This tutorial in essence goes over implementing posting and inserting data into a database, along with data validation for the blog. This one also extends on Tutorial 10, 11, 12, so please check those out if you have not.
Here’s the plan:
- Make a page for posting
- Make a form
- Get the SQL for inserting
- Prepare and validate data
- Test page functionality
- Finalize and clean up
Part 1:
Make sure to click on Read More so that you may see Part 2 and the sources.
Part 2:
So, back to the plan, I created the page to post from, and named it “put.php” and modeled the HTML from blog.php. I then put a form for posting in the put.php. At this point, I now have the static page done. By static, I mean that the part of the page that isn’t supposed to change. So, at this point, I need to put in the dynamic part into the page.
Here’s put.php so you may refer to it.
1 <?php
2 include(“connect.php”);
3 if(isset($_POST['sub'])){
4 $title = stripslashes(trim($_POST['title']));
5 $content = stripslashes(trim($_POST['content']));
6 $title2 = $title;
7 $content2 = $content;
8 $error = false;
9 $reason = ”;
10 if(strlen($title) < 3){
11 $error = true;
12 $reason .= “Bad Title.\n”;
13 }
14 if(strlen($content) < 3){
15 $error = true;
16 $reason .= “Bad Post Content.\n”;
17 }
18 if(!$error){
19 $title = mysql_real_escape_string($title);
20 $content = mysql_real_escape_string($content);
21 $sql = “INSERT INTO `posts` (`ID`, `username`, `title`, `content`, `date`) VALUES
22 (NULL, ”.$_SESSION['userid'].“, ’$title‘, ’$content‘, ”.time().“)”;
23 mysql_query($sql);
24 if(mysql_errno()){
25 $reason .= mysql_error();
26 }else{
27 header(“location: blog.php”);
28 }
29 }else{
30
31 }
32
33 }
34
35 echo ‘<?xml version=”1.0″ encoding=”UTF-8″?>’;
36 ?>
37 <!DOCTYPE html PUBLIC ”-//W3C//DTD XHTML 1.0 Strict//EN” ”http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd”>
38 xmlns=“http://www.w3.org/1999/xhtml” xml:lang=“en” lang=“en”
39
40 Blog title
41 href=“main.css” type=“text/css” media=“screen” rel=“stylesheet”
42
43
44 class=“maincontent”
45 class=“top”
46 Blog title
47 class=“postform”
48 method=“POST” action=“?”
49 Title: type=“text” name=“title” id=“postformtitle” value=“<?php
50 if(isset($title2)){
51 echo htmlentities($title2);
52 }
53 ?>“
54 Main Content:
55 name=“content” id=“postformcontent” cols=“40″ rows=“4″<?php
56 if(isset($content2)){
57 echo htmlentities($content2);
58 }
59 ?>
60 type=“submit” value=“Send!”
61 type=“hidden” name=“sub” value=“1″
62
63 class=“errors”
64 <?php
65 if(isset($reason)){
66 echo $reason;
67 }
68 ?>
69
70
71 <!– end of maincontent –>
72
73
As you see, I am using the isset((some form variable here)) thing to see if any data is being submitted. Within the code block (lines 4-32), I prepare the data by using both trim and stripslashes to clean up the content. The most important part is the strip slashes. For if I do not use it, a statement like
Hello “My Dear”
Will end up in the variable as
Hello \”My Dear\”
Obviously, a dirty escape is not what we want to show the user. Handling data like this can be very infuriating if you do not initially handle issues like this.
Furthermore, I duplicate the title and content variables so that the now-unescaped content could be fed back into the form if an error occurred. Then I do further data validation. In my case, I don’t want a post without any content, or a title. Therefore, preventative action is used so I will not end up with an undesired result.
Next, if all my tests are good, then I try to post the content using SQL INSERT. I grabbed the SQL to base it on from a table export, which uses similar syntax, I just needed to modify the example to fit my needs for new dynamic content.
However, when an error has occurred, I need to feed the data back in so the user doesn’t have to type everything back in. Ever had that happen? If you have had that happen because of something like “Oh noes, your session is over!”, I bet you found it really disheartening. Well, don’t make it happen to your users because a database problem happened, or they made a mistake on their side by forgetting a title. Make your systems forgiving!
So, this is why I had those duplicate variables. I can safely put these back into the page by using htmlentities to convert all special characters to their HTML form, as to act as text, and not literal text. Literal text can have other effects, like putting in <a href=”http://evilwebsite.com/with/viruses”>Friendly cute puppies</a> into the post, if it did not have htmlentities, it would allow problematic issues to arise.
Other than that, all I did to any other file, was add a link in blog.php
59 href=“put.php”Post
So, anyway, You may download the Zip Archive that contains the sources so that you may experiment with them.
The Next tutorial will be going over editing, and the next will most likely be going over changing to a visual editor for the post.
August 2nd, 2010 at 4:10 am
Fresh post and forward-looking ideas! I like them much because they are really useful.
August 16th, 2010 at 8:58 pm
[...] If you wish to get the sources before all the modification was done on this tutorial, please go to PHP MySQL Tutorial 13: Posing on a blog and download the sources as provided at the bottom, so that you may be able to code with me step by [...]