Need to design a 'post comment page'

[imajinn1]

I started to work on a site and now the customer wants a post comments page.

I can get my way around with simple PHP (like form to email) but not with the database setup.
Does anyone know any 3rd party sofwares, links or leads i can use to design this page?

Any kind of help is appreciated.
Thanks

 

[as4s1n]

Writing it yourself is pretty simple.

Just make a page with the form that the user will write what they want for their comment:

<form action="postReview.php" method="post">
<textarea cols="20" rows="5" name="comment"></textarea><br />
<input type="text" name="poster" size="12" /><br />
<input type="submit" value="Post comment." />
</form>

And make a page to add it to the database:

<?php
# Define values host,dbname,username and password as $s before the try{} statement

   try {
     $dbh = new PDO("mysql:host=$host;dbname=$dbname", $username,$password);
     $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
   } catch (PDOException $e) {
     print ("Could not connect to server.\n");
   }

# Comments page

# Get the info and organize it in an array
$info = array(
"com"=>$_POST['comment'],
"name"=>$_POST['poster']);
# Create an array in case of errors
$errors = array();

# Check each entry
if(empty($info['com']))
      $errors[]="Invalid comment.";
if(empty($info['name']))
      $errors[]="Invalid username.";

# If there were errors tell them what went wrong and post a link to go back to the form page
if($errors) {
      echo "There were errors with your post: ";
      echo "<ul><li>";
      echo implode("</li><li>",$errors);
      echo "</li></ul>";
      echo "<a href='formPage'>Go back</a>";
      exit;
}

# SQL query that will insert data into database
$sth = $dbh->prepare("INSERT INTO comments(id,comment,poster,date) VALUES(0,?,?,now())");

$sth->execute(array($info['com'],$info['name']));

echo "Comment posted.";
?>

And in your database (assuming you use the PHPMyAdmin) create the table and each column value (or just import this code (save as .sql file and click the Import tab))

CREATE TABLE comments(id int(255) PRIMARY KEY auto_increment, comment text, poster varchar(30), date varchar(100))

And there you have it. Place the HTML on whichever page the customer wants it, and create a page (which I called 'postReview.php') for the PHP->mysql. But import the sql in first or the whole thing will not work.

Hope this helps.

 

[imajinn1]

Yes it does help. It is already something i can test on my site

Im gonna play around with what you sent me and make it work.
i will give you a feedback on this.

thank you very much

 

[misson]

<?php
# Define values host,dbname,username and password as $s before the try{} statement

   try {
     $dbh = new PDO("mysql:host=$host;dbname=$dbname", $username,$password);

Sensitive information such as user credentials shouldn't be scattered across multiple scripts; they should be isolated in a single script.

     $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
   } catch (PDOException $e) {
     print ("Could not connect to server.\n");
   }

# Comments page

# Get the info and organize it in an array
$info = array(
"com"=>$_POST['comment'],
"name"=>$_POST['name']);
[...]
# SQL query that will insert data into database
$sth = $dbh->prepare("INSERT INTO comments(id,comment,poster,date) VALUES(0,?,?,now())");

$sth->execute(array($info['com'],$info['name']));

There's an unnecessary array here. You can either use:

$info = array(
    ":com"=>$_POST['comment'],
    ":name"=>$_POST['name']
);
[...]
$sth = $dbh->prepare("INSERT INTO comments(id,comment,poster,date) VALUES(0,:com,:name,now())");
$sth->execute($info);

or:

$sth = $dbh->prepare("INSERT INTO comments(id,comment,poster,date) VALUES(0,?,?,now())");
$sth->execute(array($_POST['comment'], $_POST['name']));

Lastly, don't forget to wrap a try {...} catch (PDOException $e) {...} around all the calls to PDO methods.

 

[imajinn1]

thank to both of u for the reply.

I am getting confused with the second set of scripts but i will get my way around in the coming days

 

[as4s1n]

If you didn't understand something, I highlighted all of misson's corrections.

Sorry, those were a few imperfections, while not critical, it makes it easier to read and manage. First, although it was implied, you should put the database connection handler ($dbh) on the index or on a separate page that you reference via PHP::include() on the index page.

Second, in the STH variable, I included the values of the array which you do not need to do.

E.G.

$sth = $dbh->prepare("INSERT INTO comments(id,comment,poster,date) VALUES(0,?,?,now())"); 

$sth->execute([COLOR="red"]array($info['com'],$info['name']));  [/COLOR]

When it should have been what misson wrote:

$sth = $dbh->prepare("INSERT INTO comments(id,comment,poster,date) VALUES(0,[COLOR=red]name,com[/COLOR],now())"); 
$sth->execute([COLOR=red]$info[/COLOR]);

You do that because the value in the params for execute() needs to be an array and if the value is then you can reference each entry in the array by its key (I.E. 'name'=>$_POST['name']) and you can just call the value by its key inside the prepare (I.E. ...VALUES(0,name,com,0);

Thirdly, the try/catch should have been around all the connections.

[COLOR=red]try{[/COLOR]
$sth = $dbh->prepare("INSERT INTO...");
[COLOR=red]} catch(PDOException $e) {[/COLOR]
echo "Errors: ".[COLOR=red]$e->getMessage();[/COLOR]

 

[sikuneh]

Wouldn't you only have to wrap a try/catch statement around the PDO::EXECUTE()? Because nothing does anything (assuming its a PREPARE) until the execute() is called.

 

[misson]

@sikuneh: PDO creation and PDO:repare can also generate exceptions.