Creating A GuestBook
Part 2: Posting and storing the entries
Now that we have our table ready we can make a simple form to add the entries into the guestbook.
Often you'll find it easier to have a seperate page for your form that people fill out and for the code needed to add the data into your table, but i'll give an example of doing everything in one page because it's easier to explain that way.
Connecting
The first thing we need to do is check the form has been posted and connect to our database:
<?php
if($_POST['submit'])
{
$db = mysql_connect('localhost','db_user','db_pass')
or die(mysql_errno().' : '.mysql_error());
mysql_select_db('db_name')
or die(mysql_errno().' : '.mysql_error());
Obviously you need to replace the database values (host, user, password and database name) with your own. The if($_POST['submit']) line means that the script will only connect once somebody submits the form, as there's no need to connect to the database everytime the page loads.
Now we can form the query that will add the information into our table.
$sql[addpost] = mysql_query("INSERT INTO guestbook (name, email, message, date)
VALUES ('$_POST[name]','$_POST[email]','$_POST[message]',time())");
mysql_close($db);
echo "Thanks ".$_POST['name']." your message has been added\n";
}
When we put it all together it should look something like this:
<?php
if($_POST['submit'])
{
$db = mysql_connect('localhost','db_user','db_pass')
or die(mysql_errno().' : '.mysql_error());
mysql_select_db('db_name')
or die(mysql_errno().' : '.mysql_error());
$sql[addpost] = mysql_query("INSERT INTO guestbook (name, email, message, date)
VALUES ('$_POST[name]','$_POST[email]','$_POST[message]',time())");
mysql_close($db);
echo "Thanks ".$_POST['name']." your message has been added\n";
}
?>
The time() function given for the date field returns a UNIX timestamp of the current time and date, later we'll convert this into a readable date format.
The Form
Now all that's really left is to create the form for the user to fill in.
I'm hoping that if you're reading about creating and submitting infomation to a database that you at least know how to create a basic form, so i wont explain this much.
<form method="post" action="./"> <table cellpadding="6" cellspacing="0"> <tr> <td>Name :</td> <td><input type="text" name="name" /></td> </tr> <tr> <td>Email :</td> <td><input type="text" name="email" /></td> </tr> <tr> <td valign="top">Message :</td> <td><textarea name="message" cols="30" rows="6"></textarea></td> </tr> <tr> <td> </td> <td> <input type="submit" name="submit" value="Add Message" /> <input type="reset" name="reset" value="Clear Message" /> </td> </tr> </table> </form>
We just have three inputs for our fields name, email and message.
That's all, aslong as you followed everything correctly when you submit the form, the details will be added to the database.
Now this is far from perfect, you would really want to firstly check that all the fields are completed before the form is submitted, otherwise you'll get people posting blank messages, check the query is successful before telling the user their message was posted and probally limit the amount of characters allowed in the name and message.
It would also be a good idea to strip out the slashes from peoples messages to stop them spamming your guestbook with urls or trying to post HTML code and Javascript but this is intended to cover only the very basics so that'll require some thought and research from you to put in place.
A starting point would be the error checking in forms tutorial, but for now the only other thing i'll explain is how to display the entries.