:

include("../../includes/connect.php"); - So because this is in the directory:

http://www.yoursite.com/admin/guestbook

and our connect is in:

http://www.yoursite.com/includes

Then we need this:

../ = Backwards a directory

so back 2 directorys to our root directory

then forward into includes directory and then to connect.php!

Now if you have followed each post of my tutorials you will be fully used to this.

$query = "SELECT * FROM guestbook ORDER BY id DESC";
$result = mysql_query($query);

Just selecting all of the information from the guestbook and ordering it by the latest posted.

Next line is a table

Now here is somthing worth mentioning:

".nl2br($row['name'])."

This is so if you have a specific function inside an echo statement, you can't just do this:

<td> nl2br($row['name'])</td>

Because otherwise for each entry into the guestbook, it will say

nl2br($row['name']) rather than whats in the database.

So we put a speachmark and then a dot to tell the server we are going to use a pre made PHP function.

if($_POST['submit']) { - Another one you will recognise if you have been reading my tutorials.

Just saying, do the following code if the form has been submitted.

$name = htmlspecialchars($name);
$comment = htmlspecialchars($comment);

Taking out such things as <br> and replacing them with <br>

Mainly to stop people attempting to hack into it, although this protection is minimal, so i would watch out for it.

$query = "INSERT INTO guestbook (ID, name, text, insertdate) VALUES ('', '$name', '$comment', '')";

Another one you should beused too, insert into the table guestbook into the filelds called ID, name text and insertdate the values:

Nothing, $name, $comment and nothing.

} else { - So if someone hasent posted then do the HTML code.

<?php } ?>

Ending the IF-Else statement.

And there ends the user end of the guestbook.

Now onto the admin end!

http://www.yourwebsite.com/admin/edit-guestbook.php

Is where this should be..

PHP Code:


			
<?php

session_start();

if($login_username=="") {

Header("Location: login.php");

} else {



include("../includes/connect.php");



// including the connect file for the database.



// If the user has posted to edit then:

if($_POST['edit']) {



// Get variables.

$id = $_POST['id'];

$name = $_POST['title'];

$comment = $_POST['author'];





// Run the re-edited stuff through HTML charicters

$name = htmlspecialchars($name);

$comment = htmlspecialchars($comment);



// Put our query into a variable.



$query = "UPDATE guestbook SET name = '$name', text = '$comment' WHERE ID = '$id'";



$result = mysql_query($query) or die(mysql_error());

echo "<center><strong>Guestbook post modified.</strong></center>";

// Otherwise

} else {



$query = "SELECT * FROM guestbook ORDER BY ID DESC";



$result = mysql_query($query) or die(mysql_error());

while ($row = mysql_fetch_array($result)) {

extract($row);

?>



<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">

<table align="center">

<tr>

  <td align="right">Name:</td>

  <td><input type="text" name="title" value="<?php echo "$name"; ?>" maxlength="250" /></td></tr>

<tr>

  <td align="right">Comment:</td><td><textarea name="content" cols="50" rows="10"><?php echo "$text"; ?></textarea></td></tr>



<tr><td> </td><td><input type="hidden" name="id" value="<?php echo "$ID"; ?>" /><input type="submit" name="edit" value="Modify" /><input type="reset" name="reset" value="Reset" />

    <input name="del" type="submit" id="del" value="Delete" /></td></tr>

</table>

</form>



<?php

}



if($_POST['del']) {

$query = "DELETE FROM guestbook WHERE ID = '$id'";

//Execute the query.

$result = mysql_query($query) or die(mysql_error());

echo "The post has been deleted";

header("Refresh: 2; edit-guestbook.php");

}

}

?>

Another huge ammount of code /

First 11 lines are just checking the user is logged in, and including our connect file.

if($_POST['edit']) { - Do this code only if someone has posted with the value of edit.

Again usual stuff, explained in the above tutorial.

$query = "UPDATE guestbook SET name = '$name', text = '$comment' WHERE ID = '$id'"; - Updating the guestbook with the new post.

$result = mysql_query($query) or die(mysql_error());
echo "<center><strong>Guestbook post modified.</strong></center>";

Running the query, and telling them it has been modified.

So if they havent posted for modify then:

} else {

run the HTML code for the guestbook viewing.

if($_POST['del']) { - If someone has pressed the delete then do the following action.

$query = "DELETE FROM guestbook WHERE ID = '$id'";
Delete all from the table guestbook with the id of $id

//Execute the query.
$result = mysql_query($query) or die(mysql_error());

Run the query through the database.

echo "The post has been deleted";

Tell them its been deleted

header("Refresh: 2; edit-guestbook.php");

PHP refresh page, after 2 seconds: edit-guestbook.php

}
}

End the if del post

End the security if post.

End of the tutorial!

Well thats our guestbook, neat we can get it into 2 files isent it :P

Cheers lads, and hope you enjoyed!

Base

Willyke · #2 (**permalink**) 04-04-2007, 07:33 AM

Nice written, good job! Just one little thing:

Quote:

Originally Posted by Base

Ok!
Now here is somthing worth mentioning:

".nl2br($row['name'])."

This is so if you have a specific function inside an echo statement, you can't just do this:

<td> nl2br($row['name'])</td>

Because otherwise for each entry into the guestbook, it will say

nl2br($row['name']) rather than whats in the database.

You can use echo "<td>nl2br($row['name'])</td>"; because you are using double quotes ("..."), if you would single-quotes ('...') then you should do it like echo '<td>'.nl2br($row['name']).'</td>';