The SQL for our guestbook is remarkably simple, as it only requires one table. Here is the code to use:
CREATE TABLE guestbook (ID INT NOT NULL AUTO_INCREMENT PRIMARY KEY, GuestName CHAR(255), GuestEmail CHAR(255), GuestMessage TEXT, DateSubmitted INT);
The first draft of our PHP code is also fairly simple, as we're going to trust users to be good. Here is the code for post.php:
<?php
if (isset($_POST['GuestName'])) {
$db = mysqli_connect("localhost", "phpuser", "alm65z", "phpdb");
$GuestName = mysqli_real_escape_string($db, $_POST['GuestName']);
$GuestEmail = mysqli_real_escape_string($db, $_POST['GuestEmail']);
$GuestMessage = mysqli_real_escape_string($db, $_POST['GuestMessage']);
$CurrentTime = time();
$result = mysqli_query($db, "INSERT INTO guestbook (GuestName, GuestEmail, GuestMessage, DateSubmitted) VALUES ('$GuestName', '$GuestEmail', '$GuestMessage', $CurrentTime);");
if ($result) {
echo "Thanks for posting - click <a href=\"read.php\">here</a> to view the guestbook with your message added!";
exit;
} else {
echo "There was an error adding your guestbook entry - please try again, filling in all fields.";
}
}
?>
<form method="post" action="post.php">
Name: <input type="text" name="GuestName" /><br />
Email: <input type="text" name="GuestEmail" /><br /><br />
Message:<br /><textarea rows="10" cols="40" name="GuestMessage" /></textarea><br /><br />
<input type="submit" value="Post" />
</form>
As usual, the majority of that code should be self-explanatory by this point - we print a form out, and, if it has been submitted, we send the data to our database and output either a thank you message or an error message. Note the three mysqli_real_escape_string() lines - these are required to make sure your database queries are safe. Here is the accompanying code for read.php:
<?php
$db = mysqli_connect("localhost", "phpuser", "alm65z", "phpdb");
$result = mysqli_query($db, "SELECT GuestName, GuestEmail, GuestMessage, DateSubmitted FROM guestbook ORDER BY DateSubmitted DESC;");
if (mysqli_num_rows($result)) {
while ($row = mysqli_fetch_assoc($result)) {
extract($row, EXTR_PREFIX_ALL, 'gb');
$gb_DateSubmitted = date("jS of F Y", $gb_DateSubmitted);
echo "<strong>Posted by <a href=\"mailto:$gb_GuestEmail\">$gb_GuestName</a> on $gb_DateSubmitted</strong><br />";
echo "$gb_GuestMessage<br /><br />";
}
} else {
echo "<em>This guestbook has no messages!</em><br /><br />";
}
?>
<a href="post.php">Add a message to this guestbook</a>
There should be no surprises there - refer back to the Functions chapter if you are hazy on the parameters for date(). Give that guestbook a try - see what problems you spot.
Want to learn PHP 7?
Hacking with PHP has been fully updated for PHP 7, and is now available as a downloadable PDF. Get over 1200 pages of hands-on PHP learning today!
If this was helpful, please take a moment to tell others about Hacking with PHP by tweeting about it!
Next chapter: Problems in paradise: Guestbook v2 >>
Previous chapter: Analysis
Jump to:
Home: Table of Contents
Copyright ©2015 Paul Hudson. Follow me: @twostraws.