The SQL for our guestbook is remarkably simple, as it only requires one table. Here is the code to use:

CREATE TABLE guestbook (ID INT NOT NULL AUTO_INCREMENT PRIMARY KEY, GuestName CHAR(255), GuestEmail CHAR(255), GuestMessage TEXT, DateSubmitted INT);

The first draft of our PHP code is also fairly simple, as we're going to trust users to be good. Here is the code for post.php:

    if (isset($_POST['GuestName'])) {
        $db = mysqli_connect("localhost", "phpuser", "alm65z", "phpdb");

        $GuestName = mysqli_real_escape_string($db, $_POST['GuestName']);
        $GuestEmail = mysqli_real_escape_string($db, $_POST['GuestEmail']);
        $GuestMessage = mysqli_real_escape_string($db, $_POST['GuestMessage']);
        $CurrentTime = time();
        $result = mysqli_query($db, "INSERT INTO guestbook (GuestName, GuestEmail, GuestMessage, DateSubmitted) VALUES ('$GuestName', '$GuestEmail', '$GuestMessage', $CurrentTime);");
        if ($result) {
            echo "Thanks for posting - click <a href=\"read.php\">here</a> to view the guestbook with your message added!";
        } else {
            echo "There was an error adding your guestbook entry - please try again, filling in all fields.";
<form method="post" action="post.php">
Name: <input type="text" name="GuestName" /><br />
Email: <input type="text" name="GuestEmail" /><br /><br />
Message:<br /><textarea rows="10" cols="40" name="GuestMessage" /></textarea><br /><br />
<input type="submit" value="Post" />

As usual, the majority of that code should be self-explanatory by this point - we print a form out, and, if it has been submitted, we send the data to our database and output either a thank you message or an error message. Note the three mysqli_real_escape_string() lines - these are required to make sure your database queries are safe. Here is the accompanying code for read.php:

    $db = mysqli_connect("localhost", "phpuser", "alm65z", "phpdb");
    $result = mysqli_query($db, "SELECT GuestName, GuestEmail, GuestMessage, DateSubmitted FROM guestbook ORDER BY DateSubmitted DESC;");
    if (mysqli_num_rows($result)) {
        while ($row = mysqli_fetch_assoc($result)) {
            extract($row, EXTR_PREFIX_ALL, 'gb');
            $gb_DateSubmitted = date("jS of F Y", $gb_DateSubmitted);
            echo "<strong>Posted by <a href=\"mailto:$gb_GuestEmail\">$gb_GuestName</a> on $gb_DateSubmitted</strong><br />";
            echo "$gb_GuestMessage<br /><br />";
    } else {
        echo "<em>This guestbook has no messages!</em><br /><br />";
<a href="post.php">Add a message to this guestbook</a>

There should be no surprises there - refer back to the Functions chapter if you are hazy on the parameters for date(). Give that guestbook a try - see what problems you spot.


Want to learn PHP 7?

Hacking with PHP has been fully updated for PHP 7, and is now available as a downloadable PDF. Get over 1200 pages of hands-on PHP learning today!

If this was helpful, please take a moment to tell others about Hacking with PHP by tweeting about it!

Next chapter: Problems in paradise: Guestbook v2 >>

Previous chapter: Analysis

Jump to:


Home: Table of Contents

Copyright ©2015 Paul Hudson. Follow me: @twostraws.